PluralKit/services/api/src/middleware/ignore_invalid_routes.rs

use axum::{
    extract::MatchedPath,
    http::{Request, StatusCode},
    middleware::Next,
    response::{IntoResponse, Response},
};

use crate::util::header_or_unknown;

fn is_trying_to_use_v1_path_on_v2(path: &str) -> bool {
    path.starts_with("/v2/s/")
        || path.starts_with("/v2/m/")
        || path.starts_with("/v2/a/")
        || path.starts_with("/v2/msg/")
        || path == "/v2/s"
        || path == "/v2/m"
}

pub async fn ignore_invalid_routes<B>(request: Request<B>, next: Next<B>) -> Response {
    let path = request
        .extensions()
        .get::<MatchedPath>()
        .cloned()
        .map(|v| v.as_str().to_string())
        .unwrap_or("unknown".to_string());
    let user_agent = header_or_unknown(request.headers().get("User-Agent"));

    if request.uri().path().starts_with("/v1") {
        (
            StatusCode::GONE,
            r#"{"message":"Unsupported API version","code":0}"#,
        )
            .into_response()
    } else if is_trying_to_use_v1_path_on_v2(request.uri().path()) {
        (
            StatusCode::BAD_REQUEST,
            r#"{"message":"Invalid path for API version","code":0}"#,
        )
            .into_response()
    }
    // we ignored v1 routes earlier, now let's ignore all non-v2 routes
    else if !request.uri().clone().path().starts_with("/v2") {
        return (
            StatusCode::BAD_REQUEST,
            r#"{"message":"Unsupported API version","code":0}"#,
        )
            .into_response();
    } else if path == "unknown" {
        // current prod api responds with 404 with empty body to invalid endpoints
        // just doing that here as well but i'm not sure if it's the correct behaviour
        return StatusCode::NOT_FOUND.into_response();
    }
    // yes, technically because of how we parse headers this will break for user-agents literally set to "unknown"
    // but "unknown" isn't really a valid user-agent
    else if user_agent == "unknown" {
        // please set a valid user-agent
        return StatusCode::FORBIDDEN.into_response();
    } else {
        next.run(request).await
    }
}
feat(api): init rust rewrite 2023-02-16 00:27:36 +00:00			`use axum::{`
			`extract::MatchedPath,`
			`http::{Request, StatusCode},`
			`middleware::Next,`
			`response::{IntoResponse, Response},`
			`};`

			`use crate::util::header_or_unknown;`

			`fn is_trying_to_use_v1_path_on_v2(path: &str) -> bool {`
			`path.starts_with("/v2/s/")`
			`\|\| path.starts_with("/v2/m/")`
			`\|\| path.starts_with("/v2/a/")`
			`\|\| path.starts_with("/v2/msg/")`
			`\|\| path == "/v2/s"`
			`\|\| path == "/v2/m"`
			`}`

			`pub async fn ignore_invalid_routes<B>(request: Request<B>, next: Next<B>) -> Response {`
			`let path = request`
			`.extensions()`
			`.get::<MatchedPath>()`
			`.cloned()`
			`.map(\|v\| v.as_str().to_string())`
			`.unwrap_or("unknown".to_string());`
			`let user_agent = header_or_unknown(request.headers().get("User-Agent"));`

			`if request.uri().path().starts_with("/v1") {`
			`(`
			`StatusCode::GONE,`
			`r#"{"message":"Unsupported API version","code":0}"#,`
			`)`
			`.into_response()`
			`} else if is_trying_to_use_v1_path_on_v2(request.uri().path()) {`
			`(`
			`StatusCode::BAD_REQUEST,`
			`r#"{"message":"Invalid path for API version","code":0}"#,`
			`)`
			`.into_response()`
			`}`
			`// we ignored v1 routes earlier, now let's ignore all non-v2 routes`
			`else if !request.uri().clone().path().starts_with("/v2") {`
			`return (`
			`StatusCode::BAD_REQUEST,`
			`r#"{"message":"Unsupported API version","code":0}"#,`
			`)`
			`.into_response();`
			`} else if path == "unknown" {`
			`// current prod api responds with 404 with empty body to invalid endpoints`
			`// just doing that here as well but i'm not sure if it's the correct behaviour`
			`return StatusCode::NOT_FOUND.into_response();`
			`}`
			`// yes, technically because of how we parse headers this will break for user-agents literally set to "unknown"`
			`// but "unknown" isn't really a valid user-agent`
			`else if user_agent == "unknown" {`
			`// please set a valid user-agent`
			`return StatusCode::FORBIDDEN.into_response();`
			`} else {`
			`next.run(request).await`
			`}`
			`}`