[couchdb] branch main updated: fix(mango): GET invalid path under `_index` should not cause 500

[vatamane]

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb.git


The following commit(s) were added to refs/heads/main by this push:
     new c1195e43c fix(mango): GET invalid path under `_index` should not cause 
500
c1195e43c is described below

commit c1195e43c0b55f99892bb5d6b593de178499b969
Author: Gabor Pali <gabor.p...@ibm.com>
AuthorDate: Thu Apr 6 12:30:22 2023 +0200

    fix(mango): GET invalid path under `_index` should not cause 500
    
    Sending GET requests targeting paths under the `/{db}/_index`
    endpoint, e.g. `/{db}/_index/something`, cause an internal error.
    Change the endpoint's behavior to gracefully return HTTP 405
    "Method Not Allowed" instead to be consistent with others.
---
 src/mango/src/mango_httpd.erl        | 6 +++---
 src/mango/test/01-index-crud-test.py | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/mango/src/mango_httpd.erl b/src/mango/src/mango_httpd.erl
index 3e58288da..935cf5890 100644
--- a/src/mango/src/mango_httpd.erl
+++ b/src/mango/src/mango_httpd.erl
@@ -107,8 +107,6 @@ handle_index_req(#httpd{method = 'POST', path_parts = [_, 
_]} = Req, Db) ->
                 end
         end,
     chttpd:send_json(Req, {[{result, Status}, {id, Id}, {name, Name}]});
-handle_index_req(#httpd{path_parts = [_, _]} = Req, _Db) ->
-    chttpd:send_method_not_allowed(Req, "GET,POST");
 %% Essentially we just iterate through the list of ddoc ids passed in and
 %% delete one by one. If an error occurs, all previous documents will be
 %% deleted, but an error will be thrown for the current ddoc id.
@@ -189,7 +187,9 @@ handle_index_req(
             ?MANGO_ERROR({error_saving_ddoc, Error})
     end;
 handle_index_req(#httpd{path_parts = [_, _, _DDocId0, _Type, _Name]} = Req, 
_Db) ->
-    chttpd:send_method_not_allowed(Req, "DELETE").
+    chttpd:send_method_not_allowed(Req, "DELETE");
+handle_index_req(#httpd{path_parts = [_, _ | _]} = Req, _Db) ->
+    chttpd:send_method_not_allowed(Req, "GET,POST").
 
 handle_explain_req(#httpd{method = 'POST'} = Req, Db) ->
     chttpd:validate_ctype(Req, "application/json"),
diff --git a/src/mango/test/01-index-crud-test.py 
b/src/mango/test/01-index-crud-test.py
index dd70e7eea..e85e1d8ea 100644
--- a/src/mango/test/01-index-crud-test.py
+++ b/src/mango/test/01-index-crud-test.py
@@ -88,6 +88,10 @@ class IndexCrudTests(mango.DbPerClass):
             else:
                 raise AssertionError("bad create index")
 
+    def test_bad_url(self):
+        r = self.db.sess.get(self.db.path("_index/foo"))
+        self.assertEqual(r.status_code, 405)
+
     def test_create_idx_01(self):
         fields = ["foo", "bar"]
         ret = self.db.create_index(fields, name="idx_01")