fix: BUG-04 webhook JSON Content-Type, BUG-05 obdJson list guard #13

Open
kianiadee wants to merge 1 commit from fix/bugs-04-05 into main
Owner

Summary

Second tranche of audit fixes — MEDIUM severity webhook robustness issues. Independent of PR #12 (no overlapping lines).

  • BUG-04 (MEDIUM): webhook_receiver_rev._parse_request docstring promised JSON-body support but the implementation only called request.form(). A JSON push silently returned ("", []) and dropped every record. Now branches on Content-Type: parses application/json directly into {token, data_list|data}, falls back to the form path that matches live Jimi behaviour. Accepts both pre-parsed and string-encoded inner payloads.
  • BUG-05 (MEDIUM): push_obd assumed obdJson parsed to a dict, but malformed payloads can produce a list. The later obd.get() raised AttributeError, was caught by the per-item except, and was logged as a generic "Failed to process" warning — silently losing the reading. Now coerces lists to their first dict element and falls back to {} for anything else.

Test plan

  • Deploy. Webhook container restart picks up the change.
  • Send a synthetic application/json POST to /pushgps via curl (token + data_list with one record); confirm a row lands in tracksolid.position_history.
  • Send a synthetic application/x-www-form-urlencoded POST to the same endpoint; confirm the form path still works (regression check).
  • Send a /pushobd POST where obdJson is a JSON array string [{"event_time": ...}]; confirm one row in tracksolid.obd_readings instead of a warning + drop.
  • Check tracksolid.ingestion_log over the next 24h for any change in success=false rows for webhook endpoints.

🤖 Generated with Claude Code

## Summary Second tranche of audit fixes — MEDIUM severity webhook robustness issues. Independent of PR #12 (no overlapping lines). - **BUG-04 (MEDIUM):** `webhook_receiver_rev._parse_request` docstring promised JSON-body support but the implementation only called `request.form()`. A JSON push silently returned `("", [])` and dropped every record. Now branches on `Content-Type`: parses `application/json` directly into `{token, data_list|data}`, falls back to the form path that matches live Jimi behaviour. Accepts both pre-parsed and string-encoded inner payloads. - **BUG-05 (MEDIUM):** `push_obd` assumed `obdJson` parsed to a dict, but malformed payloads can produce a list. The later `obd.get()` raised `AttributeError`, was caught by the per-item except, and was logged as a generic "Failed to process" warning — silently losing the reading. Now coerces lists to their first dict element and falls back to `{}` for anything else. ## Test plan - [ ] Deploy. Webhook container restart picks up the change. - [ ] Send a synthetic `application/json` POST to `/pushgps` via curl (token + data_list with one record); confirm a row lands in `tracksolid.position_history`. - [ ] Send a synthetic `application/x-www-form-urlencoded` POST to the same endpoint; confirm the form path still works (regression check). - [ ] Send a `/pushobd` POST where `obdJson` is a JSON array string `[{"event_time": ...}]`; confirm one row in `tracksolid.obd_readings` instead of a warning + drop. - [ ] Check `tracksolid.ingestion_log` over the next 24h for any change in `success=false` rows for webhook endpoints. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
kianiadee added 1 commit 2026-05-15 12:42:43 +00:00
fix: BUG-04 honour JSON Content-Type in webhook _parse_request, BUG-05 guard obdJson list
Some checks failed
Static Analysis / static (push) Has been cancelled
Tests / test (push) Has been cancelled
Static Analysis / static (pull_request) Has been cancelled
Tests / test (pull_request) Has been cancelled
378682bd57
BUG-04 (MEDIUM): the _parse_request docstring promised "JSON body or
form-encoded body" support, but the implementation only called
request.form(). If Jimi sent application/json (per the docs), the form
parse returned an empty FormData, the function returned ("", []), and
the entire push was silently dropped. Now branches on Content-Type and
parses JSON bodies directly, falling back to the form path that matches
the live Jimi behaviour.

BUG-05 (MEDIUM): push_obd treated obdJson as a dict after json.loads
even though malformed payloads can decode to a list. The subsequent
obd.get(...) raised AttributeError, caught by the per-item except and
logged as a generic "Failed to process" warning — silently losing the
reading. Now coerces lists to their first dict element and falls back
to {} for any other non-dict shape so the timestamp/lat/lng extraction
still runs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Some checks failed
Static Analysis / static (push) Has been cancelled
Tests / test (push) Has been cancelled
Static Analysis / static (pull_request) Has been cancelled
Tests / test (pull_request) Has been cancelled
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/bugs-04-05:fix/bugs-04-05
git checkout fix/bugs-04-05

Merge

Merge the changes and update on Forgejo.
git checkout main
git merge --no-ff fix/bugs-04-05
git checkout main
git merge --ff-only fix/bugs-04-05
git checkout fix/bugs-04-05
git rebase main
git checkout main
git merge --no-ff fix/bugs-04-05
git checkout main
git merge --squash fix/bugs-04-05
git checkout main
git merge --ff-only fix/bugs-04-05
git checkout main
git merge fix/bugs-04-05
git push origin main
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: kianiadee/tracksolid_timescale_grafana_prod#13
No description provided.