From f3f44895a56f006e82315cbf9d07085d546ac343 Mon Sep 17 00:00:00 2001 From: Francesco Noacco Date: Tue, 1 Aug 2023 19:09:27 +0200 Subject: [PATCH] fix(api)!: only accept json content 1. Clients can not send urlencoded/multipart requests. BREAKING CHANGE: this means that eg an appengine request on the endpoint `interface_values_path POST /v1/:realm_name/devices/:device_id/interfaces/:interface/*path_token` which previously _could_ be successful with an urlencoded body of `data=2` will not be successful anymore. 2. Remove `pass: ["*/*"]` From the [Plug.Parsers documentation](https://hexdocs.pm/plug/Plug.Parsers.html), "This plug will raise Plug.Parsers.UnsupportedMediaTypeError by default if the request cannot be parsed by any of the given types and the MIME type has not been explicitly accepted with the :pass option". I believe this to be the desired behavior, as the application should return error code 415 if it is not parsable by one of the specified parsers. Signed-off-by: Francesco Noacco --- CHANGELOG.md | 3 +++ .../lib/astarte_appengine_api_web/endpoint.ex | 5 ++--- .../lib/astarte_housekeeping_api_web/endpoint.ex | 5 ++--- .../lib/astarte_pairing_api_web/endpoint.ex | 5 ++--- .../lib/astarte_realm_management_api_web/endpoint.ex | 5 ++--- 5 files changed, 11 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d32d4545..1d153dc79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Changed - Forward port changes from release 1.1. +### Fixed +- [all] API now only accepts json requests + ## [1.1.0] - 2023-06-20 ### Fixed - [astarte_trigger_engine] Allow to decode events that do not contain the diff --git a/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex b/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex index 73560a08e..cfff0ae47 100644 --- a/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex +++ b/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex @@ -1,7 +1,7 @@ # # This file is part of Astarte. # -# Copyright 2017 Ispirata Srl +# Copyright 2017-2023 SECO Mind Srl # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,8 +44,7 @@ defmodule Astarte.AppEngine.APIWeb.Endpoint do plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint] plug Plug.Parsers, - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], + parsers: [:json], json_decoder: Phoenix.json_library() plug Plug.MethodOverride diff --git a/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex b/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex index 9c9239d5f..2031fd78c 100644 --- a/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex +++ b/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex @@ -1,7 +1,7 @@ # # This file is part of Astarte. # -# Copyright 2017 Ispirata Srl +# Copyright 2017-2023 SECO Mind Srl # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,8 +45,7 @@ defmodule Astarte.Housekeeping.APIWeb.Endpoint do plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint] plug Plug.Parsers, - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], + parsers: [:json], json_decoder: Phoenix.json_library() plug Plug.MethodOverride diff --git a/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex b/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex index b108fc382..7f14f8467 100644 --- a/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex +++ b/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex @@ -1,7 +1,7 @@ # # This file is part of Astarte. # -# Copyright 2017 Ispirata Srl +# Copyright 2017-2023 SECO Mind Srl # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,8 +47,7 @@ defmodule Astarte.Pairing.APIWeb.Endpoint do plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint] plug Plug.Parsers, - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], + parsers: [:json], json_decoder: Phoenix.json_library() plug Plug.MethodOverride diff --git a/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex b/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex index fc082598b..e2498531f 100644 --- a/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex +++ b/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex @@ -1,7 +1,7 @@ # # This file is part of Astarte. # -# Copyright 2017 Ispirata Srl +# Copyright 2017-2023 SECO Mind Srl # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,8 +45,7 @@ defmodule Astarte.RealmManagement.APIWeb.Endpoint do plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint] plug Plug.Parsers, - parsers: [:urlencoded, :multipart, :json], - pass: ["*/*"], + parsers: [:json], json_decoder: Phoenix.json_library() plug Plug.MethodOverride