molecule-ai/molecule-core
51
0
Fork 2
Code Issues 160 Pull Requests 162 Actions 11 Packages Projects Releases Wiki Activity

fix(handlers): reject malformed JSON in org token create #1915

Merged
agent-dev-a merged 1 commits from fix/org-tokens-invalid-json-guard into main 2026-05-26 15:42:10 +00:00
Conversation 2 Commits 1 Files Changed 1
+5 -1
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
workspace-server/internal/handlers/org_tokens.go
+5 -1
View File
@@ -1,6 +1,7 @@
package handlers
import (
"io"
"log"
"net/http"
@@ -68,7 +69,10 @@ type createOrgTokenResponse struct {
func (h *OrgTokenHandler) Create(c *gin.Context) {
var req createOrgTokenRequest
// Optional body — an empty POST should still work (unnamed token).
_ = c.ShouldBindJSON(&req)
if err := c.ShouldBindJSON(&req); err != nil && err != io.EOF {
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid JSON body"})
return
}
if len(req.Name) > 100 {
c.JSON(http.StatusBadRequest, gin.H{"error": "name too long (max 100 chars)"})
return