POST-ing invalid json content results in 201 Created

[james-callahan]

Environment

• PostgreSQL version: docker: postgrest/postgrest:v5.2.0-3900baa
• PostgREST version: docker: postgrest/postgrest:v5.2.0-3900baa
• Operating system: Linux

Description of issue

POST-ing a json string you can get a 201 success; even though it's not a valid row. e.g (strace output):

sendto(6, "POST /foo HTTP/1.1\r\nHost: localhost:3001\r\naccept: application/json\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Python/3.7 aiohttp/4.0.0a0\r\nContent-Length: 5\r\nContent-Type: application/json\r\n\r\n", 193, 0, NULL, 0) = 193
sendto(6, "\"bar\"", 5, 0, NULL, 0)     = 5
recvfrom(6, "HTTP/1.1 201 Created\r\nTransfer-Encoding: chunked\r\nDate: Wed, 05 Jun 2019 04:42:52 GMT\r\nServer: postgrest/5.2.0 (UNKNOWN)\r\nContent-Range: */*\r\n\r\n0\r\n\r\n", 262144, 0, NULL, NULL) = 149

[wolfgangwalther]

I can still confirm this in the current nightly.

Once the body is valid json, but not an object, 201 is returned but no row added.

[steve-chavez]

Also can reproduce with an empty array:

http POST localhost:3000/projects <<JSON
[]
JSON

HTTP/1.1 201 Created

Adding an Accept: application/vnd.pgrst.object makes the request fail.

I think a fix can be done by checking the queryTotal > 1 for 201. Similarly to how it's done for singlejson:

https://github.com/PostgREST/postgrest/blob/0c25f128250f427f470910104eea6b8bee589083/src/PostgREST/App.hs#L314-L319

[wolfgangwalther]

Mh... this makes it a duplicate of #1070. Closing here in favor of the other one, because there's some other ideas to solve that more generally for on conflict update etc.

[laurenceisla]

I'm reopening this because I think that turning the string to an empty array instead of failing may cause confusion when there's a mistake in sending a JSON object with extra escapes (which turns it into a string) and then returning a 201 as if the insert worked. A couple of examples are this SO question and this discussion