fix(pki): return helpful error for malformed JSON on certificate endpoint for CSR

[saifsmailbox98]

Context

When users send a CSR (Certificate Signing Request) to POST /api/v1/cert-manager/certificates with literal newlines instead of escaped \n characters, the JSON parser fails before reaching the route handler. This is a common user mistake when copying/pasting CSR content directly into JSON.

Before: Returns a generic 500 Internal Server Error with "Something went wrong" message, which provides no indication of what went wrong.

After: Returns a 400 Bad Request with a helpful message: "Invalid JSON in request body. If you are sending a Certificate Signing Request (CSR), ensure newlines are escaped as \n characters, not literal line breaks."

Example of the issue:

// Invalid - literal newlines break JSON parsing
{ "csr": "-----BEGIN CERTIFICATE REQUEST-----
MIIB..." }

// Valid - newlines escaped
{ "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIB..." }

Screenshots

N/A - API-only change

Steps to verify the change

1. Send a POST request to /api/v1/cert-manager/certificates with a properly escaped CSR (newlines as \n) - should work normally (200)
2. Send a POST request with literal newlines in the CSR - should return 400 with the helpful error message:

   {
     "statusCode": 400,
     "message": "Invalid JSON in request body. If you are sending a Certificate Signing Request (CSR), ensure newlines are escaped as \\n characters, not literal line breaks.",
     "error": "BadRequestError"
   }

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR improves error handling for the POST /api/v1/cert-manager/certificates endpoint by catching JSON parsing errors (specifically SyntaxError) and returning a helpful 400 Bad Request with guidance about escaping newlines in CSR data, instead of the generic 500 Internal Server Error.

Key Changes

• Added a specific error handler for SyntaxError on the certificate endpoint
• Returns user-friendly message explaining that CSR newlines must be escaped as \n characters
• Improves developer experience when users copy/paste CSR content incorrectly

Issues Found

• URL matching doesn't check HTTP method, so GET requests with malformed JSON would incorrectly receive CSR-specific error message
• Other endpoints accepting CSR data (e.g., /api/v1/pki/certificates/sign-certificate) don't have similar helpful error handling

Confidence Score: 4/5

• Safe to merge with minor recommendations for improvement
• The change improves user experience by providing a helpful error message for a common mistake. However, the URL matching logic could be more robust by checking the HTTP method, and similar error handling could benefit other CSR endpoints
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/server/plugins/error-handler.ts	Added helpful error message for JSON parsing errors on certificate endpoint when CSR has unescaped newlines

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}