Send 405 when GET request is not allowed
This commit is contained in:
parent
e2f6c5f798
commit
f3f6166aab
@ -211,6 +211,13 @@ describe('jsonrpc', () => {
|
|||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('cannot call non-idempotent methods using GET request', async () => {
|
||||||
|
const params = encodeURIComponent(JSON.stringify([1, 2]))
|
||||||
|
await request(createApp())
|
||||||
|
.get(`/myService?jsonrpc=2.0&id=1&method=add¶ms=${params}`)
|
||||||
|
.expect(405)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|||||||
@ -6,7 +6,9 @@ import {ILogger} from '@rondo/common'
|
|||||||
import {ISuccessResponse} from './jsonrpc'
|
import {ISuccessResponse} from './jsonrpc'
|
||||||
import {NextFunction, Request, Response, Router} from 'express'
|
import {NextFunction, Request, Response, Router} from 'express'
|
||||||
import {createError, isJSONRPCError, IJSONRPCError, IError} from './error'
|
import {createError, isJSONRPCError, IJSONRPCError, IError} from './error'
|
||||||
import {createRpcService, ERROR_SERVER, ERROR_INVALID_PARAMS} from './jsonrpc'
|
import {
|
||||||
|
createRpcService, ERROR_SERVER, ERROR_INVALID_PARAMS, ERROR_METHOD_NOT_FOUND,
|
||||||
|
} from './jsonrpc'
|
||||||
|
|
||||||
export type TGetContext<Context> = (req: Request) => Context
|
export type TGetContext<Context> = (req: Request) => Context
|
||||||
|
|
||||||
@ -69,10 +71,10 @@ export function jsonrpc<Context>(
|
|||||||
router.get('/', (req, res, next) => {
|
router.get('/', (req, res, next) => {
|
||||||
if (!idempotentMethodRegex.test(req.query.method)) {
|
if (!idempotentMethodRegex.test(req.query.method)) {
|
||||||
// TODO fix status code and error type
|
// TODO fix status code and error type
|
||||||
const err = createError(ERROR_SERVER, {
|
const err = createError(ERROR_METHOD_NOT_FOUND, {
|
||||||
id: req.query.id,
|
id: req.query.id,
|
||||||
data: null,
|
data: null,
|
||||||
statusCode: 400,
|
statusCode: 405,
|
||||||
})
|
})
|
||||||
throw err
|
throw err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -85,7 +85,6 @@ export const createRpcService = <T, M extends FunctionPropertyNames<T>>(
|
|||||||
typeof method !== 'string' ||
|
typeof method !== 'string' ||
|
||||||
!Array.isArray(params)
|
!Array.isArray(params)
|
||||||
) {
|
) {
|
||||||
console.log(req.jsonrpc, method, params)
|
|
||||||
throw createError(ERROR_INVALID_REQUEST, {
|
throw createError(ERROR_INVALID_REQUEST, {
|
||||||
id,
|
id,
|
||||||
data: null,
|
data: null,
|
||||||
|
|||||||
@ -23,8 +23,8 @@ export function createRemoteClient<T>(
|
|||||||
method: string,
|
method: string,
|
||||||
params: any[],
|
params: any[],
|
||||||
) {
|
) {
|
||||||
const reqMethod = IDEMPOTENT_METHOD_REGEX.test(method) ? 'get' : 'post'
|
const reqMethod = IDEMPOTENT_METHOD_REGEX.test(method) ? 'GET' : 'POST'
|
||||||
const payloadKey = reqMethod === 'post' ? 'data' : 'params'
|
const payloadKey = reqMethod === 'POST' ? 'data' : 'params'
|
||||||
|
|
||||||
const response = await axios({
|
const response = await axios({
|
||||||
method: reqMethod,
|
method: reqMethod,
|
||||||
@ -33,7 +33,7 @@ export function createRemoteClient<T>(
|
|||||||
id,
|
id,
|
||||||
jsonrpc: '2.0',
|
jsonrpc: '2.0',
|
||||||
method,
|
method,
|
||||||
params: reqMethod === 'post'
|
params: reqMethod === 'POST'
|
||||||
? params
|
? params
|
||||||
: JSON.stringify(params),
|
: JSON.stringify(params),
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user