LibreChat/packages/api/src/middleware/json.ts

import { logger } from '@librechat/data-schemas';
import type { Request, Response, NextFunction } from 'express';

/**
 * Middleware to handle JSON parsing errors from express.json()
 * Prevents user input from being reflected in error messages (XSS prevention)
 *
 * This middleware should be placed immediately after express.json() middleware.
 *
 * @param err - Error object from express.json()
 * @param req - Express request object
 * @param res - Express response object
 * @param next - Express next function
 *
 * @example
 * app.use(express.json({ limit: '3mb' }));
 * app.use(handleJsonParseError);
 */
export function handleJsonParseError(
  err: Error & { status?: number; body?: unknown },
  req: Request,
  res: Response,
  next: NextFunction,
): void {
  if (err instanceof SyntaxError && err.status === 400 && 'body' in err) {
    logger.warn('[JSON Parse Error] Invalid JSON received', {
      path: req.path,
      method: req.method,
      ip: req.ip,
    });

    res.status(400).json({
      error: 'Invalid JSON format',
      message: 'The request body contains malformed JSON',
    });
    return;
  }

  next(err);
}
🛡️ feat: Add Middleware for JSON Parsing and Prompt Group Updates (#10757) * 🗨️ fix: Safe Validation for Prompt Updates - Added `safeValidatePromptGroupUpdate` function to validate and sanitize prompt group update requests, ensuring only allowed fields are processed and sensitive fields are stripped. - Updated the `patchPromptGroup` route to utilize the new validation function, returning appropriate error messages for invalid requests. - Introduced comprehensive tests for the validation logic, covering various scenarios including allowed and disallowed fields, enhancing overall request integrity and security. - Created a new schema file for prompt group updates, defining validation rules and types for better maintainability. * 🔒 feat: Add JSON parse error handling middleware 2025-12-02 00:10:30 -05:00			`import { logger } from '@librechat/data-schemas';`
			`import type { Request, Response, NextFunction } from 'express';`

			`/**`
			`* Middleware to handle JSON parsing errors from express.json()`
			`* Prevents user input from being reflected in error messages (XSS prevention)`
			`*`
			`* This middleware should be placed immediately after express.json() middleware.`
			`*`
			`* @param err - Error object from express.json()`
			`* @param req - Express request object`
			`* @param res - Express response object`
			`* @param next - Express next function`
			`*`
			`* @example`
			`* app.use(express.json({ limit: '3mb' }));`
			`* app.use(handleJsonParseError);`
			`*/`
			`export function handleJsonParseError(`
			`err: Error & { status?: number; body?: unknown },`
			`req: Request,`
			`res: Response,`
			`next: NextFunction,`
			`): void {`
			`if (err instanceof SyntaxError && err.status === 400 && 'body' in err) {`
			`logger.warn('[JSON Parse Error] Invalid JSON received', {`
			`path: req.path,`
			`method: req.method,`
			`ip: req.ip,`
			`});`

			`res.status(400).json({`
			`error: 'Invalid JSON format',`
			`message: 'The request body contains malformed JSON',`
			`});`
			`return;`
			`}`

			`next(err);`
			`}`