feat: status handling (#4630)

Signed-off-by: Mariusz Jasuwienas <[email protected]>

Author: jasuwienas

packages/config-service/src/services/globalConfig.ts

@@ -739,6 +739,11 @@ const _CONFIG = {
     required: false,
     defaultValue: 10,
   },
+  VALID_JSON_RPC_HTTP_REQUESTS_STATUS_CODE: {
+    type: 'boolean',
+    required: false,
+    defaultValue: false,
+  },
 } as const satisfies { [key: string]: ConfigProperty }; // Ensures _CONFIG is read-only and conforms to the ConfigProperty structure
 
 export type ConfigKey = keyof typeof _CONFIG;

packages/server/src/compliance.ts

@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: Apache-2.0
+
+import { ConfigService } from '@hashgraph/json-rpc-config-service/dist/services';
+import { ParameterizedContext } from 'koa';
+
+interface IResponseContext {
+  body: {
+    jsonrpc: unknown;
+    id: unknown;
+    result?: unknown;
+    error?: { code: unknown; message: unknown };
+  };
+  status: number | undefined;
+}
+
+const VALID_JSON_RPC_HTTP_REQUESTS_STATUS_CODE = ConfigService.get('VALID_JSON_RPC_HTTP_REQUESTS_STATUS_CODE');
+
+const FALLBACK_RESPONSE_BODY = {
+  jsonrpc: '2.0',
+  id: null,
+  error: { code: -32600, message: 'Request body is empty; expected a JSON-RPC 2.0 request' },
+};
+
+export const INVALID_METHOD_RESPONSE_BODY = {
+  ...FALLBACK_RESPONSE_BODY,
+  error: { code: -32600, message: 'Invalid HTTP method: only POST is allowed' },
+};
+
+const makeSureBodyExistsAndCanBeChecked = (ctx: IResponseContext) => {
+  if (!ctx.body) {
+    ctx.status = 400;
+    ctx.body = FALLBACK_RESPONSE_BODY;
+    return false;
+  }
+
+  if (Array.isArray(ctx.body)) {
+    ctx.status = 200;
+    return false;
+  }
+
+  if (typeof ctx.body !== 'object') {
+    ctx.status = 400;
+    ctx.body = FALLBACK_RESPONSE_BODY;
+    return false;
+  }
+  ctx.body.jsonrpc ||= FALLBACK_RESPONSE_BODY.jsonrpc;
+  ctx.body.id ||= FALLBACK_RESPONSE_BODY.id;
+
+  return true;
+};
+
+/**
+ * Ensures a JSON-RPC response uses a valid JSON-RPC 2.0 structure.
+ * Normalizes missing or invalid fields for both single and batch responses.
+ * May update HTTP status depending on VALID_JSON_RPC_HTTP_REQUESTS_STATUS_CODE.
+ *
+ * @param {IResponseContext & ParameterizedContext} ctx - Koa context containing status and body.
+ */
+export const jsonRpcComplianceLayer = async (ctx: IResponseContext & ParameterizedContext) => {
+  if (!makeSureBodyExistsAndCanBeChecked(ctx)) return;
+  if (ctx.status === 400) {
+    if (!ctx.body.error || !ctx.body.error.code) ctx.body.error = FALLBACK_RESPONSE_BODY.error;
+    if (VALID_JSON_RPC_HTTP_REQUESTS_STATUS_CODE) ctx.status = 200;
+  }
+};

packages/server/src/koaJsonRpc/index.ts

@@ -124,11 +124,13 @@ export default class KoaJsonRpc {
 
     // verify max batch size
     if (body.length > this.batchRequestsMaxSize) {
-      ctx.body = jsonRespError(
-        null,
-        predefined.BATCH_REQUESTS_AMOUNT_MAX_EXCEEDED(body.length, this.batchRequestsMaxSize),
-        requestId,
-      );
+      ctx.body = [
+        jsonRespError(
+          null,
+          predefined.BATCH_REQUESTS_AMOUNT_MAX_EXCEEDED(body.length, this.batchRequestsMaxSize),
+          requestId,
+        ),
+      ];
       ctx.status = 400;
       ctx.state.status = `${ctx.status} (${INVALID_REQUEST})`;
       return;

packages/server/src/server.ts

@@ -12,6 +12,7 @@ import pino from 'pino';
 import { collectDefaultMetrics, Histogram, Registry } from 'prom-client';
 import { v4 as uuid } from 'uuid';
 
+import { INVALID_METHOD_RESPONSE_BODY, jsonRpcComplianceLayer } from './compliance';
 import { formatRequestIdMessage } from './formatters';
 import KoaJsonRpc from './koaJsonRpc';
 import { spec } from './koaJsonRpc/lib/RpcError';
@@ -277,7 +278,8 @@ export async function initializeServer() {
       // support CORS preflight
       ctx.status = 200;
     } else {
-      logger.warn(`skipping HTTP method: [${ctx.method}], url: ${ctx.url}, status: ${ctx.status}`);
+      ctx.status = 403;
+      ctx.body = INVALID_METHOD_RESPONSE_BODY;
     }
   });
 
@@ -307,10 +309,13 @@ export async function initializeServer() {
 
   const rpcApp = koaJsonRpc.rpcApp();
 
-  app.use(async (ctx) => {
+  app.use(async (ctx, next) => {
     await rpcApp(ctx);
+    await next();
   });
 
+  app.use(jsonRpcComplianceLayer);
+
   process.on('unhandledRejection', (reason, p) => {
     logger.error(`Unhandled Rejection at: Promise: ${JSON.stringify(p)}, reason: ${reason}`);
   });