From 49ac5c8797d64dc0016a4a8f83dea5ecaca13dff Mon Sep 17 00:00:00 2001
From: stremovsky <stremovsky@gmail.com>
Date: Sun, 15 Dec 2019 22:36:11 +0200
Subject: [PATCH] validate for broken json input

---
 src/userapps_api.go | 4 ++--
 src/users_api.go    | 4 ++--
 src/utils.go        | 5 ++++-
 src/xtokens_api.go  | 2 +-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/userapps_api.go b/src/userapps_api.go
index 486f1e8..f40e834 100644
--- a/src/userapps_api.go
+++ b/src/userapps_api.go
@@ -31,7 +31,7 @@ func (e mainEnv) userappNew(w http.ResponseWriter, r *http.Request, ps httproute
 
 	data, err := getJSONPostData(r)
 	if err != nil {
-		returnError(w, r, "internal error", 405, err, event)
+		returnError(w, r, "failed to decode request body", 405, err, event)
 		return
 	}
 	jsonData, err := json.Marshal(data)
@@ -67,7 +67,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro
 
 	data, err := getJSONPostData(r)
 	if err != nil {
-		returnError(w, r, "internal error", 405, err, event)
+		returnError(w, r, "failed to decode request body", 405, err, event)
 		return
 	}
 	jsonData, err := json.Marshal(data)
diff --git a/src/users_api.go b/src/users_api.go
index de5d0f9..3eeb436 100644
--- a/src/users_api.go
+++ b/src/users_api.go
@@ -20,7 +20,7 @@ func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	}
 	parsedData, err := getJSONPost(r, e.conf.Sms.Default_country)
 	if err != nil {
-		returnError(w, r, "internal error", 405, err, event)
+		returnError(w, r, "failed to decode request body", 405, err, event)
 		return
 	}
 	// make sure that login, email and phone are unique
@@ -125,7 +125,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
 	}
 	parsedData, err := getJSONPost(r, e.conf.Sms.Default_country)
 	if err != nil {
-		returnError(w, r, "internal error", 405, err, event)
+		returnError(w, r, "failed to decode request body", 405, err, event)
 		return
 	}
 	userTOKEN := address
diff --git a/src/utils.go b/src/utils.go
index 2724d0a..bf3c9c6 100644
--- a/src/utils.go
+++ b/src/utils.go
@@ -272,8 +272,11 @@ func getJSONPostData(r *http.Request) (map[string]interface{}, error) {
 }
 
 func getJSONPost(r *http.Request, default_country string) (userJSON, error) {
-	records, err := getJSONPostData(r)
 	var result userJSON
+	records, err := getJSONPostData(r)
+	if err != nil {
+		return result, err
+	}
 
 	if value, ok := records["login"]; ok {
 		if reflect.TypeOf(value) == reflect.TypeOf("string") {
diff --git a/src/xtokens_api.go b/src/xtokens_api.go
index 5d7342e..f3522f8 100644
--- a/src/xtokens_api.go
+++ b/src/xtokens_api.go
@@ -24,7 +24,7 @@ func (e mainEnv) userNewToken(w http.ResponseWriter, r *http.Request, ps httprou
 	}
 	records, err := getJSONPostData(r)
 	if err != nil {
-		returnError(w, r, "internal error", 405, err, event)
+		returnError(w, r, "failed to decode request body", 405, err, event)
 		return
 	}
 	fields := ""