enhance JSON validation

enable FastCGI Authorization Header

public/.htaccess

@@ -1,3 +1,6 @@
+# enable Authorization header on server using (Fast)CGI
+SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
 RewriteEngine On
 # The following rule tells Apache that if the requested filename
 # exists, simply serve it.

src/Broadcasting/Api/Validation.php

@@ -106,10 +106,14 @@ public function validateContentIsValidJson()
     {
         $content = $this->request->getBody();
         $decodedBody = json_decode($content);
-        if (json_last_error() !== JSON_ERROR_NONE) {
+        if (json_last_error() !== JSON_ERROR_NONE ) {
             throw new \Exception('The given JSON is invalid: ' . json_last_error_msg(), 400);
         }
 
+        if (!($decodedBody instanceof \StdClass)) {
+            throw new \Exception('The given JSON is not an object.', 400);
+        }
+
         return $decodedBody;
     }