From 9b95873b14d19c99f571a119aace06a146f60609 Mon Sep 17 00:00:00 2001 From: Will Baker Date: Tue, 27 Jul 2021 09:40:38 -0600 Subject: [PATCH 1/2] fix: return 404 instead of links page on bad /api/v2 requests --- CHANGELOG.md | 1 + http/api_handler.go | 2 +- http/api_handler_test.go | 55 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1243ff33208..493381b0940 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,6 +66,7 @@ This release adds an embedded SQLite database for storing metadata required by t 1. [21839](https://github.com/influxdata/influxdb/pull/21839): Fix display and parsing of `influxd upgrade` CLI prompts in PowerShell. 1. [21850](https://github.com/influxdata/influxdb/pull/21850): Systemd unit should block on startup until http endpoint is ready 1. [21925](https://github.com/influxdata/influxdb/pull/21925): Upgrade to golang-jwt 3.2.1. +1. [XXXXX](https://github.com/influxdata/influxdb/pull/XXXXX): Invalid requests to /api/v2 subroutes now return 404 instead of a list of links. ## v2.0.7 [2021-06-04] diff --git a/http/api_handler.go b/http/api_handler.go index 177f066abd2..dfce367d88f 100644 --- a/http/api_handler.go +++ b/http/api_handler.go @@ -140,7 +140,7 @@ func NewAPIHandler(b *APIBackend, opts ...APIHandlerOptFn) *APIHandler { b.UserResourceMappingService = authorizer.NewURMService(b.OrgLookupService, b.UserResourceMappingService) - h.Mount("/api/v2", serveLinksHandler(b.HTTPErrorHandler)) + h.Handle("/api/v2", serveLinksHandler(b.HTTPErrorHandler)) checkBackend := NewCheckBackend(b.Logger.With(zap.String("handler", "check")), b) checkBackend.CheckService = authorizer.NewCheckService(b.CheckService, diff --git a/http/api_handler_test.go b/http/api_handler_test.go index e0c7b85db49..124c3a20e71 100644 --- a/http/api_handler_test.go +++ b/http/api_handler_test.go @@ -11,11 +11,66 @@ import ( "github.com/google/go-cmp/cmp" kithttp "github.com/influxdata/influxdb/v2/kit/transport/http" "github.com/influxdata/influxdb/v2/pkg/httpc" + "github.com/stretchr/testify/require" "github.com/yudai/gojsondiff" "github.com/yudai/gojsondiff/formatter" "go.uber.org/zap/zaptest" ) +func TestAPIHandlerServeLinks(t *testing.T) { + tests := []struct { + name string + path string + method string + want int + }{ + { + name: "correct path - GET", + path: "/api/v2", + method: "GET", + want: http.StatusOK, + }, + { + name: "correct path with slash - GET", + path: "/api/v2/", + method: "GET", + want: http.StatusOK, + }, + { + name: "correct path - POST", + path: "/api/v2", + method: "POST", + want: http.StatusOK, + }, + { + name: "incorrect arbitrary path", + path: "/api/v2/asdf", + method: "GET", + want: http.StatusNotFound, + }, + { + // regression test for https://github.com/influxdata/influxdb/issues/21620 + name: "incorrect path at a subroute", + path: "/api/v2/query&foo=bar", + method: "GET", + want: http.StatusNotFound, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := httptest.NewRequest(tt.method, tt.path, nil) + w := httptest.NewRecorder() + h := NewAPIHandler(&APIBackend{Logger: zaptest.NewLogger(t)}) + + h.ServeHTTP(w, r) + + res := w.Result() + require.Equal(t, tt.want, res.StatusCode) + }) + } +} + func TestAPIHandler_NotFound(t *testing.T) { type args struct { method string From 06329366b1a082a1b896f48ae95058e1a704bb2b Mon Sep 17 00:00:00 2001 From: Will Baker Date: Tue, 27 Jul 2021 09:51:01 -0600 Subject: [PATCH 2/2] chore: update CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 493381b0940..8a4a2b13caa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -66,7 +66,7 @@ This release adds an embedded SQLite database for storing metadata required by t 1. [21839](https://github.com/influxdata/influxdb/pull/21839): Fix display and parsing of `influxd upgrade` CLI prompts in PowerShell. 1. [21850](https://github.com/influxdata/influxdb/pull/21850): Systemd unit should block on startup until http endpoint is ready 1. [21925](https://github.com/influxdata/influxdb/pull/21925): Upgrade to golang-jwt 3.2.1. -1. [XXXXX](https://github.com/influxdata/influxdb/pull/XXXXX): Invalid requests to /api/v2 subroutes now return 404 instead of a list of links. +1. [21950](https://github.com/influxdata/influxdb/pull/21950): Invalid requests to /api/v2 subroutes now return 404 instead of a list of links. ## v2.0.7 [2021-06-04]