Assert valid get formats in http api

Change-Id: I8c1f48404029a9bfcd2db863295c092c20799eb6
wikimedia · May 12, 2017 · 9542315 · 9542315
1 parent a30f094
commit 9542315
Showing 1 changed file with 15 additions and 13 deletions.
diff --git a/lib/api/routes.js b/lib/api/routes.js
@@ -59,12 +59,10 @@ module.exports = function(parsoidConfig, processLogger) {
 		'wikitext': 'plain',
 	}));
 
-	// NOTE: wt2wt here is not a transformation, it just fetches the page
-	// wikitext and is limited to GET requests.  The endpoint is used in
-	// roundtrip testing.
+	var validGets = new Set(['wikitext', 'html', 'pagebundle']);
 
 	var validTransforms = new Map(Object.entries({
-		'wikitext': ['wikitext', 'html', 'pagebundle'],
+		'wikitext': ['html', 'pagebundle'],
 		'html': ['wikitext'],
 		'pagebundle': ['wikitext', 'pagebundle'],
 	}));
@@ -83,15 +81,23 @@ module.exports = function(parsoidConfig, processLogger) {
 		);
 
 		var opts = Object.assign({
-			from: (req.method === 'POST') ? req.params.from : 'wikitext',
+			from: req.params.from,
 			format: req.params.format,
 		}, req.body);
 
 		res.locals.errorEnc = errorEncoding.get(opts.format) || 'plain';
 
-		var transforms = validTransforms.get(opts.from);
-		if (transforms === undefined || !transforms.includes(opts.format)) {
-			return errOut(res, 'Invalid transform: ' + opts.from + '/to/' + opts.format);
+		if (req.method === 'GET' || req.method === 'HEAD') {
+			if (!validGets.has(opts.format)) {
+				return errOut(res, 'Invalid page format: ' + opts.format);
+			}
+		} else if (req.method === 'POST') {
+			var transforms = validTransforms.get(opts.from);
+			if (transforms === undefined || !transforms.includes(opts.format)) {
+				return errOut(res, 'Invalid transform: ' + opts.from + '/to/' + opts.format);
+			}
+		} else {
+			return errOut(res, 'Request method not supported.');
 		}
 
 		var iwp = parsoidConfig.reverseMwApiMap.get(req.params.domain);
@@ -778,10 +784,6 @@ module.exports = function(parsoidConfig, processLogger) {
 		var env = res.locals.env;
 		var p;
 		if (opts.from === 'wikitext') {
-			// No use case for this yet ... we only accept it with GET above.
-			if (opts.format === 'wikitext') {
-				return apiUtils.fatalRequest(env, 'Invalid format', 400);
-			}
 			// Accept wikitext as a string or object{body,headers}
 			var wikitext = opts.wikitext;
 			if (typeof wikitext !== 'string' && opts.wikitext) {
@@ -796,7 +798,7 @@ module.exports = function(parsoidConfig, processLogger) {
 				return apiUtils.fatalRequest(env, 'No title or wikitext was provided.', 400);
 			}
 			p = wt2html(req, res, wikitext);
-		} else {  // from pagebundle
+		} else {
 			if (opts.format === 'wikitext') {
 				// html is required for serialization
 				if (opts.html === undefined) {