From 647a0183626042f29834c3b4dd8dbba88a799c4c Mon Sep 17 00:00:00 2001
From: Kagami Sascha Rosylight <saschanaz@outlook.com>
Date: Mon, 27 Feb 2023 10:01:43 +0100
Subject: fix(backend): return HTTP 404 for any unknown api endpoint paths
 (#10130)

* fix(backend): return HTTP 400 for any invalid api endpoint paths

* 404
---
 packages/backend/src/server/api/ApiServerService.ts | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'packages/backend/src/server/api')

diff --git a/packages/backend/src/server/api/ApiServerService.ts b/packages/backend/src/server/api/ApiServerService.ts
index 2b99da01b6..501ce63877 100644
--- a/packages/backend/src/server/api/ApiServerService.ts
+++ b/packages/backend/src/server/api/ApiServerService.ts
@@ -79,7 +79,7 @@ export class ApiServerService {
 						reply.send();
 						return;
 					}
-		
+
 					this.apiCallService.handleMultipartRequest(ep, request, reply);
 				});
 			} else {
@@ -93,7 +93,7 @@ export class ApiServerService {
 						reply.send();
 						return;
 					}
-		
+
 					this.apiCallService.handleRequest(ep, request, reply);
 				});
 			}
@@ -160,6 +160,22 @@ export class ApiServerService {
 			}
 		});
 
+		// Make sure any unknown path under /api returns HTTP 404 Not Found,
+		// because otherwise ClientServerService will return the base client HTML
+		// page with HTTP 200.
+		fastify.get('*', (request, reply) => {
+			reply.code(404);
+			// Mock ApiCallService.send's error handling
+			reply.send({
+				error: {
+					message: 'Unknown API endpoint.',
+					code: 'UNKNOWN_API_ENDPOINT',
+					id: '2ca3b769-540a-4f08-9dd5-b5a825b6d0f1',
+					kind: 'client',
+				},
+			});
+		});
+
 		done();
 	}
 }
-- 
cgit v1.2.3-freya