Bug description
POST /api/affiliates/offers/:id/conversions/pay parses the request body with request.json() after seller ownership is verified. If an API client sends malformed JSON, the parse exception falls through the generic catch block and the route returns a 500 "An unexpected error occurred" response.
Malformed JSON is a client input error, so the endpoint should stay on the normal 400 validation path and avoid running conversion lookup, wallet lookup, or Lightning transfer logic.
Steps to reproduce
- Authenticate as the seller for an affiliate offer.
- Send
POST /api/affiliates/offers/:id/conversions/pay with Content-Type: application/json and malformed JSON such as {.
- The route returns a 500 instead of a 400 response.
Expected behavior
Malformed or empty JSON bodies should return the existing 400 { "error": "conversion_id is required" } validation error, and payout logic should not run.
Fix direction
Use the existing safe body parser for the payout endpoint and add a regression test proving malformed JSON does not reach conversion or wallet transfer code.
Bug description
POST /api/affiliates/offers/:id/conversions/payparses the request body withrequest.json()after seller ownership is verified. If an API client sends malformed JSON, the parse exception falls through the generic catch block and the route returns a 500 "An unexpected error occurred" response.Malformed JSON is a client input error, so the endpoint should stay on the normal 400 validation path and avoid running conversion lookup, wallet lookup, or Lightning transfer logic.
Steps to reproduce
POST /api/affiliates/offers/:id/conversions/paywithContent-Type: application/jsonand malformed JSON such as{.Expected behavior
Malformed or empty JSON bodies should return the existing
400 { "error": "conversion_id is required" }validation error, and payout logic should not run.Fix direction
Use the existing safe body parser for the payout endpoint and add a regression test proving malformed JSON does not reach conversion or wallet transfer code.