forked from mirror/misskey
fix(backend): return HTTP 404 for any unknown api endpoint paths (#10130)
* fix(backend): return HTTP 400 for any invalid api endpoint paths * 404
This commit is contained in:
parent
81e6a21fe0
commit
647a018362
11
cypress/e2e/api.cy.js
Normal file
11
cypress/e2e/api.cy.js
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
describe('API', () => {
|
||||||
|
it('returns HTTP 404 to unknown API endpoint paths', () => {
|
||||||
|
cy.request({
|
||||||
|
url: '/api/foo',
|
||||||
|
failOnStatusCode: false,
|
||||||
|
}).then((response) => {
|
||||||
|
expect(response.status).to.eq(404);
|
||||||
|
expect(response.body.error.code).to.eq('UNKNOWN_API_ENDPOINT');
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
@ -79,7 +79,7 @@ export class ApiServerService {
|
|||||||
reply.send();
|
reply.send();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
this.apiCallService.handleMultipartRequest(ep, request, reply);
|
this.apiCallService.handleMultipartRequest(ep, request, reply);
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
@ -93,7 +93,7 @@ export class ApiServerService {
|
|||||||
reply.send();
|
reply.send();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
this.apiCallService.handleRequest(ep, request, reply);
|
this.apiCallService.handleRequest(ep, request, reply);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@ -160,6 +160,22 @@ export class ApiServerService {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Make sure any unknown path under /api returns HTTP 404 Not Found,
|
||||||
|
// because otherwise ClientServerService will return the base client HTML
|
||||||
|
// page with HTTP 200.
|
||||||
|
fastify.get('*', (request, reply) => {
|
||||||
|
reply.code(404);
|
||||||
|
// Mock ApiCallService.send's error handling
|
||||||
|
reply.send({
|
||||||
|
error: {
|
||||||
|
message: 'Unknown API endpoint.',
|
||||||
|
code: 'UNKNOWN_API_ENDPOINT',
|
||||||
|
id: '2ca3b769-540a-4f08-9dd5-b5a825b6d0f1',
|
||||||
|
kind: 'client',
|
||||||
|
},
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
done();
|
done();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user