fix(api): return 404 response when using a token and the route does not exist
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
429c7ca2c1
commit
fde1763eef
@ -111,4 +111,20 @@ func TestAPIToken(t *testing.T) {
|
||||
req.Header.Set(echo.HeaderAuthorization, "Bearer "+jwt)
|
||||
require.NoError(t, h(c))
|
||||
})
|
||||
t.Run("nonexisting route", func(t *testing.T) {
|
||||
e, err := setupTestEnv()
|
||||
require.NoError(t, err)
|
||||
req := httptest.NewRequest(http.MethodGet, "/api/v1/nonexisting", nil)
|
||||
res := httptest.NewRecorder()
|
||||
c := e.NewContext(req, res)
|
||||
h := routes.SetupTokenMiddleware()(func(c echo.Context) error {
|
||||
return c.String(http.StatusNotFound, "test")
|
||||
})
|
||||
|
||||
req.Header.Set(echo.HeaderAuthorization, "Bearer tk_a5e6f92ddbad68f49ee2c63e52174db0235008c8") // Token 2
|
||||
|
||||
err = h(c)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 404, c.Response().Status)
|
||||
})
|
||||
}
|
||||
|
@ -41,6 +41,13 @@ func SetupTokenMiddleware() echo.MiddlewareFunc {
|
||||
|
||||
for _, s := range authHeader {
|
||||
if strings.HasPrefix(s, "Bearer "+models.APITokenPrefix) {
|
||||
// If the route does not exist, skip the current handling and let the rest of echo's logic handle it
|
||||
findCtx := c.Echo().NewContext(c.Request(), c.Response())
|
||||
c.Echo().Router().Find(c.Request().Method, echo.GetPath(c.Request()), findCtx)
|
||||
if findCtx.Path() == "/api/v1/*" {
|
||||
return true
|
||||
}
|
||||
|
||||
err := checkAPITokenAndPutItInContext(s, c)
|
||||
return err == nil
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user