fix(api-gateway): Handle invalid query (invalid JSON) as 400 Bad Request (#7455)

Author: ovr

packages/cubejs-api-gateway/src/gateway.ts

@@ -1901,11 +1901,17 @@ class ApiGateway {
 
   protected parseQueryParam(query): Query | Query[] {
     if (!query || query === 'undefined') {
-      throw new UserError('query param is required');
+      throw new UserError('Query param is required');
     }
+
     if (typeof query === 'string') {
-      query = JSON.parse(query);
+      try {
+        return JSON.parse(query) as Query | Query[];
+      } catch (e: any) {
+        throw new UserError(`Unable to decode query param as JSON, error: ${e.message}`);
+      }
     }
+
     return query as Query | Query[];
   }
 

packages/cubejs-api-gateway/test/index.test.ts

@@ -91,6 +91,32 @@ describe('API Gateway', () => {
     expect(res.body && res.body.error).toStrictEqual('Invalid token');
   });
 
+  test('query field is empty', async () => {
+    const { app } = await createApiGateway();
+
+    const res = await request(app)
+      .get('/cubejs-api/v1/load?query=')
+      .set('Authorization', 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.t-IDcSemACt8x4iTMCda8Yhe3iZaWbvV5XKSTbuAn0M')
+      .expect(400);
+
+    expect(res.body && res.body.error).toStrictEqual(
+      'Query param is required'
+    );
+  });
+
+  test('incorrect json for query field', async () => {
+    const { app } = await createApiGateway();
+
+    const res = await request(app)
+      .get('/cubejs-api/v1/load?query=NOT_A_JSON')
+      .set('Authorization', 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.t-IDcSemACt8x4iTMCda8Yhe3iZaWbvV5XKSTbuAn0M')
+      .expect(400);
+
+    expect(res.body && res.body.error).toStrictEqual(
+      'Unable to decode query param as JSON, error: Unexpected token N in JSON at position 0'
+    );
+  });
+
   test('requires auth', async () => {
     const { app } = await createApiGateway();