fix: add try-catch protection to JSON.parse in config API routes

Prevent crashes from malformed snapshot JSON by wrapping all JSON.parse calls in try-catch blocks across config API endpoints.

Author: fullstackjam

src/routes/api/configs/+server.ts

@@ -21,10 +21,21 @@ export const GET: RequestHandler = async ({ platform, cookies, request }) => {
 		.bind(user.id)
 		.all();
 
-	const configs = results.map((config: any) => ({
-		...config,
-		snapshot: config.snapshot ? JSON.parse(config.snapshot) : null
-	}));
+	const configs = results.map((config: any) => {
+		let snapshot = null;
+		if (config.snapshot) {
+			try {
+				snapshot = JSON.parse(config.snapshot);
+			} catch {
+				// Invalid JSON in database - return null instead of crashing
+				snapshot = null;
+			}
+		}
+		return {
+			...config,
+			snapshot
+		};
+	});
 
 	return json({ configs, username: user.username });
 };

src/routes/api/configs/[slug]/+server.ts

@@ -46,11 +46,20 @@ export const GET: RequestHandler = async ({ platform, cookies, params, request }
 		return p;
 	});
 
+	let parsedSnapshot = null;
+	if (config.snapshot) {
+		try {
+			parsedSnapshot = JSON.parse(config.snapshot as string);
+		} catch {
+			parsedSnapshot = null;
+		}
+	}
+
 	return json({
 		config: {
 			...config,
 			packages,
-			snapshot: config.snapshot ? JSON.parse(config.snapshot as string) : null
+			snapshot: parsedSnapshot
 		},
 		install_url: installUrl
 	});

src/routes/api/configs/from-snapshot/+server.ts

@@ -61,11 +61,24 @@ export const POST: RequestHandler = async ({ platform, cookies, request }) => {
 		'SELECT id, slug, name, description, base_preset, packages, snapshot, snapshot_at, visibility FROM configs WHERE user_id = ? AND slug = ?'
 	).bind(user.id, config_slug).first();
 
-		return json({
-			...updated,
-			snapshot: JSON.parse((updated as any).snapshot),
-			packages: JSON.parse((updated as any).packages)
-		});
+	let parsedSnapshot = null;
+	let parsedPackages = [];
+	try {
+		parsedSnapshot = JSON.parse((updated as any).snapshot);
+	} catch {
+		parsedSnapshot = null;
+	}
+	try {
+		parsedPackages = JSON.parse((updated as any).packages);
+	} catch {
+		parsedPackages = [];
+	}
+
+	return json({
+		...updated,
+		snapshot: parsedSnapshot,
+		packages: parsedPackages
+	});
 	}
 
 	const configCount = await env.DB.prepare(
@@ -119,9 +132,22 @@ export const POST: RequestHandler = async ({ platform, cookies, request }) => {
 		'SELECT id, slug, name, description, base_preset, packages, snapshot, snapshot_at, visibility FROM configs WHERE id = ?'
 	).bind(id).first();
 
+	let createdSnapshot = null;
+	let createdPackages = [];
+	try {
+		createdSnapshot = JSON.parse((created as any).snapshot);
+	} catch {
+		createdSnapshot = null;
+	}
+	try {
+		createdPackages = JSON.parse((created as any).packages);
+	} catch {
+		createdPackages = [];
+	}
+
 	return json({
 		...created,
-		snapshot: JSON.parse((created as any).snapshot),
-		packages: JSON.parse((created as any).packages)
+		snapshot: createdSnapshot,
+		packages: createdPackages
 	}, { status: 201 });
 };