fix: add content type header middleware (#303)

* fix: add content type header middleware * feat: move content type validation to own middleware * feat: remove temp console.log * feat: update session tests to always have content-type header
opengovsg · Jun 27, 2024 · 2e15005 · 2e15005
1 parent 73621d9
commit 2e15005
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/src/server/trpc.ts b/src/server/trpc.ts
@@ -96,6 +96,19 @@ const loggerWithVersionMiddleware = loggerMiddleware.unstable_pipe(
   },
 )
 
+const contentTypeHeaderMiddleware = t.middleware(async ({ ctx, next }) => {
+  if (
+    ctx.req.body &&
+    !ctx.req.headers['content-type']?.startsWith('application/json')
+  ) {
+    throw new TRPCError({
+      code: 'BAD_REQUEST',
+      message: 'Invalid Content-Type',
+    })
+  }
+  return next()
+})
+
 const baseMiddleware = t.middleware(async ({ ctx, next }) => {
   if (ctx.session === undefined) {
     throw new TRPCError({ code: 'INTERNAL_SERVER_ERROR' })
@@ -157,17 +170,20 @@ export const router = t.router
  **/
 export const publicProcedure = t.procedure
   .use(loggerWithVersionMiddleware)
+  .use(contentTypeHeaderMiddleware)
   .use(baseMiddleware)
 
 /**
  * Create a protected procedure
  **/
 export const protectedProcedure = t.procedure
   .use(loggerWithVersionMiddleware)
+  .use(contentTypeHeaderMiddleware)
   .use(authMiddleware)
 
 export const agnosticProcedure = t.procedure
   .use(loggerWithVersionMiddleware)
+  .use(contentTypeHeaderMiddleware)
   .use(nonStrictAuthMiddleware)
 
 /**

diff --git a/tests/integration/helpers/iron-session.ts b/tests/integration/helpers/iron-session.ts
@@ -52,11 +52,20 @@ class MockIronStore {
 export const createMockRequest = async (
   session: Session,
   reqOptions: RequestOptions = { method: 'GET' },
-  resOptions?: ResponseOptions
+  resOptions?: ResponseOptions,
 ): Promise<Context> => {
   const innerContext = await createContextInner({ session })
 
-  const { req, res } = createMocks(reqOptions, resOptions)
+  const { req, res } = createMocks(
+    {
+      ...reqOptions,
+      headers: {
+        'content-type': 'application/json', // will always be application/json
+        ...reqOptions.headers,
+      },
+    },
+    resOptions,
+  )
 
   return {
     ...innerContext,