From 12f54773f9243a9c45a75f14571d1657bb21c2d3 Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 12:43:47 +0530
Subject: [PATCH 1/6] Adds safeParseJSON.ts file

---
 lib/helpers/safeParseJSON.ts | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 lib/helpers/safeParseJSON.ts

diff --git a/lib/helpers/safeParseJSON.ts b/lib/helpers/safeParseJSON.ts
new file mode 100644
index 0000000000..f86e8539e0
--- /dev/null
+++ b/lib/helpers/safeParseJSON.ts
@@ -0,0 +1,8 @@
+export default function parseJSONSafely(str: string) {
+  try {
+    return JSON.parse(str);
+  } catch (e) {
+    console.error((e as Error).message);
+    return {};
+  }
+}

From 36a0ebfbadf7db444f2540f60729d9534dce2e45 Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 12:46:35 +0530
Subject: [PATCH 2/6] Adds safe json parse of the body

It ensures that the body complies with the safe parsing of the JSON so that if the body sent is not a valid JSON, we convert it into an empty JSON. Would improve in handling the response of such cases as a follow up for improved UX
---
 pages/api/schedules/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pages/api/schedules/index.ts b/pages/api/schedules/index.ts
index 7380a4faa2..e1b8d79350 100644
--- a/pages/api/schedules/index.ts
+++ b/pages/api/schedules/index.ts
@@ -2,6 +2,7 @@ import type { NextApiRequest, NextApiResponse } from "next";
 
 import { getAvailabilityFromSchedule, DEFAULT_SCHEDULE } from "@calcom/lib/availability";
 
+import safeParseJSON from "@lib/helpers/safeParseJSON";
 import { withMiddleware } from "@lib/helpers/withMiddleware";
 import { ScheduleResponse, SchedulesResponse } from "@lib/types";
 import {
@@ -14,7 +15,7 @@ async function createOrlistAllSchedules(
   { method, body, userId, isAdmin, prisma }: NextApiRequest,
   res: NextApiResponse<SchedulesResponse | ScheduleResponse>
 ) {
-  const safe = schemaScheduleBodyParams.safeParse(body);
+  const safe = schemaScheduleBodyParams.safeParse(safeParseJSON(body));
 
   if (!safe.success) {
     res.status(400).json({ message: "Bad request" });

From 79fabe0333e567e36ac42edcfc04ba2131d93026 Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 13:03:09 +0530
Subject: [PATCH 3/6] Adds safeParseJSON to the body

---
 pages/api/schedules/[id].ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pages/api/schedules/[id].ts b/pages/api/schedules/[id].ts
index adc26e7b6d..677c8d8975 100644
--- a/pages/api/schedules/[id].ts
+++ b/pages/api/schedules/[id].ts
@@ -1,5 +1,6 @@
 import type { NextApiRequest, NextApiResponse } from "next";
 
+import safeParseJSON from "@lib/helpers/safeParseJSON";
 import { withMiddleware } from "@lib/helpers/withMiddleware";
 import type { ScheduleResponse } from "@lib/types";
 import { schemaSingleScheduleBodyParams, schemaSchedulePublic } from "@lib/validations/schedule";
@@ -13,7 +14,7 @@ export async function scheduleById(
   res: NextApiResponse<ScheduleResponse>
 ) {
   const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  const safeBody = schemaSingleScheduleBodyParams.safeParse(body);
+  const safeBody = schemaSingleScheduleBodyParams.safeParse(safeParseJSON(body));
   if (!safeBody.success) {
     res.status(400).json({ message: "Bad request" });
     return;

From 3bdebba21ecb90901839d7acceaa6f854a97670c Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 13:12:57 +0530
Subject: [PATCH 4/6] Adds meaningful response for the API caller

---
 lib/helpers/safeParseJSON.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/helpers/safeParseJSON.ts b/lib/helpers/safeParseJSON.ts
index f86e8539e0..3681e42273 100644
--- a/lib/helpers/safeParseJSON.ts
+++ b/lib/helpers/safeParseJSON.ts
@@ -3,6 +3,12 @@ export default function parseJSONSafely(str: string) {
     return JSON.parse(str);
   } catch (e) {
     console.error((e as Error).message);
+    if ((e as Error).message.includes("Unexpected token")) {
+      return {
+        success: false,
+        message: `Invalid JSON in the body: ${(e as Error).message}`,
+      };
+    }
     return {};
   }
 }

From affba8bf66013bf2e9250f6332b9992dbdc7a873 Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 13:13:56 +0530
Subject: [PATCH 5/6] Adds meaningful response for API caller

---
 pages/api/schedules/index.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pages/api/schedules/index.ts b/pages/api/schedules/index.ts
index e1b8d79350..3b8abc776f 100644
--- a/pages/api/schedules/index.ts
+++ b/pages/api/schedules/index.ts
@@ -15,7 +15,12 @@ async function createOrlistAllSchedules(
   { method, body, userId, isAdmin, prisma }: NextApiRequest,
   res: NextApiResponse<SchedulesResponse | ScheduleResponse>
 ) {
-  const safe = schemaScheduleBodyParams.safeParse(safeParseJSON(body));
+  body = safeParseJSON(body);
+  if (!body.success) {
+    res.status(400).json({ message: body.message });
+  }
+
+  const safe = schemaScheduleBodyParams.safeParse(body);
 
   if (!safe.success) {
     res.status(400).json({ message: "Bad request" });

From 21e081c64c1525395752d4f5d98aa47612f459e9 Mon Sep 17 00:00:00 2001
From: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com>
Date: Fri, 7 Oct 2022 13:15:35 +0530
Subject: [PATCH 6/6] Adds meaningful response for API caller

---
 pages/api/schedules/[id].ts | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/pages/api/schedules/[id].ts b/pages/api/schedules/[id].ts
index 677c8d8975..4ef7a85b6d 100644
--- a/pages/api/schedules/[id].ts
+++ b/pages/api/schedules/[id].ts
@@ -13,13 +13,18 @@ export async function scheduleById(
   { method, query, body, userId, isAdmin, prisma }: NextApiRequest,
   res: NextApiResponse<ScheduleResponse>
 ) {
-  const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  const safeBody = schemaSingleScheduleBodyParams.safeParse(safeParseJSON(body));
+  body = safeParseJSON(body);
+  if (!body.success) {
+    res.status(400).json({ message: body.message });
+  }
+
+  const safe = schemaScheduleBodyParams.safeParse(body);
   if (!safeBody.success) {
     res.status(400).json({ message: "Bad request" });
     return;
   }
-
+  
+  const safeQuery = schemaQueryIdParseInt.safeParse(query);
   if (safeBody.data.userId && !isAdmin) {
     res.status(401).json({ message: "Unauthorized" });
     return;