Create InvalidAPIEndpointHandler to be chi-Mount'd on BaseURL

This commit works to close issue #2190 by creating handler that returns ErrInvalidAPIEndpoint when called. This will be used by chi Mount'ing the handler to a specified route so that any calls to a route downstream the Mount'd pattern will respond with the ErrInvalidAPIEndpoint error. Also add corresponding test, TestInvalidRoute, to test InvalidAPIEndpointHandler. Create middleware to catch downstream routes from BaseURL This commit works to close issue #2190 by creating middleware to ensure users that call routes downstream of the BaseURL (i.e. /api/v1) are return an invalid endpoint error and internal error status. Remove BaseURLHandler
treeverse · Aug 19, 2021 · c96a22d · c96a22d
1 parent bfef913
commit c96a22d
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/pkg/api/serve.go b/pkg/api/serve.go
@@ -33,6 +33,8 @@ const (
 	extensionValidationExcludeBody = "x-validation-exclude-body"
 )
 
+var ErrInvalidAPIEndpoint = errors.New("invalid API endpoint")
+
 type responseError struct {
 	Message string `json:"message"`
 }
@@ -85,6 +87,7 @@ func Serve(
 	r.Mount("/_pprof/", httputil.ServePPROF("/_pprof/"))
 	r.Mount("/swagger.json", http.HandlerFunc(swaggerSpecHandler))
 	r.Mount("/", uiHandler)
+	r.Mount(BaseURL, http.HandlerFunc(InvalidAPIEndpointHandler))
 	return r
 }
 
@@ -162,3 +165,10 @@ func validateRequest(r *http.Request, router routers.Router, options *openapi3fi
 	}
 	return http.StatusOK, nil
 }
+
+// InvalidAPIEndpointHandler returns ErrInvalidAPIEndpoint, and is currently being used to ensure
+// that routes under the pattern it is used with in chi.Router.Mount (i.e. /api/v1) are
+// not accessible.
+func InvalidAPIEndpointHandler(w http.ResponseWriter, _ *http.Request) {
+	writeError(w, http.StatusInternalServerError, ErrInvalidAPIEndpoint)
+}
diff --git a/pkg/api/serve_test.go b/pkg/api/serve_test.go
@@ -178,3 +178,34 @@ func setupClientWithAdmin(t testing.TB, blockstoreType string, opts ...testutil.
 	clt = setupClientByEndpoint(t, server.URL, cred.AccessKeyID, cred.SecretAccessKey)
 	return clt, deps
 }
+
+func TestInvalidRoute(t *testing.T) {
+	handler, _ := setupHandler(t, "")
+	server := setupServer(t, handler)
+	clt := setupClientByEndpoint(t, server.URL, "", "")
+	cred := createDefaultAdminUser(t, clt)
+
+	// setup client with invalid endpoint base url
+	basicAuthProvider, err := securityprovider.NewSecurityProviderBasicAuth(cred.AccessKeyID, cred.SecretAccessKey)
+	if err != nil {
+		t.Fatal("basic auth security provider", err)
+	}
+	clt, err = api.NewClientWithResponses(server.URL+api.BaseURL+"//", api.WithRequestEditorFn(basicAuthProvider.Intercept))
+	if err != nil {
+		t.Fatal("failed to create api client:", err)
+	}
+
+	ctx := context.Background()
+	resp, err := clt.ListRepositoriesWithResponse(ctx, &api.ListRepositoriesParams{})
+	if err != nil {
+		t.Fatalf("failed to get lakefs server version")
+	}
+	if resp.JSONDefault == nil {
+		t.Fatalf("client api call expected default error, got nil")
+	}
+	expectedErrMsg := api.ErrInvalidAPIEndpoint.Error()
+	errMsg := resp.JSONDefault.Message
+	if errMsg != expectedErrMsg {
+		t.Fatalf("client response error message: %s, expected: %s", errMsg, expectedErrMsg)
+	}
+}