Send 405 when GET request is not allowed

2019-08-04 14:13:48 +07:00 · 2019-08-04 14:13:48 +07:00 · f3f6166aab
commit f3f6166aab
parent e2f6c5f798
4 changed files with 15 additions and 7 deletions
--- a/packages/jsonrpc/src/express.test.ts
+++ b/packages/jsonrpc/src/express.test.ts
@ -211,6 +211,13 @@ describe('jsonrpc', () => {
        },
      })
    })
+
+    it('cannot call non-idempotent methods using GET request', async () => {
+      const params = encodeURIComponent(JSON.stringify([1, 2]))
+      await request(createApp())
+      .get(`/myService?jsonrpc=2.0&id=1&method=add&params=${params}`)
+      .expect(405)
+    })
  })

 })
--- a/packages/jsonrpc/src/express.ts
+++ b/packages/jsonrpc/src/express.ts
@ -6,7 +6,9 @@ import {ILogger} from '@rondo/common'
 import {ISuccessResponse} from './jsonrpc'
 import {NextFunction, Request, Response, Router} from 'express'
 import {createError, isJSONRPCError, IJSONRPCError, IError} from './error'
-import {createRpcService, ERROR_SERVER, ERROR_INVALID_PARAMS} from './jsonrpc'
+import {
+  createRpcService, ERROR_SERVER, ERROR_INVALID_PARAMS, ERROR_METHOD_NOT_FOUND,
+} from './jsonrpc'

 export type TGetContext<Context> = (req: Request) => Context

@ -69,10 +71,10 @@ export function jsonrpc<Context>(
      router.get('/', (req, res, next) => {
        if (!idempotentMethodRegex.test(req.query.method)) {
          // TODO fix status code and error type
-          const err = createError(ERROR_SERVER, {
+          const err = createError(ERROR_METHOD_NOT_FOUND, {
            id: req.query.id,
            data: null,
-            statusCode: 400,
+            statusCode: 405,
          })
          throw err
        }
--- a/packages/jsonrpc/src/jsonrpc.ts
+++ b/packages/jsonrpc/src/jsonrpc.ts
@ -85,7 +85,6 @@ export const createRpcService = <T, M extends FunctionPropertyNames<T>>(
        typeof method !== 'string' ||
        !Array.isArray(params)
      ) {
-        console.log(req.jsonrpc, method, params)
        throw createError(ERROR_INVALID_REQUEST, {
          id,
          data: null,
--- a/packages/jsonrpc/src/remote.ts
+++ b/packages/jsonrpc/src/remote.ts
@ -23,8 +23,8 @@ export function createRemoteClient<T>(
    method: string,
    params: any[],
  ) {
-    const reqMethod = IDEMPOTENT_METHOD_REGEX.test(method) ? 'get' : 'post'
-    const payloadKey = reqMethod === 'post' ? 'data' : 'params'
+    const reqMethod = IDEMPOTENT_METHOD_REGEX.test(method) ? 'GET' : 'POST'
+    const payloadKey = reqMethod === 'POST' ? 'data' : 'params'

    const response = await axios({
      method: reqMethod,
@ -33,7 +33,7 @@ export function createRemoteClient<T>(
        id,
        jsonrpc: '2.0',
        method,
-        params: reqMethod === 'post'
+        params: reqMethod === 'POST'
          ? params
          : JSON.stringify(params),
      },