Check Content-Type on all API queries

tailhook · Jul 9, 2018 · e4aa2e4 · e4aa2e4
1 parent e7eda0f
commit e4aa2e4
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 9 deletions.
diff --git a/src/daemon/frontend/mod.rs b/src/daemon/frontend/mod.rs
@@ -74,6 +74,9 @@ impl<S: AsyncWrite + Send + 'static> DispatcherTrait<S> for Dispatcher {
             NotFound => {
                 serve_error_page(Status::NotFound)
             }
+            BadContentType => {
+                serve_error_page(Status::UnsupportedMediaType)
+            }
         }
     }
 }
diff --git a/src/daemon/frontend/routing.rs b/src/daemon/frontend/routing.rs
@@ -53,6 +53,7 @@ pub enum Route {
     Api(ApiRoute, Format),
     Log(LogRoute),
     NotFound,
+    BadContentType,
 }
 
 pub fn path_component(path: &str) -> (&str, &str) {
@@ -114,7 +115,7 @@ fn parse_log_route(path: &str) -> Option<LogRoute> {
     }
 }
 
-fn parse_api(path: &str) -> Option<Route> {
+fn parse_api(path: &str, content_type: Option<&[u8]>) -> Option<Route> {
     use self::Route::*;
     use self::ApiRoute::*;
     use self::Format::Plain;
@@ -136,8 +137,15 @@ fn parse_api(path: &str) -> Option<Route> {
                 None
             }
         }
-        ("action", "") => Some(Api(PushAction, api_suffix(path))),
-        ("wait_action", "") => Some(Api(WaitAction, api_suffix(path))),
+
+        ("action", "") if content_type == Some(b"application/json")
+            => Some(Api(PushAction, api_suffix(path))),
+        ("action", "") => Some(Route::BadContentType),
+
+        ("wait_action", "") if content_type == Some(b"application/json")
+            => Some(Api(WaitAction, api_suffix(path))),
+        ("wait_action", "") => Some(Route::BadContentType),
+
         ("force_render_all", "") => Some(Api(ForceRenderAll, Plain)),
         ("action_is_pending", tail) => {
             tail.parse().map(|x| {
@@ -146,11 +154,13 @@ fn parse_api(path: &str) -> Option<Route> {
         }
         ("pending_actions", "") => Some(Api(PendingActions, api_suffix(path))),
         ("roles_data", "") => Some(Api(RolesData, api_suffix(path))),
-        ("query", tail) => {
-            Some(Api(Query(self::Query {
-                path: tail.to_string(),
-            }), api_suffix(path)))
-        }
+        ("query", tail) if content_type == Some(b"application/json")
+            => {
+                Some(Api(Query(self::Query {
+                    path: tail.to_string(),
+                }), api_suffix(path)))
+            }
+        ("query", _) => Some(Route::BadContentType),
         ("log", tail) => parse_log_route(tail).map(Log),
         _ => None,
     }
@@ -169,7 +179,16 @@ pub fn route(head: &Head) -> Route {
     };
     let route = match path_component(&path[..]) {
         ("", _) => Some(CommonIndex),
-        ("v1", suffix) => parse_api(suffix),
+        ("v1", suffix) => {
+            let mut content_type = None;
+            for (name, value) in head.headers() {
+                if name.eq_ignore_ascii_case("Content-Type") {
+                    content_type = Some(value);
+                    break;
+                }
+            }
+            parse_api(suffix, content_type)
+        }
         (dir, suffix) if dir.starts_with("~") => {
             if !validate_path(&path[2..]) {
                 // TODO(tailhook) implement 400