feat(api): add method whitelist

pkg/api/router.go

@@ -23,6 +23,7 @@ func NewRouter(conf *config.Config) *http.ServeMux {
 		var handler http.Handler
 
 		handler = route.HandlerFunc(conf)
+		handler = middleware.Method(handler, route.Methods)
 		handler = middleware.Cors(handler)
 		handler = middleware.Logger(handler)
 		handler = middleware.Tracing(nextRequestID)(handler)

pkg/api/routes.go

@@ -11,7 +11,7 @@ type HandlerFunc func(conf *config.Config) http.Handler
 
 // Route is the structure of an HTTP route definition
 type Route struct {
-	Method      string
+	Methods     []string
 	Path        string
 	HandlerFunc HandlerFunc
 }
@@ -21,17 +21,17 @@ type Routes []Route
 
 var routes = Routes{
 	Route{
-		"GET",
+		[]string{"GET", "POST"},
 		"/",
 		index,
 	},
 	Route{
-		"GET",
+		[]string{"GET"},
 		"/healtz",
 		healthz,
 	},
 	Route{
-		"GET",
+		[]string{"GET"},
 		"/varz",
 		varz,
 	},

pkg/middleware/method.go

@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+// Method is a middleware to check that the request use the correct HTTP method
+func Method(inner http.Handler, methods []string) http.Handler {
+	allowedMethods := make(map[string]struct{}, len(methods))
+	for _, s := range methods {
+		allowedMethods[s] = struct{}{}
+	}
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if _, ok := allowedMethods[r.Method]; ok {
+			inner.ServeHTTP(w, r)
+			return
+		}
+		w.WriteHeader(405)
+		w.Write([]byte("405 Method Not Allowed\n"))
+		return
+	})
+}