wip: router changes to allow method-not-allowed

packages/api/src/index.js

@@ -124,7 +124,9 @@ r.add(
 // Upload
 r.add('get', '/check/:cid', withMode(nftCheck, RO), [postCors])
 r.add('get', '', withAuth(withMode(nftList, RO)), [postCors])
-r.add('get', '/:cid', withAuth(withMode(nftGet, RO)), [postCors])
+r.add('get', /^\/(?<cid>ba\S+|Qm\S+)/i, withAuth(withMode(nftGet, RO)), [
+  postCors,
+])
 r.add(
   'post',
   '/upload',

packages/api/src/utils/router.js

@@ -49,6 +49,7 @@ class Router {
    * @param {(e: FetchEvent, params: Record<string, string>) => Promise<RouteContext>} getRouteContext
    * @param {object} [options]
    * @param {BasicHandler} [options.onNotFound]
+   * @param {BasicHandler} [options.onMethodNotAllowed]
    * @param {ErrorHandler} [options.onError]
    */
   constructor(getRouteContext, options) {
@@ -64,6 +65,12 @@ class Router {
           statusText: 'Not Found',
         })
       },
+      onMethodNotAllowed() {
+        return new Response(null, {
+          status: 405,
+          statusText: 'Method Not Allowed',
+        })
+      },
       onError() {
         return new Response(null, {
           status: 500,
@@ -123,6 +130,8 @@ class Router {
       conditions: [methodCondition, routeCondition],
       handler,
       postHandlers,
+      method,
+      route,
     })
   }
 
@@ -138,7 +147,9 @@ class Router {
       const { conditions, handler, postHandlers } = this.routes[i]
       const method = conditions[0](req)
       const routeParams = conditions[1](req)
+      console.log('resolve', this.routes[i].method, this.routes[i].route)
       if (method && typeof routeParams !== 'boolean') {
+        console.log('match', this.routes[i].method, this.routes[i].route)
         return [handler, routeParams, postHandlers]
       }
     }
@@ -158,13 +169,26 @@ class Router {
     ctx.log.time('request')
 
     if (handler) {
+      console.log('handler FOUND', req.method, req.url, handler)
       try {
         rsp = await handler(event, ctx)
       } catch (err) {
         // @ts-ignore
         rsp = this.options.onError(req, err, ctx)
       }
     } else {
+      console.log('no handler found')
+      const routeMatch = this.routes.some(({ conditions }) => {
+        const [methodCondition, routeCondition] = conditions
+        const method = methodCondition(req)
+        const routeParams = routeCondition(req)
+        // we know this route, but request used wrong method.
+        return typeof routeParams !== 'boolean'
+      })
+      console.log('route match', routeMatch)
+      if (routeMatch) {
+        rsp = this.options.onMethodNotAllowed(req)
+      }
       rsp = this.options.onNotFound(req)
     }
 

packages/api/test/auth.spec.js

@@ -0,0 +1,20 @@
+import assert from 'assert'
+
+describe.only('auth', () => {
+  it('should return 401 Unauthorized when auth header missing', async () => {
+    const res = await fetch('/login', { method: 'POST' })
+    assert.strictEqual(res.status, 401)
+    const { ok, error } = await res.json()
+    assert.strictEqual(ok, false)
+    assert.strictEqual(error.code, 'EXPECTED_BEARER_STRING')
+  })
+
+  it.only('should return 405 Method Not Allowed when not POST', async () => {
+    const res = await fetch('/login', { method: 'GET' })
+    assert.strictEqual(res.status, 405)
+    const { ok, error } = await res.json()
+    assert.strictEqual(ok, false)
+    // assert.strictEqual(error.code, 'EXPECTED_BEARER_STRING')
+    // QmVKaJVFaeeMSPonPSH1GK1Hxd82uXbroBbEsd9BRJARtc
+  })
+})