fix: normalize malformed pairing requests

2026-03-27 11:54:42 +08:00 · 2026-03-27 11:54:42 +08:00 · 061c3baab3
commit 061c3baab3
parent 4e4c90e675
2 changed files with 26 additions and 1 deletions
--- a/apps/windows_agent/src/TermRemoteCtl.Agent/Api/PairingEndpoints.cs
+++ b/apps/windows_agent/src/TermRemoteCtl.Agent/Api/PairingEndpoints.cs
@ -1,3 +1,4 @@
+using System.Text.Json;
 using Microsoft.AspNetCore.Mvc;
 using TermRemoteCtl.Agent.Security;

@ -26,12 +27,13 @@ public static class PairingEndpoints
        });

        group.MapPost("/redeem", async (
-            [FromBody] RedeemPairingRequest? request,
+            HttpRequest httpRequest,
            PairingService pairingService,
            AuditLog auditLog,
            IClock clock,
            CancellationToken cancellationToken) =>
        {
+            var request = await ReadRedeemRequestAsync(httpRequest, cancellationToken);
            var validationError = ValidateRedeemRequest(request);
            if (validationError is not null)
            {
@ -56,6 +58,24 @@ public static class PairingEndpoints
        return endpoints;
    }

+    private static async Task<RedeemPairingRequest?> ReadRedeemRequestAsync(
+        HttpRequest httpRequest,
+        CancellationToken cancellationToken)
+    {
+        try
+        {
+            return await httpRequest.ReadFromJsonAsync<RedeemPairingRequest>(cancellationToken);
+        }
+        catch (JsonException)
+        {
+            return null;
+        }
+        catch (BadHttpRequestException)
+        {
+            return null;
+        }
+    }
+
    private static RedeemPairingResponse? ValidateRedeemRequest(RedeemPairingRequest? request)
    {
        if (request is null)
--- a/apps/windows_agent/tests/TermRemoteCtl.Agent.IntegrationTests/Api/PairingEndpointsTests.cs
+++ b/apps/windows_agent/tests/TermRemoteCtl.Agent.IntegrationTests/Api/PairingEndpointsTests.cs
@ -43,8 +43,13 @@ public sealed class PairingEndpointsTests
        using var content = new StringContent("{\"code\":", Encoding.UTF8, "application/json");

        using var response = await client.PostAsync("/api/pairing/redeem", content);
+        var payload = await response.Content.ReadFromJsonAsync<RedeemResponse>();

        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        Assert.NotNull(payload);
+        Assert.False(payload.Success);
+        Assert.Equal("invalid_request", payload.ErrorCode);
+        Assert.Equal("rejected", payload.Status);
    }

    [Fact]