From d44317a28aeaf590a4048f77d6f53cd46a7979b9 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Thu, 5 Aug 2021 14:38:46 +0200
Subject: [PATCH 1/3] Prevent falsy values obscur behavior in api call

---
 python_apps/api_clients/api_clients/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python_apps/api_clients/api_clients/utils.py b/python_apps/api_clients/api_clients/utils.py
index 9eeec0cb3..6d7413045 100644
--- a/python_apps/api_clients/api_clients/utils.py
+++ b/python_apps/api_clients/api_clients/utils.py
@@ -95,7 +95,7 @@ class ApiRequest:
         final_url = self.url.params(**kwargs).url()
         self.logger.debug(final_url)
         try:
-            if _post_data:
+            if _post_data is not None:
                 res = requests.post(
                     final_url,
                     data=_post_data,

From f5d1ffe27c195c44ff102e6d8362a8efeb7e524c Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Thu, 5 Aug 2021 13:58:50 +0200
Subject: [PATCH 2/3] Better failed request logging in api_client v1

---
 python_apps/api_clients/api_clients/utils.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/python_apps/api_clients/api_clients/utils.py b/python_apps/api_clients/api_clients/utils.py
index 6d7413045..90a3f40cd 100644
--- a/python_apps/api_clients/api_clients/utils.py
+++ b/python_apps/api_clients/api_clients/utils.py
@@ -121,8 +121,9 @@ class ApiRequest:
             raise
         except requests.exceptions.HTTPError:
             self.logger.error(
-                f"HTTP request to '{res.request.url}' failed"
-                f" with status '{res.status_code}':\n{res.text}"
+                f"{res.request.method} {res.request.url} request failed '{res.status_code}':"
+                f"\nPayload: {res.request.body}"
+                f"\nResponse: {res.text}"
             )
             raise
 

From 719f6b5c6a2881a977538e942c00f23c1f7c1409 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Thu, 5 Aug 2021 14:24:48 +0200
Subject: [PATCH 3/3] Handle bad payload in some airtime_mvc api calls

Added a basic JSON decode error safe guard for the following actions:
- pushStreamStatsAction
- updateStreamSettingTableAction
---
 .../application/controllers/ApiController.php | 36 +++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/airtime_mvc/application/controllers/ApiController.php b/airtime_mvc/application/controllers/ApiController.php
index c9c2c82bc..a47296e59 100644
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@@ -1427,7 +1427,16 @@ class ApiController extends Zend_Controller_Action
 
     public function pushStreamStatsAction() {
         $request = $this->getRequest();
-        $data = json_decode($request->getParam("data"), true);
+
+        $data_blob = $request->getParam("data");
+        $data = json_decode($data_blob, true);
+
+        if ($data === null && json_last_error() !== JSON_ERROR_NONE) {
+            $message = "An error occured while decoding the 'data' JSON blob: '$data_blob'";
+            Logging::error($message);
+            $this->jsonError(400, $message);
+            return;
+        }
 
         Application_Model_ListenerStat::insertDataPoints($data);
         $this->view->data = $data;
@@ -1435,7 +1444,16 @@ class ApiController extends Zend_Controller_Action
 
     public function updateStreamSettingTableAction() {
         $request = $this->getRequest();
-        $data = json_decode($request->getParam("data"), true);
+
+        $data_blob = $request->getParam("data");
+        $data = json_decode($data_blob, true);
+
+        if ($data === null && json_last_error() !== JSON_ERROR_NONE) {
+            $message = "An error occured while decoding the 'data' JSON blob: '$data_blob'";
+            Logging::error($message);
+            $this->jsonError(400, $message);
+            return;
+        }
 
         foreach ($data as $k=>$v) {
             Application_Model_StreamSetting::SetListenerStatError($k, $v);
@@ -1711,4 +1729,18 @@ class ApiController extends Zend_Controller_Action
         // enable cors access from configured URLs
         CORSHelper::enableCrossOriginRequests($request, $response);
     }
+
+    /**
+     * Respond with a JSON error message with a custom HTTP status code.
+     * 
+     * This logic should be handled by Zend, but I lack understanding of this
+     * framework, and prefer not break it or spend too much time on it.
+     */
+    private final function jsonError($status, $message)
+    {
+        $this->getResponse()
+            ->setHttpResponseCode($status)
+            ->setHeader('Content-Type', 'application/json')
+            ->setBody(json_encode(['error' => $message]));
+    }
 }