fix validationError message body + use LRU/hash for "invalid type" validation errors (#55388)

Co-authored-by: Ashish Keshan <[email protected]>
Co-authored-by: Ashish Keshan <[email protected]>

Author: Ebonsignori

src/events/middleware.ts

@@ -47,10 +47,19 @@ router.post(
     const validEvents: any[] = []
     const validationErrors: any[] = []
 
+    // We use a LRU cache & a hash of the request IP + error message
+    // to prevent sending multiple validation errors per user that can spam requests to Hydro
+    const getValidationErrorHash = (validateErrors: ErrorObject[]) =>
+      `${req.ip}:${(validateErrors || [])
+        .map(
+          (error: ErrorObject) => error.message + error.instancePath + JSON.stringify(error.params),
+        )
+        .join(':')}`
+
     for (const eventBody of eventsToProcess) {
       try {
+        // Skip event if it doesn't have a type or if the type is not in the allowed types
         if (!eventBody.type || !allowedTypes.has(eventBody.type)) {
-          validationErrors.push({ event: eventBody, error: 'Invalid type' })
           continue
         }
         const type: EventType = eventBody.type
@@ -71,18 +80,7 @@ router.post(
         }
         const validate = validators[type]
         if (!validate(body)) {
-          validationErrors.push({
-            event: body,
-            error: validate.errors || [],
-          })
-          // This protects so we don't bother sending the same validation
-          // error, per user, more than once (per time interval).
-          // This helps if we're bombarded with junk bot traffic. So it
-          // protects our Hydro instance from being overloaded with things
-          // that aren't helping anybody.
-          const hash = `${req.ip}:${(validate.errors || [])
-            .map((error: ErrorObject) => error.message + error.instancePath)
-            .join(':')}`
+          const hash = getValidationErrorHash(validate.errors || [])
           if (!sentValidationErrors.has(hash)) {
             sentValidationErrors.set(hash, true)
             formatErrors(validate.errors || [], body).map((error) => {

src/events/tests/middleware.ts

@@ -6,7 +6,6 @@ describe('POST /events', () => {
   vi.setConfig({ testTimeout: 60 * 1000 })
 
   async function checkEvent(data: any) {
-    // if data is not an array, make it one
     if (!Array.isArray(data)) {
       data = [data]
     }
@@ -89,9 +88,9 @@ describe('POST /events', () => {
   })
 
   test('should require a type', async () => {
-    const { statusCode, body } = await checkEvent({ ...pageExample, type: undefined })
-    expect(statusCode).toBe(400)
-    expect(body).toContain('"error":"Invalid type"}')
+    const { statusCode } = await checkEvent({ ...pageExample, type: undefined })
+    // should skip events with no type
+    expect(statusCode).toBe(200)
   })
 
   test('should require an event_id in uuid', async () => {