fix(admin) unsupported media type (415) error reported on issue #1182

[bungle]

Summary

Fixes issue when using empty body with supported content-types on POST / PUT / PATCH.

Issues resolved

Fix #1182

[bungle]

One note:

1. when using application/json content type
2. empty body

This results:

{
    "message": "Cannot parse JSON body"
}

Not sure though, should we allow this to go through as we do with multipart/form-data and application/x-www-form-urlencoded (they don't error on parsing errors).

[bungle]

This also contains (apart from added tests) fixes to 02-apis_routes_spec.lua which was bit strangely organized and was also flaky on my machine. The admin client is not happy to be reused on errors (it sometimes closes itself).

[thibaultcha]

👏

[thibaultcha]

It seems to me like the check done by ngx_lua to return this error is the one we are already making above, L.100? See: https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_socket_tcp.c#L4371-L4375

Maybe we don't need this check?

[bungle]

I think the first one checks client header and the other checks if there is no body even when the client didn't add content-length header. I may be wrong and have to recheck this. I assume client can set that header to say 1000, but still doesn't send body.

[bungle]

I rechecked this and test is needed.

[thibaultcha]

Hmmm, would you care to elaborate why? It seems to me that in our current code path (that is, not calling ngx.req.init_body(), not calling ngx_http_lua_create_fake_request, and not making a subrequest), the only place where content_length_n is set is: https://github.com/openresty/lua-nginx-module/blob/b122ed7ad2a6bf6f90d8d5c5939c0dd98a4ddbf7/src/ngx_http_lua_headers_in.c#L570 - in which case, the value is taken from the Content-Length header already. So when ngx.req.socket() returns "no body", it means it has did the same check as the one above, L.100 (actually, content_length_n <= 0).

Am I missing something?

[thibaultcha]

This and the /apis endpoint concern are the last "blockers" for me. But feel free to dismiss if I just said non-sense above ^

Apart from those 2 points, this is GTM 👍

[thibaultcha]

Should we maybe not include those tests as part of the /apis route test suite, considering our recent work on the model and the uncertain future of this test suite?

[thibaultcha]

Ping here as well - I would say this is concerning considering this endpoint (or its underlying implementation) may disappear soon?

[thibaultcha]

Are those tests duplicates of the above ones? Maybe the intent was to re-run them with PUT?

[bungle]

Yes, a copy-paste-bug. Pushed a new version.

[thibaultcha]

Curious: why not using client here?

[bungle]

Because the test generates 404 and it makes the client really flaky as you see it runs this it_content_types loop, so first time it works, but subsequently you start getting:

spec/02-integration/04-admin_api/02-apis_routes_spec.lua:263: closed

The client is really problematic, because you cannot really call :send multiple times without getting into issues. That's why. To make tests pass reliably.

[thibaultcha]

Ohh I see - hmmm

[thibaultcha]

When we are returning a 400 error here, I think a second assertion for the body should be added for explicitness, ensuring that it is a schema error from our DAO (and not a Lapis error or some other sort of error).

[thibaultcha]

Not sure though, should we allow this to go through as we do with multipart/form-data and application/x-www-form-urlencoded (they don't error on parsing errors).

Good point. I would tend to say this behavior (reporting an invalid JSON payload) is fine. After all, a client would encounter the same error if they attempted to send an invalid JSON payload ({"hello":"world"), and it seems logical that the same error happen in both cases I think.