From 4fbafc35fe0f83935eac819f53293e287da50882 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Wed, 13 Sep 2017 11:08:11 +0100 Subject: [PATCH] Specify HTTP methods for public APIs (#226) * Specify HTTP methods for the client API * Specify HTTP methods for the federation API * Specify HTTP methods for the media API * Specify HTTP methods for the sync API --- .../dendrite/clientapi/routing/routing.go | 46 +++++++++---------- .../dendrite/federationapi/routing/routing.go | 14 +++--- .../dendrite/mediaapi/routing/routing.go | 6 +-- .../dendrite/syncapi/routing/routing.go | 2 +- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go index 1620d6dfa..28284a277 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go @@ -64,7 +64,7 @@ func Setup( }}, } }), - ) + ).Methods("GET") r0mux := apiMux.PathPrefix(pathPrefixR0).Subrouter() unstableMux := apiMux.PathPrefix(pathPrefixUnstable).Subrouter() @@ -73,7 +73,7 @@ func Setup( common.MakeAuthAPI("createRoom", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { return writers.CreateRoom(req, device, cfg, producer, accountDB) }), - ) + ).Methods("POST", "OPTIONS") r0mux.Handle("/join/{roomIDOrAlias}", common.MakeAuthAPI("join", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) @@ -81,7 +81,7 @@ func Setup( req, device, vars["roomIDOrAlias"], cfg, federation, producer, queryAPI, aliasAPI, keyRing, accountDB, ) }), - ) + ).Methods("POST", "OPTIONS") r0mux.Handle("/rooms/{roomID}/{membership:(?:join|kick|ban|unban|leave|invite)}", common.MakeAuthAPI("membership", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) @@ -93,7 +93,7 @@ func Setup( vars := mux.Vars(req) return writers.SendEvent(req, device, vars["roomID"], vars["eventType"], vars["txnID"], nil, cfg, queryAPI, producer) }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/rooms/{roomID}/state/{eventType:[^/]+/?}", common.MakeAuthAPI("send_message", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) @@ -105,18 +105,18 @@ func Setup( } return writers.SendEvent(req, device, vars["roomID"], eventType, "", &emptyString, cfg, queryAPI, producer) }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/rooms/{roomID}/state/{eventType}/{stateKey}", common.MakeAuthAPI("send_message", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) stateKey := vars["stateKey"] return writers.SendEvent(req, device, vars["roomID"], vars["eventType"], "", &stateKey, cfg, queryAPI, producer) }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/register", common.MakeAPI("register", func(req *http.Request) util.JSONResponse { return writers.Register(req, accountDB, deviceDB) - })) + })).Methods("POST", "OPTIONS") r0mux.Handle("/directory/room/{roomAlias}", common.MakeAuthAPI("directory_room", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { @@ -143,7 +143,7 @@ func Setup( common.MakeAuthAPI("logout", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { return readers.Logout(req, deviceDB, device) }), - ) + ).Methods("POST", "OPTIONS") // Stub endpoints required by Riot @@ -151,7 +151,7 @@ func Setup( common.MakeAPI("login", func(req *http.Request) util.JSONResponse { return readers.Login(req, accountDB, deviceDB, cfg) }), - ) + ).Methods("POST", "OPTIONS") r0mux.Handle("/pushrules/", common.MakeAPI("push_rules", func(req *http.Request) util.JSONResponse { @@ -170,7 +170,7 @@ func Setup( JSON: &res, } }), - ) + ).Methods("GET") r0mux.Handle("/user/{userID}/filter", common.MakeAPI("make_filter", func(req *http.Request) util.JSONResponse { @@ -180,7 +180,7 @@ func Setup( JSON: struct{}{}, } }), - ) + ).Methods("POST", "OPTIONS") r0mux.Handle("/user/{userID}/filter/{filterID}", common.MakeAPI("filter", func(req *http.Request) util.JSONResponse { @@ -190,7 +190,7 @@ func Setup( JSON: struct{}{}, } }), - ) + ).Methods("GET") // Riot user settings @@ -199,7 +199,7 @@ func Setup( vars := mux.Vars(req) return readers.GetProfile(req, accountDB, vars["userID"]) }), - ) + ).Methods("GET") r0mux.Handle("/profile/{userID}/avatar_url", common.MakeAPI("profile_avatar_url", func(req *http.Request) util.JSONResponse { @@ -266,7 +266,7 @@ func Setup( JSON: struct{}{}, } }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/voip/turnServer", common.MakeAPI("turn_server", func(req *http.Request) util.JSONResponse { @@ -276,7 +276,7 @@ func Setup( JSON: struct{}{}, } }), - ) + ).Methods("GET") unstableMux.Handle("/thirdparty/protocols", common.MakeAPI("thirdparty_protocols", func(req *http.Request) util.JSONResponse { @@ -286,7 +286,7 @@ func Setup( JSON: struct{}{}, } }), - ) + ).Methods("GET") r0mux.Handle("/rooms/{roomID}/initialSync", common.MakeAPI("rooms_initial_sync", func(req *http.Request) util.JSONResponse { @@ -296,47 +296,47 @@ func Setup( JSON: jsonerror.GuestAccessForbidden("Guest access not implemented"), } }), - ) + ).Methods("GET") r0mux.Handle("/user/{userID}/account_data/{type}", common.MakeAuthAPI("user_account_data", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) return