diff --git a/packages/api/src/index.js b/packages/api/src/index.js index 1ef0931dfa..a14570621a 100644 --- a/packages/api/src/index.js +++ b/packages/api/src/index.js @@ -124,7 +124,9 @@ r.add( // Upload r.add('get', '/check/:cid', withMode(nftCheck, RO), [postCors]) r.add('get', '', withAuth(withMode(nftList, RO)), [postCors]) -r.add('get', '/:cid', withAuth(withMode(nftGet, RO)), [postCors]) +r.add('get', /^\/(?ba\S+|Qm\S+)/i, withAuth(withMode(nftGet, RO)), [ + postCors, +]) r.add( 'post', '/upload', diff --git a/packages/api/src/utils/router.js b/packages/api/src/utils/router.js index 500f05e3bb..fd81b3006f 100644 --- a/packages/api/src/utils/router.js +++ b/packages/api/src/utils/router.js @@ -49,6 +49,7 @@ class Router { * @param {(e: FetchEvent, params: Record) => Promise} getRouteContext * @param {object} [options] * @param {BasicHandler} [options.onNotFound] + * @param {BasicHandler} [options.onMethodNotAllowed] * @param {ErrorHandler} [options.onError] */ constructor(getRouteContext, options) { @@ -64,6 +65,12 @@ class Router { statusText: 'Not Found', }) }, + onMethodNotAllowed() { + return new Response(null, { + status: 405, + statusText: 'Method Not Allowed', + }) + }, onError() { return new Response(null, { status: 500, @@ -123,6 +130,8 @@ class Router { conditions: [methodCondition, routeCondition], handler, postHandlers, + method, + route, }) } @@ -138,7 +147,9 @@ class Router { const { conditions, handler, postHandlers } = this.routes[i] const method = conditions[0](req) const routeParams = conditions[1](req) + console.log('resolve', this.routes[i].method, this.routes[i].route) if (method && typeof routeParams !== 'boolean') { + console.log('match', this.routes[i].method, this.routes[i].route) return [handler, routeParams, postHandlers] } } @@ -158,6 +169,7 @@ class Router { ctx.log.time('request') if (handler) { + console.log('handler FOUND', req.method, req.url, handler) try { rsp = await handler(event, ctx) } catch (err) { @@ -165,6 +177,18 @@ class Router { rsp = this.options.onError(req, err, ctx) } } else { + console.log('no handler found') + const routeMatch = this.routes.some(({ conditions }) => { + const [methodCondition, routeCondition] = conditions + const method = methodCondition(req) + const routeParams = routeCondition(req) + // we know this route, but request used wrong method. + return typeof routeParams !== 'boolean' + }) + console.log('route match', routeMatch) + if (routeMatch) { + rsp = this.options.onMethodNotAllowed(req) + } rsp = this.options.onNotFound(req) } diff --git a/packages/api/test/auth.spec.js b/packages/api/test/auth.spec.js new file mode 100644 index 0000000000..8e42e38d4c --- /dev/null +++ b/packages/api/test/auth.spec.js @@ -0,0 +1,20 @@ +import assert from 'assert' + +describe.only('auth', () => { + it('should return 401 Unauthorized when auth header missing', async () => { + const res = await fetch('/login', { method: 'POST' }) + assert.strictEqual(res.status, 401) + const { ok, error } = await res.json() + assert.strictEqual(ok, false) + assert.strictEqual(error.code, 'EXPECTED_BEARER_STRING') + }) + + it.only('should return 405 Method Not Allowed when not POST', async () => { + const res = await fetch('/login', { method: 'GET' }) + assert.strictEqual(res.status, 405) + const { ok, error } = await res.json() + assert.strictEqual(ok, false) + // assert.strictEqual(error.code, 'EXPECTED_BEARER_STRING') + // QmVKaJVFaeeMSPonPSH1GK1Hxd82uXbroBbEsd9BRJARtc + }) +})