liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(api, docs): send HTTP 400 on empty User-Agent, update docs

Browse Source
This commit is contained in:
Iris System 2023-02-27 09:34:48 +13:00
parent b2c61e3e8e
commit 5e60dec6ec
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/content/api/errors.md
View File

@ -31,8 +31,9 @@ When something goes wrong, the API will send back a 4xx HTTP status code, along
|code|HTTP response code|meaning| |code|HTTP response code|meaning|
|---|---|---| |---|---|---|
|0|500|Internal server error, try again later| |0|500|Internal server error, try again later|
|0|400|Bad Request (usually invalid JSON)| |0|400|Invalid JSON, or invalid request format (check `error` key in the response body)|
|0|401|Missing or invalid Authorization header| |0|401|Missing or invalid Authorization header|
|0|403|Your access to the API is blocked - please contact us in the support server|
|20001|404|System not found.| |20001|404|System not found.|
|20002|404|Member not found.| |20002|404|Member not found.|
|20003|404|Member '{memberRef}' not found.| |20003|404|Member '{memberRef}' not found.|

7
docs/content/api/reference.md
View File

@ -21,7 +21,14 @@ For models that have them, the keys `id`, `uuid` and `created` are **not** user-
Endpoints taking JSON bodies (eg. most `PATCH` and `PUT` endpoints) require the `Content-Type: application/json` header set. Endpoints taking JSON bodies (eg. most `PATCH` and `PUT` endpoints) require the `Content-Type: application/json` header set.
## User agent
The API requires the `User-Agent` header to be set to a non-empty string. Not doing so will return a `400 Bad Request` with a JSON body.
If you are developing an application exposed to the public, we would appreciate if your `User-Agent` uniquely identifies your application, and (if possible) provides some contact information for the developers - so that we are able to contact you if we notice your application doing something it shouldn't.
## Authentication ## Authentication
Authentication is done with a simple "system token". You can get your system token by running `pk;token` using the Authentication is done with a simple "system token". You can get your system token by running `pk;token` using the
Discord bot, either in a channel with the bot or in DMs. Then, pass this token in the `Authorization` HTTP header Discord bot, either in a channel with the bot or in DMs. Then, pass this token in the `Authorization` HTTP header
on requests that require it. Failure to do so on endpoints that require authentication will return a `401 Unauthorized`. on requests that require it. Failure to do so on endpoints that require authentication will return a `401 Unauthorized`.

4
services/web-proxy/main.go
View File

@ -50,7 +50,9 @@ type ProxyHandler struct{}
func (p ProxyHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { func (p ProxyHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
if r.Header.Get("User-Agent") == "" { if r.Header.Get("User-Agent") == "" {
// please set a valid user-agent // please set a valid user-agent
rw.WriteHeader(403) rw.Header().Set("content-type", "application/json")
rw.WriteHeader(400)
rw.Write([]byte(`{"message":"A valid User-Agent header is required.","code":0}`))
return return
} }