add request body validation

src-tauri/Cargo.lock

@@ -3652,6 +3652,15 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "roxmltree"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1964b10c76125c36f8afe190065a4bf9a87bf324842c05701330bba9f1cacbb"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "rquest"
 version = "0.1.0"
@@ -3660,8 +3669,10 @@ dependencies = [
  "mime",
  "nom",
  "reqwest",
+ "roxmltree",
  "serde",
  "serde_json",
+ "serde_urlencoded",
  "sqlx",
  "tauri",
  "tauri-build",

src-tauri/Cargo.toml

@@ -29,8 +29,12 @@ sqlx = { version = "0.8.6", features = ["sqlite", "runtime-tokio"] }
 
 mime = "0.3.17"
 nom = "8.0.0"
+
 serde = { version = "1.0.228", features = ["derive"] }
 serde_json = "1.0.145"
+serde_urlencoded = "0.7.1"
+roxmltree = "0.21.1"
+
 reqwest = { version = "0.12.15", features = [
 	"multipart",
 	"json",

src-tauri/src/error.rs

@@ -8,8 +8,13 @@ pub enum AppError {
     HeaderToStr(#[from] reqwest::header::ToStrError),
     #[error("{0}")]
     MimeFromStr(#[from] mime::FromStrError),
+
     #[error("{0}")]
     SerdeJson(#[from] serde_json::Error),
+    #[error("{0}")]
+    SerdeUrl(String),
+    #[error("{0}")]
+    XmlRead(#[from] roxmltree::Error),
 
     // Domain specific errors
     #[error("{0}")]

src-tauri/src/request.rs

@@ -5,6 +5,7 @@ use std::str::FromStr;
 
 use crate::{
     auth::{Auth, BasicAuth, OAuth},
+    error::AppError,
     request::{ctype::ContentType, url::RequestUrl},
     workspace::WorkspaceEntryBase,
     AppResult,
@@ -25,8 +26,6 @@ pub const DEFAULT_HEADERS: &'static [(&'static str, &'static str)] = &[
 ];
 
 pub async fn send(client: reqwest::Client, req: HttpRequestParameters) -> AppResult<HttpResponse> {
-    dbg!(&req);
-
     let HttpRequestParameters {
         url,
         method,
@@ -44,10 +43,20 @@ pub async fn send(client: reqwest::Client, req: HttpRequestParameters) -> AppRes
         Some(body) => {
             match body.ty {
                 ContentType::Text => insert_ct_if_missing(&mut headers, "text/plain"),
-                ContentType::Json => insert_ct_if_missing(&mut headers, "application/json"),
-                ContentType::Xml => insert_ct_if_missing(&mut headers, "application/xml"),
+                ContentType::Json => {
+                    insert_ct_if_missing(&mut headers, "application/json");
+                    serde_json::from_str::<serde_json::Value>(&body.content)?;
+                }
+                ContentType::Xml => {
+                    insert_ct_if_missing(&mut headers, "application/xml");
+                    roxmltree::Document::parse(&body.content)?;
+                }
+                ContentType::FormUrlEncoded => {
+                    serde_urlencoded::from_str::<Vec<(String, String)>>(&body.content)
+                        .map_err(|e| AppError::SerdeUrl(e.to_string()))?;
+                }
                 // Handled by reqwest
-                ContentType::FormData | ContentType::FormUrlEncoded => {}
+                ContentType::FormData => {}
             };
             Some(Body::from(body.content))
         }
@@ -60,7 +69,11 @@ pub async fn send(client: reqwest::Client, req: HttpRequestParameters) -> AppRes
         req = req.body(body)
     }
 
-    let res = match req.send().await {
+    let req = req.build().unwrap();
+
+    dbg!(&req);
+
+    let res = match client.execute(req).await {
         Ok(res) => {
             log::debug!(
                 "{} {} {:?} {:#?}",