From 2d20c40641812515359a4164b12791cdb0857602 Mon Sep 17 00:00:00 2001 From: Khaleel Al-Adhami Date: Mon, 13 Jan 2025 17:16:39 -0800 Subject: [PATCH] add defensive checks against data being funny --- reflex/app.py | 25 +++++++++++++++++++++++-- reflex/utils/exceptions.py | 4 ++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/reflex/app.py b/reflex/app.py index 08cb4314e..d0cfe3765 100644 --- a/reflex/app.py +++ b/reflex/app.py @@ -1563,10 +1563,31 @@ class EventNamespace(AsyncNamespace): Args: sid: The Socket.IO session id. data: The event data. + + Raises: + EventDeserializationError: If the event data is not a dictionary. """ fields = data - # Get the event. - event = Event(**{k: v for k, v in fields.items() if k in _EVENT_FIELDS}) + + if isinstance(fields, str): + fields = json.loads(fields) + console.warn( + "Received event data as a string. This generally should not happen and may indicate a bug." + f" Event data: {fields}" + ) + + if not isinstance(fields, dict): + raise exceptions.EventDeserializationError( + f"Event data must be a dictionary, but received {fields} of type {type(fields)}." + ) + + try: + # Get the event. + event = Event(**{k: v for k, v in fields.items() if k in _EVENT_FIELDS}) + except (TypeError, ValueError) as ex: + raise exceptions.EventDeserializationError( + f"Failed to deserialize event data: {fields}." + ) from ex self.token_to_sid[event.token] = sid self.sid_to_token[sid] = event.token diff --git a/reflex/utils/exceptions.py b/reflex/utils/exceptions.py index bceadc977..be858bc62 100644 --- a/reflex/utils/exceptions.py +++ b/reflex/utils/exceptions.py @@ -167,6 +167,10 @@ class SystemPackageMissingError(ReflexError): """Raised when a system package is missing.""" +class EventDeserializationError(ReflexError, ValueError): + """Raised when an event cannot be deserialized.""" + + def raise_system_package_missing_error(package: str) -> NoReturn: """Raise a SystemPackageMissingError.