fix: api-wrapper returns valid malformed response (#7053)

Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>

apps/web/modules/api/v2/auth/api-wrapper.ts

@@ -1,4 +1,5 @@
 import { ZodRawShape, z } from "zod";
+import { logger } from "@formbricks/logger";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
 import { TApiAuditLog } from "@/app/lib/api/with-api-logging";
 import { formatZodError, handleApiError } from "@/modules/api/v2/lib/utils";
@@ -67,7 +68,22 @@ export const apiWrapper = async <S extends ExtendedSchemas>({
   let parsedInput: ParsedSchemas<S> = {} as ParsedSchemas<S>;
 
   if (schemas?.body) {
-    const bodyData = await request.json();
+    let bodyData;
+    try {
+      bodyData = await request.json();
+    } catch (error) {
+      logger.error({ error, url: request.url }, "Error parsing JSON input");
+      return handleApiError(request, {
+        type: "bad_request",
+        details: [
+          {
+            field: "error",
+            issue: "Malformed JSON input, please check your request body",
+          },
+        ],
+      });
+    }
+
     const bodyResult = schemas.body.safeParse(bodyData);
 
     if (!bodyResult.success) {

apps/web/modules/api/v2/auth/tests/api-wrapper.test.ts

@@ -132,6 +132,71 @@ describe("apiWrapper", () => {
     expect(handler).not.toHaveBeenCalled();
   });
 
+  test("should handle malformed JSON input in request body", async () => {
+    const request = new Request("http://localhost", {
+      method: "POST",
+      body: "{ invalid json }",
+      headers: { "Content-Type": "application/json" },
+    });
+
+    vi.mocked(authenticateRequest).mockResolvedValue(ok(mockAuthentication));
+    vi.mocked(handleApiError).mockResolvedValue(new Response("error", { status: 400 }));
+
+    const bodySchema = z.object({ key: z.string() });
+    const handler = vi.fn();
+
+    const response = await apiWrapper({
+      request,
+      schemas: { body: bodySchema },
+      rateLimit: false,
+      handler,
+    });
+
+    expect(response.status).toBe(400);
+    expect(handler).not.toHaveBeenCalled();
+    expect(handleApiError).toHaveBeenCalledWith(request, {
+      type: "bad_request",
+      details: [
+        {
+          field: "error",
+          issue: "Malformed JSON input, please check your request body",
+        },
+      ],
+    });
+  });
+
+  test("should handle empty body when body schema is provided", async () => {
+    const request = new Request("http://localhost", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+    });
+
+    vi.mocked(authenticateRequest).mockResolvedValue(ok(mockAuthentication));
+    vi.mocked(handleApiError).mockResolvedValue(new Response("error", { status: 400 }));
+
+    const bodySchema = z.object({ key: z.string() });
+    const handler = vi.fn();
+
+    const response = await apiWrapper({
+      request,
+      schemas: { body: bodySchema },
+      rateLimit: false,
+      handler,
+    });
+
+    expect(response.status).toBe(400);
+    expect(handler).not.toHaveBeenCalled();
+    expect(handleApiError).toHaveBeenCalledWith(request, {
+      type: "bad_request",
+      details: [
+        {
+          field: "error",
+          issue: "Malformed JSON input, please check your request body",
+        },
+      ],
+    });
+  });
+
   test("should parse query schema correctly", async () => {
     const request = new Request("http://localhost?key=value");