From 647a0183626042f29834c3b4dd8dbba88a799c4c Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Mon, 27 Feb 2023 10:01:43 +0100 Subject: [PATCH] fix(backend): return HTTP 404 for any unknown api endpoint paths (#10130) * fix(backend): return HTTP 400 for any invalid api endpoint paths * 404 --- cypress/e2e/api.cy.js | 11 ++++++++++ .../src/server/api/ApiServerService.ts | 20 +++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 cypress/e2e/api.cy.js diff --git a/cypress/e2e/api.cy.js b/cypress/e2e/api.cy.js new file mode 100644 index 0000000000..00df987bfc --- /dev/null +++ b/cypress/e2e/api.cy.js @@ -0,0 +1,11 @@ +describe('API', () => { + it('returns HTTP 404 to unknown API endpoint paths', () => { + cy.request({ + url: '/api/foo', + failOnStatusCode: false, + }).then((response) => { + expect(response.status).to.eq(404); + expect(response.body.error.code).to.eq('UNKNOWN_API_ENDPOINT'); + }); + }); +}); diff --git a/packages/backend/src/server/api/ApiServerService.ts b/packages/backend/src/server/api/ApiServerService.ts index 2b99da01b6..501ce63877 100644 --- a/packages/backend/src/server/api/ApiServerService.ts +++ b/packages/backend/src/server/api/ApiServerService.ts @@ -79,7 +79,7 @@ export class ApiServerService { reply.send(); return; } - + this.apiCallService.handleMultipartRequest(ep, request, reply); }); } else { @@ -93,7 +93,7 @@ export class ApiServerService { reply.send(); return; } - + this.apiCallService.handleRequest(ep, request, reply); }); } @@ -160,6 +160,22 @@ export class ApiServerService { } }); + // Make sure any unknown path under /api returns HTTP 404 Not Found, + // because otherwise ClientServerService will return the base client HTML + // page with HTTP 200. + fastify.get('*', (request, reply) => { + reply.code(404); + // Mock ApiCallService.send's error handling + reply.send({ + error: { + message: 'Unknown API endpoint.', + code: 'UNKNOWN_API_ENDPOINT', + id: '2ca3b769-540a-4f08-9dd5-b5a825b6d0f1', + kind: 'client', + }, + }); + }); + done(); } }