coolaj86
/
goldilocks.js
1
0
Fork 1
Code Issues Pull Requests Releases Activity

moved where invalid method request are rejected

This commit is contained in:
tigerbot 2017-06-20 16:29:07 -06:00
parent e901f1679b
commit 4a6d21f0b5
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
packages/apis/com.daplie.goldilocks/index.js
View File

@ -31,15 +31,23 @@ module.exports.create = function (deps, conf) {
res.setHeader('Access-Control-Allow-Methods', methods.join(', ')); res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
if (req.method.toUpperCase() !== 'OPTIONS') { if (req.method.toUpperCase() === 'OPTIONS') {
return false;
}
res.setHeader('Allow', methods.join(', ')); res.setHeader('Allow', methods.join(', '));
res.end(); res.end();
return true; return true;
} }
if (methods.indexOf('*') >= 0) {
return false;
}
if (methods.indexOf(req.method.toUpperCase()) < 0) {
res.statusCode = 405;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed', code: 'EBADMETHOD'}}));
return true;
}
}
function isAuthorized(req, res, fn) { function isAuthorized(req, res, fn) {
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
if (!auth) { if (!auth) {
@ -143,12 +151,6 @@ module.exports.create = function (deps, conf) {
if (handleCors(req, res, 'POST')) { if (handleCors(req, res, 'POST')) {
return; return;
} }
if (req.method !== 'POST') {
res.statusCode = 405;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed'}}));
return;
}
jsonParser(req, res, function () { jsonParser(req, res, function () {