fix: guard request.json() with try-catch to match newer admin route pattern

nicktrn · nicktrn · commit f749f9707898 · 2026-03-29T14:18:21.000+01:00
diff --git a/apps/webapp/app/routes/admin.api.orgs.$orgId.feature-flags.ts b/apps/webapp/app/routes/admin.api.orgs.$orgId.feature-flags.ts
@@ -65,7 +65,13 @@ export async function action({ request, params }: ActionFunctionArgs) {
   }
 
   const { orgId } = ParamsSchema.parse(params);
-  const body = await request.json();
+
+  let body: unknown;
+  try {
+    body = await request.json();
+  } catch {
+    return json({ error: "Invalid JSON body" }, { status: 400 });
+  }
 
   let featureFlags: typeof Prisma.JsonNull | Record<string, unknown>;
 
diff --git a/apps/webapp/app/routes/admin.feature-flags.tsx b/apps/webapp/app/routes/admin.feature-flags.tsx
@@ -58,7 +58,13 @@ export const action = async ({ request }: ActionFunctionArgs) => {
     throw new Response("Unauthorized", { status: 403 });
   }
 
-  const body = await request.json();
+  let body: unknown;
+  try {
+    body = await request.json();
+  } catch {
+    return json({ error: "Invalid JSON body" }, { status: 400 });
+  }
+
   const payloadSchema = z.object({ flags: z.record(z.unknown()) });
   const parsed = payloadSchema.safeParse(body);
   if (!parsed.success) {
