fix(api): return 404 response when using a token and the route does not exist
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
kolaente 2024-08-29 10:12:20 +02:00
parent 429c7ca2c1
commit fde1763eef
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
2 changed files with 23 additions and 0 deletions

View File

@ -111,4 +111,20 @@ func TestAPIToken(t *testing.T) {
req.Header.Set(echo.HeaderAuthorization, "Bearer "+jwt)
require.NoError(t, h(c))
})
t.Run("nonexisting route", func(t *testing.T) {
e, err := setupTestEnv()
require.NoError(t, err)
req := httptest.NewRequest(http.MethodGet, "/api/v1/nonexisting", nil)
res := httptest.NewRecorder()
c := e.NewContext(req, res)
h := routes.SetupTokenMiddleware()(func(c echo.Context) error {
return c.String(http.StatusNotFound, "test")
})
req.Header.Set(echo.HeaderAuthorization, "Bearer tk_a5e6f92ddbad68f49ee2c63e52174db0235008c8") // Token 2
err = h(c)
require.NoError(t, err)
assert.Equal(t, 404, c.Response().Status)
})
}

View File

@ -41,6 +41,13 @@ func SetupTokenMiddleware() echo.MiddlewareFunc {
for _, s := range authHeader {
if strings.HasPrefix(s, "Bearer "+models.APITokenPrefix) {
// If the route does not exist, skip the current handling and let the rest of echo's logic handle it
findCtx := c.Echo().NewContext(c.Request(), c.Response())
c.Echo().Router().Find(c.Request().Method, echo.GetPath(c.Request()), findCtx)
if findCtx.Path() == "/api/v1/*" {
return true
}
err := checkAPITokenAndPutItInContext(s, c)
return err == nil
}