fix: Have PATCH/POST/PUT operations handlers check content-type

src/ldp/operations/PatchOperationHandler.ts

@@ -1,4 +1,6 @@
+import { getLoggerFor } from '../../logging/LogUtil';
 import type { ResourceStore } from '../../storage/ResourceStore';
+import { BadRequestHttpError } from '../../util/errors/BadRequestHttpError';
 import { NotImplementedHttpError } from '../../util/errors/NotImplementedHttpError';
 import type { Patch } from '../http/Patch';
 import { ResetResponseDescription } from '../http/response/ResetResponseDescription';
@@ -6,7 +8,13 @@ import type { ResponseDescription } from '../http/response/ResponseDescription';
 import type { Operation } from './Operation';
 import { OperationHandler } from './OperationHandler';
 
+/**
+ * Handles PATCH {@link Operation}s.
+ * Calls the modifyResource function from a {@link ResourceStore}.
+ */
 export class PatchOperationHandler extends OperationHandler {
+  protected readonly logger = getLoggerFor(this);
+
   private readonly store: ResourceStore;
 
   public constructor(store: ResourceStore) {
@@ -21,6 +29,13 @@ export class PatchOperationHandler extends OperationHandler {
   }
 
   public async handle(input: Operation): Promise<ResponseDescription> {
+    // Solid, §2.1: "A Solid server MUST reject PUT, POST and PATCH requests
+    // without the Content-Type header with a status code of 400."
+    // https://solid.github.io/specification/protocol#http-server
+    if (!input.body?.metadata.contentType) {
+      this.logger.warn('No Content-Type header specified on PATCH request');
+      throw new BadRequestHttpError('No Content-Type header specified on PATCH request');
+    }
     await this.store.modifyResource(input.target, input.body as Patch);
     return new ResetResponseDescription();
   }

src/ldp/operations/PostOperationHandler.ts

@@ -28,9 +28,12 @@ export class PostOperationHandler extends OperationHandler {
   }
 
   public async handle(input: Operation): Promise<ResponseDescription> {
-    if (!input.body) {
-      this.logger.warn('POST operations require a body');
-      throw new BadRequestHttpError('POST operations require a body');
+    // Solid, §2.1: "A Solid server MUST reject PUT, POST and PATCH requests
+    // without the Content-Type header with a status code of 400."
+    // https://solid.github.io/specification/protocol#http-server
+    if (!input.body?.metadata.contentType) {
+      this.logger.warn('No Content-Type header specified on POST request');
+      throw new BadRequestHttpError('No Content-Type header specified on POST request');
     }
     const identifier = await this.store.addResource(input.target, input.body);
     return new CreatedResponseDescription(identifier);

src/ldp/operations/PutOperationHandler.ts

@@ -28,9 +28,12 @@ export class PutOperationHandler extends OperationHandler {
   }
 
   public async handle(input: Operation): Promise<ResponseDescription> {
-    if (typeof input.body !== 'object') {
-      this.logger.warn('No body specified on PUT request');
-      throw new BadRequestHttpError('PUT operations require a body');
+    // Solid, §2.1: "A Solid server MUST reject PUT, POST and PATCH requests
+    // without the Content-Type header with a status code of 400."
+    // https://solid.github.io/specification/protocol#http-server
+    if (!input.body?.metadata.contentType) {
+      this.logger.warn('No Content-Type header specified on PUT request');
+      throw new BadRequestHttpError('No Content-Type header specified on PUT request');
     }
     await this.store.setRepresentation(input.target, input.body);
     return new ResetResponseDescription();