Skip to content

fix: don't crash on non-JSON upstream responses (#41)#43

Merged
Bccorb merged 1 commit into
devfrom
fix/adapter-non-json-response
Jun 29, 2026
Merged

fix: don't crash on non-JSON upstream responses (#41)#43
Bccorb merged 1 commit into
devfrom
fix/adapter-non-json-response

Conversation

@Bccorb

@Bccorb Bccorb commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Fixes #41.

Problem

Every @seamless-auth/core handler (and the express proxy) calls await response.json()
before checking the status. Upstream responses aren't always JSON — a rate-limited request
returns plain text (Too many requests, please try again later.) and a 204 has no body —
so json() throws, the rejection goes unhandled, and the adapter process crashes. A user
hitting a rate limit mid-flow can take down the adapter.

Fix

Centralize it in authFetch (the single fetch chokepoint used by core handlers and the
express proxy): the returned response's json() is made tolerant — it reads the body as text
and returns parsed JSON, { message: <text> } for a non-JSON body, or undefined for an
empty one. No handler changes needed; the crash is removed at the source.

A guard keeps existing tests (which mock fetch with a bare object) working.

Tests

  • New authFetch regression cases: non-JSON 429 → { message } (no throw), valid JSON parses
    normally, empty 204 → undefined.
  • core: 40 passing · express: 24 passing.
  • seamless verify --local is 22/22 green against the fixed SDKs.

authFetch now parses response bodies defensively: a plain-text error (e.g. a
rate-limited 429) or an empty body (204) no longer throws in handlers that read
the body before checking status, which previously crashed the adapter process.
Non-JSON -> { message: text }, empty -> undefined. Adds authFetch regression tests.
@Bccorb Bccorb merged commit 6bd1e0f into dev Jun 29, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant