feat(api): add method whitelist

2025-04-06 19:21:51 +00:00 · 2019-01-07 10:37:13 +00:00 · 2019-01-07 10:37:13 +00:00 · d11da6fa54
commit d11da6fa54
parent 682b265d3e
3 changed files with 28 additions and 4 deletions
--- a/pkg/api/router.go
+++ b/pkg/api/router.go
@ -23,6 +23,7 @@ func NewRouter(conf *config.Config) *http.ServeMux {
 		var handler http.Handler

 		handler = route.HandlerFunc(conf)
+		handler = middleware.Method(handler, route.Methods)
 		handler = middleware.Cors(handler)
 		handler = middleware.Logger(handler)
 		handler = middleware.Tracing(nextRequestID)(handler)
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@ -11,7 +11,7 @@ type HandlerFunc func(conf *config.Config) http.Handler

 // Route is the structure of an HTTP route definition
 type Route struct {
-	Method      string
+	Methods     []string
 	Path        string
 	HandlerFunc HandlerFunc
 }
@ -21,17 +21,17 @@ type Routes []Route

 var routes = Routes{
 	Route{
-		"GET",
+		[]string{"GET", "POST"},
 		"/",
 		index,
 	},
 	Route{
-		"GET",
+		[]string{"GET"},
 		"/healtz",
 		healthz,
 	},
 	Route{
-		"GET",
+		[]string{"GET"},
 		"/varz",
 		varz,
 	},
--- a/pkg/middleware/method.go
+++ b/pkg/middleware/method.go
@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+// Method is a middleware to check that the request use the correct HTTP method
+func Method(inner http.Handler, methods []string) http.Handler {
+	allowedMethods := make(map[string]struct{}, len(methods))
+	for _, s := range methods {
+		allowedMethods[s] = struct{}{}
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if _, ok := allowedMethods[r.Method]; ok {
+			inner.ServeHTTP(w, r)
+			return
+		}
+		w.WriteHeader(405)
+		w.Write([]byte("405 Method Not Allowed\n"))
+		return
+	})
+}