MXS-1220: Return 403 Forbidden for invalid requests
The JSON API specification suggests that the API returns the 403 Forbidden error when the user does an invalid request. The 400 Bad Request isn't the ideal error for cases where the syntax is correct but the action being performed is wrong.
This commit is contained in:
Markus Mäkelä
@ -28,6 +28,10 @@ MXS_BEGIN_DECLS
|
||||
#define MXS_JSON_API_MONITORS "/monitors/"
|
||||
#define MXS_JSON_API_SESSIONS "/sessions/"
|
||||
#define MXS_JSON_API_MAXSCALE "/maxscale/"
|
||||
#define MXS_JSON_API_THREADS "/maxscale/threads/"
|
||||
#define MXS_JSON_API_LOGS "/maxscale/logs/"
|
||||
#define MXS_JSON_API_TASKS "/maxscale/tasks/"
|
||||
#define MXS_JSON_API_MODULES "/maxscale/modules/"
|
||||
|
||||
/**
|
||||
* @brief Create a JSON object
|
||||
|
||||
@ -18,6 +18,7 @@
|
||||
#include <maxscale/alloc.h>
|
||||
#include <maxscale/jansson.hh>
|
||||
#include <maxscale/spinlock.hh>
|
||||
#include <maxscale/json_api.h>
|
||||
|
||||
#include "maxscale/httprequest.hh"
|
||||
#include "maxscale/httpresponse.hh"
|
||||
@ -150,7 +151,7 @@ HttpResponse cb_create_server(const HttpRequest& request)
|
||||
}
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_alter_server(const HttpRequest& request)
|
||||
@ -167,7 +168,7 @@ HttpResponse cb_alter_server(const HttpRequest& request)
|
||||
}
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_create_monitor(const HttpRequest& request)
|
||||
@ -184,7 +185,7 @@ HttpResponse cb_create_monitor(const HttpRequest& request)
|
||||
}
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_alter_monitor(const HttpRequest& request)
|
||||
@ -201,7 +202,7 @@ HttpResponse cb_alter_monitor(const HttpRequest& request)
|
||||
}
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_alter_service(const HttpRequest& request)
|
||||
@ -218,7 +219,7 @@ HttpResponse cb_alter_service(const HttpRequest& request)
|
||||
}
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_delete_server(const HttpRequest& request)
|
||||
@ -230,7 +231,7 @@ HttpResponse cb_delete_server(const HttpRequest& request)
|
||||
return HttpResponse(MHD_HTTP_NO_CONTENT);
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_delete_monitor(const HttpRequest& request)
|
||||
@ -242,7 +243,7 @@ HttpResponse cb_delete_monitor(const HttpRequest& request)
|
||||
return HttpResponse(MHD_HTTP_NO_CONTENT);
|
||||
}
|
||||
|
||||
return HttpResponse(MHD_HTTP_BAD_REQUEST);
|
||||
return HttpResponse(MHD_HTTP_FORBIDDEN);
|
||||
}
|
||||
|
||||
HttpResponse cb_all_servers(const HttpRequest& request)
|
||||
@ -355,7 +356,7 @@ HttpResponse cb_maxscale(const HttpRequest& request)
|
||||
HttpResponse cb_logs(const HttpRequest& request)
|
||||
{
|
||||
// TODO: Show logs
|
||||
return HttpResponse(MHD_HTTP_OK);
|
||||
return HttpResponse(MHD_HTTP_OK, mxs_json_resource(request.host(), MXS_JSON_API_LOGS, json_null()));
|
||||
}
|
||||
|
||||
HttpResponse cb_flush(const HttpRequest& request)
|
||||
@ -363,7 +364,7 @@ HttpResponse cb_flush(const HttpRequest& request)
|
||||
// Flush logs
|
||||
if (mxs_log_rotate() == 0)
|
||||
{
|
||||
return HttpResponse(MHD_HTTP_OK);
|
||||
return HttpResponse(MHD_HTTP_NO_CONTENT);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -374,13 +375,13 @@ HttpResponse cb_flush(const HttpRequest& request)
|
||||
HttpResponse cb_threads(const HttpRequest& request)
|
||||
{
|
||||
// TODO: Show thread status
|
||||
return HttpResponse(MHD_HTTP_OK);
|
||||
return HttpResponse(MHD_HTTP_OK, mxs_json_resource(request.host(), MXS_JSON_API_THREADS, json_null()));
|
||||
}
|
||||
|
||||
HttpResponse cb_tasks(const HttpRequest& request)
|
||||
{
|
||||
// TODO: Show housekeeper tasks
|
||||
return HttpResponse(MHD_HTTP_OK);
|
||||
return HttpResponse(MHD_HTTP_OK, mxs_json_resource(request.host(), MXS_JSON_API_TASKS, json_null()));
|
||||
}
|
||||
|
||||
HttpResponse cb_all_modules(const HttpRequest& request)
|
||||
|
||||
@ -35,10 +35,15 @@ describe("Individual Resources", function() {
|
||||
"/servers/server1",
|
||||
"/servers/server2",
|
||||
"/services/RW-Split-Router",
|
||||
"/services/RW-Split-Router/listeners",
|
||||
"/monitors/MySQL-Monitor",
|
||||
"/filters/Hint",
|
||||
"/sessions/1",
|
||||
"/maxscale/",
|
||||
"maxscale/threads",
|
||||
"maxscale/logs",
|
||||
"maxscale/tasks",
|
||||
"maxscale/modules",
|
||||
]
|
||||
|
||||
tests.forEach(function(endpoint) {
|
||||
|
||||
Reference in New Issue
Block a user