fix(swagger): only GET requests should be responded

shanbay · Sep 5, 2023 · 98157f4 · 98157f4
1 parent f8e9963
commit 98157f4
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 1 deletion.
diff --git a/echo/swagger/swagger.go b/echo/swagger/swagger.go
@@ -78,7 +78,7 @@ func SwaggerDoc(basePath string, swaggerJson []byte, opts ...Opts) echo.Middlewa
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 			path := c.Request().URL.Path
-			if path == docPath || path == config.SpecURL {
+			if (path == docPath || path == config.SpecURL) && c.Request().Method == http.MethodGet {
 				if config.Authorizer != nil {
 					if !config.Authorizer(c.Request()) {
 						return c.String(403, "Forbidden")

diff --git a/echo/swagger/swagger_test.go b/echo/swagger/swagger_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
 )
 
 func Test_swagger_doc(t *testing.T) {
@@ -62,4 +63,32 @@ func Test_swagger_doc(t *testing.T) {
   ],`) {
 		t.Errorf("Wrong response %v", respString)
 	}
+
+	// OPTIONS with CORS mw
+	// will return 204 with CORS headers, and the body should be empty
+	req, _ = http.NewRequest("OPTIONS", "/gordon/apidocs", nil)
+	req.Header.Set(echo.HeaderAccessControlRequestMethod, "GET")
+	req.Header.Set(echo.HeaderOrigin, "https://example.com")
+	mw = SwaggerDoc("/gordon", []byte{})
+	e = echo.New()
+	e.Pre(mw) // will be skipped and call `next(c)`
+	e.Pre(middleware.CORS())
+	handler = e.Server.Handler
+	recorder = httptest.NewRecorder()
+	handler.ServeHTTP(recorder, req)
+	if recorder.Code != 204 {
+		t.Errorf("Wrong swagger resp code: %v, want: 204 ", recorder.Code)
+	}
+	for key, h := range recorder.Header() {
+		println(key)
+		for _, v := range h {
+			println(v)
+		}
+	}
+	if !strings.Contains(recorder.Header().Get("Access-Control-Allow-Origin"), "*") {
+		t.Errorf("Wrong response %v", recorder.Header().Get("Access-Control-Allow-Origin"))
+	}
+	if recorder.Body.String() != "" {
+		t.Errorf("Wrong response %v", recorder.Body.String())
+	}	
 }
diff --git a/go.mod b/go.mod
@@ -71,6 +71,7 @@ require (
 	github.com/go-redsync/redsync/v4 v4.0.4 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gobuffalo/here v0.6.0 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/snappy v0.0.2 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
@@ -130,6 +131,7 @@ require (
 	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/sys v0.2.0 // indirect
 	golang.org/x/text v0.4.0 // indirect
+	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
 	golang.org/x/tools v0.3.1-0.20221202221704-aa9f4b2f3d57 // indirect
 	google.golang.org/api v0.39.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

diff --git a/go.sum b/go.sum
@@ -222,6 +222,7 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -925,6 +926,7 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=