From 2dc27602655f65414bda7206686fba81aee7d882 Mon Sep 17 00:00:00 2001
From: "Molecule AI Dev Engineer A (Kimi)"
 <dev-engineer-a-kimi@agents.moleculesai.app>
Date: Tue, 26 May 2026 15:30:20 +0000
Subject: [PATCH] fix(handlers): reject malformed JSON in org token create

The org token create endpoint allows an empty POST body (unnamed token),
but was silently ignoring ALL ShouldBindJSON errors, including invalid
JSON. Add io.EOF guard so empty bodies still work while malformed JSON
returns 400 Bad Request.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 workspace-server/internal/handlers/org_tokens.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/workspace-server/internal/handlers/org_tokens.go b/workspace-server/internal/handlers/org_tokens.go
index 319969898..a1233009a 100644
--- a/workspace-server/internal/handlers/org_tokens.go
+++ b/workspace-server/internal/handlers/org_tokens.go
@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"io"
 	"log"
 	"net/http"
 
@@ -68,7 +69,10 @@ type createOrgTokenResponse struct {
 func (h *OrgTokenHandler) Create(c *gin.Context) {
 	var req createOrgTokenRequest
 	// Optional body — an empty POST should still work (unnamed token).
-	_ = c.ShouldBindJSON(&req)
+	if err := c.ShouldBindJSON(&req); err != nil && err != io.EOF {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid JSON body"})
+		return
+	}
 	if len(req.Name) > 100 {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "name too long (max 100 chars)"})
 		return
-- 
2.52.0