REST API pattern match ordering problem

[timvisee]

Related to qdrant/qdrant-web-ui#158.

Current Behavior

We have middleware in our REST API for API key validation. For the read only API key, we have a list of POST endpoints we still allow reading from. Our scroll endpoint is a good example of this.

In the following lines we grab the pattern that matches a user request, and match it against the list of allowed read only patterns:

qdrant/src/actix/api_key.rs

Lines 161 to 164 in 524adc3

	Method::POST => req
	.match_pattern()
	.map(|pattern| READ_ONLY_POST_PATTERNS.iter().any(|pat| &pattern == pat))
	.unwrap_or_default(),

However, with some debugging I found out that matching patterns is giving us wrong results breaking our logic.

For example:

• POST /collections/benchmark/points/scroll
• matches: /collections/{name}/points/{id}
• but it should be: /collections/{name}/points/scroll

Steps to Reproduce

1. Set up a read only API key
2. Wrap the above lines in dbg!()
3. Send a scroll request
4. See debug output in your log, it shows the wrong pattern

Expected Behavior

Instead, it should show the correct match pattern.

Possible Solution

Maybe we can tweak the ordering of pattern matching to always match strict paths like /scroll first, and /{id} after.

Additional details

Fixes qdrant/qdrant-web-ui#158.