Ignore invalid editor draft payloads (#1533)

2026-06-03 08:07:03 +03:00
parent d7a6cadbe2
commit 5fba1735c2
2 changed files with 33 additions and 5 deletions
--- a/routes/editor_draft_routes.py
+++ b/routes/editor_draft_routes.py
@@ -67,6 +67,14 @@ def _summary(d: EditorDraft) -> Dict[str, Any]:
    }


+def _load_payload(raw: Optional[str]) -> Dict[str, Any]:
+    try:
+        payload = json.loads(raw) if raw else {}
+    except Exception:
+        return {}
+    return payload if isinstance(payload, dict) else {}
+
+
 def setup_editor_draft_routes() -> APIRouter:
    router = APIRouter(tags=["editor-drafts"])

@@ -93,13 +101,9 @@ def setup_editor_draft_routes() -> APIRouter:
            ).first()
            if not d or not _owns(d, user):
                raise HTTPException(404, "Draft not found")
-            try:
-                payload = json.loads(d.payload) if d.payload else {}
-            except Exception:
-                payload = {}
            return {
                **_summary(d),
-                "payload": payload,
+                "payload": _load_payload(d.payload),
            }
        finally:
            db.close()
--- a/tests/test_editor_draft_payload.py
+++ b/tests/test_editor_draft_payload.py
@@ -0,0 +1,24 @@
+import sys
+import types
+from unittest.mock import MagicMock
+
+
+def _load_module(monkeypatch):
+    db_stub = types.ModuleType("core.database")
+    db_stub.EditorDraft = MagicMock()
+    db_stub.SessionLocal = MagicMock()
+    monkeypatch.setitem(sys.modules, "core.database", db_stub)
+    monkeypatch.delitem(sys.modules, "routes.editor_draft_routes", raising=False)
+
+    import routes.editor_draft_routes as mod
+
+    return mod
+
+
+def test_load_payload_rejects_non_object_json(monkeypatch):
+    mod = _load_module(monkeypatch)
+
+    assert mod._load_payload("[]") == {}
+    assert mod._load_payload('"draft"') == {}
+    assert mod._load_payload("{bad json") == {}
+    assert mod._load_payload('{"layers": []}') == {"layers": []}