readers.SaveAccountData(req, accountDB, device, vars["userID"], "", vars["type"], syncProducer) }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/user/{userID}/rooms/{roomID}/account_data/{type}", common.MakeAuthAPI("user_account_data", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) return readers.SaveAccountData(req, accountDB, device, vars["userID"], vars["roomID"], vars["type"], syncProducer) }), - ) + ).Methods("PUT", "OPTIONS") r0mux.Handle("/rooms/{roomID}/members", common.MakeAuthAPI("rooms_members", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) return readers.GetMemberships(req, device, vars["roomID"], false, cfg, queryAPI) }), - ) + ).Methods("GET") r0mux.Handle("/rooms/{roomID}/joined_members", common.MakeAuthAPI("rooms_members", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) return readers.GetMemberships(req, device, vars["roomID"], true, cfg, queryAPI) }), - ) + ).Methods("GET") r0mux.Handle("/rooms/{roomID}/read_markers", common.MakeAPI("rooms_read_markers", func(req *http.Request) util.JSONResponse { // TODO: return the read_markers. return util.JSONResponse{Code: 200, JSON: struct{}{}} }), - ) + ).Methods("POST", "OPTIONS") r0mux.Handle("/rooms/{roomID}/typing/{userID}", common.MakeAPI("rooms_typing", func(req *http.Request) util.JSONResponse { // TODO: handling typing return util.JSONResponse{Code: 200, JSON: struct{}{}} }), - ) + ).Methods("PUT", "OPTIONS") } diff --git a/src/github.com/matrix-org/dendrite/federationapi/routing/routing.go b/src/github.com/matrix-org/dendrite/federationapi/routing/routing.go index 4d79fa6c8..b3f6bda6a 100644 --- a/src/github.com/matrix-org/dendrite/federationapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/federationapi/routing/routing.go @@ -54,8 +54,8 @@ func Setup( // return that key. // Even if we had more than one server key, we would probably still ignore the // {keyID} argument and always return a response containing all of the keys. - v2keysmux.Handle("/server/{keyID}", localKeys) - v2keysmux.Handle("/server/", localKeys) + v2keysmux.Handle("/server/{keyID}", localKeys).Methods("GET") + v2keysmux.Handle("/server/", localKeys).Methods("GET") v1fedmux.Handle("/send/{txnID}/", common.MakeFedAPI( "federation_send", cfg.Matrix.ServerName, keys, @@ -66,7 +66,7 @@ func Setup( cfg, query, producer, keys, federation, ) }, - )) + )).Methods("PUT", "OPTIONS") v1fedmux.Handle("/invite/{roomID}/{eventID}", common.MakeFedAPI( "federation_invite", cfg.Matrix.ServerName, keys, @@ -77,13 +77,13 @@ func Setup( cfg, producer, keys, ) }, - )) + )).Methods("PUT", "OPTIONS") v1fedmux.Handle("/3pid/onbind", common.MakeAPI("3pid_onbind", func(req *http.Request) util.JSONResponse { return writers.CreateInvitesFrom3PIDInvites(req, query, cfg, producer, federation) }, - )) + )).Methods("POST", "OPTIONS") v1fedmux.Handle("/exchange_third_party_invite/{roomID}", common.MakeFedAPI( "exchange_third_party_invite", cfg.Matrix.ServerName, keys, @@ -93,7 +93,7 @@ func Setup( httpReq, request, vars["roomID"], query, cfg, federation, producer, ) }, - )) + )).Methods("PUT", "OPTIONS") v1fedmux.Handle("/event/{eventID}", common.MakeFedAPI( "federation_get_event", cfg.Matrix.ServerName, keys, @@ -103,5 +103,5 @@ func Setup( request, cfg, query, time.Now(), keys, vars["eventID"], ) }, - )) + )).Methods("GET") } diff --git a/src/github.com/matrix-org/dendrite/mediaapi/routing/routing.go b/src/github.com/matrix-org/dendrite/mediaapi/routing/routing.go index 9243c9123..85a40362a 100644 --- a/src/github.com/matrix-org/dendrite/mediaapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/mediaapi/routing/routing.go @@ -41,17 +41,17 @@ func Setup(apiMux *mux.Router, cfg *config.Dendrite, db *storage.Database) { // FIXME: /upload should use common.MakeAuthAPI() r0mux.Handle("/upload", common.MakeAPI("upload", func(req *http.Request) util.JSONResponse { return writers.Upload(req, cfg, db, activeThumbnailGeneration) - })) + })).Methods("POST", "OPTIONS") activeRemoteRequests := &types.ActiveRemoteRequests{ MXCToResult: map[string]*types.RemoteRequestResult{}, } r0mux.Handle("/download/{serverName}/{mediaId}", makeDownloadAPI("download", cfg, db, activeRemoteRequests, activeThumbnailGeneration), - ) + ).Methods("GET") r0mux.Handle("/thumbnail/{serverName}/{mediaId}", makeDownloadAPI("thumbnail", cfg, db, activeRemoteRequests, activeThumbnailGeneration), - ) + ).Methods("GET") } func makeDownloadAPI(name string, cfg *config.Dendrite, db *storage.Database, activeRemoteRequests *types.ActiveRemoteRequests, activeThumbnailGeneration *types.ActiveThumbnailGeneration) http.HandlerFunc { diff --git a/src/github.com/matrix-org/dendrite/syncapi/routing/routing.go b/src/github.com/matrix-org/dendrite/syncapi/routing/routing.go index 6eaa6b2d6..e95a7a250 100644 --- a/src/github.com/matrix-org/dendrite/syncapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/syncapi/routing/routing.go @@ -32,5 +32,5 @@ func Setup(apiMux *mux.Router, srp *sync.RequestPool, deviceDB *devices.Database r0mux := apiMux.PathPrefix(pathPrefixR0).Subrouter() r0mux.Handle("/sync", common.MakeAuthAPI("sync", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { return srp.OnIncomingSyncRequest(req, device) - })) + })).Methods("GET") }