Skip to content

Add opt-in 405 Method Not Allowed responses #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
EduardoAC wants to merge 1 commit into
base: master
Choose a base branch
from
+89 −0
Open

Add opt-in 405 Method Not Allowed responses #191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ function Router (options) {

router.caseSensitive = opts.caseSensitive
router.mergeParams = opts.mergeParams
router.methodNotAllowed = opts.methodNotAllowed
router.params = {}
router.strict = opts.strict
router.stack = []
Expand Down Expand Up @@ -155,6 +156,7 @@ Router.prototype.handle = function handle (req, res, callback) {

let idx = 0
let methods
let methodNotAllowed
const protohost = getProtohost(req.url) || ''
let removed = ''
const self = this
Expand All @@ -179,6 +181,14 @@ Router.prototype.handle = function handle (req, res, callback) {
done = wrap(done, generateOptionsResponder(res, methods))
}

if (self.methodNotAllowed) {
methodNotAllowed = {
methods: [],
methodMatched: false
}
done = wrap(done, generateMethodNotAllowedResponder(req, res, methodNotAllowed))
}

// setup basic req values
req.baseUrl = parentUrl
req.originalUrl = req.originalUrl || req.url
Expand Down Expand Up @@ -260,11 +270,19 @@ Router.prototype.handle = function handle (req, res, callback) {
const method = req.method
const hasMethod = route._handlesMethod(method)

if (methodNotAllowed && hasMethod) {
methodNotAllowed.methodMatched = true
}

// build up automatic options response
if (!hasMethod && method === 'OPTIONS' && methods) {
methods.push.apply(methods, route._methods())
}

if (!hasMethod && methodNotAllowed && method !== 'OPTIONS') {
methodNotAllowed.methods.push.apply(methodNotAllowed.methods, route._methods())
}

// don't even bother matching route
if (!hasMethod && method !== 'HEAD') {
match = false
Expand Down Expand Up @@ -468,6 +486,25 @@ function generateOptionsResponder (res, methods) {
}
}

/**
* Generate a callback that will make a 405 response.
*
* @param {IncomingMessage} req
* @param {OutgoingMessage} res
* @param {object} methodNotAllowed
* @private
*/

function generateMethodNotAllowedResponder (req, res, methodNotAllowed) {
return function onDone (fn, err) {
if (err || methodNotAllowed.methodMatched || methodNotAllowed.methods.length === 0 || req.method === 'OPTIONS') {
return fn(err)
}

trySendMethodNotAllowedResponse(res, methodNotAllowed.methods, fn)
}
}

/**
* Get pathname of request.
*
Expand Down Expand Up @@ -689,6 +726,17 @@ function restore (fn, obj) {
}
}

/**
* Send a 405 response.
*
* @private
*/

function sendMethodNotAllowedResponse (res, methods) {
res.statusCode = 405
sendOptionsResponse(res, methods)
}

/**
* Send an OPTIONS response.
*
Expand Down Expand Up @@ -728,6 +776,20 @@ function trySendOptionsResponse (res, methods, next) {
}
}

/**
* Try to send a 405 response.
*
* @private
*/

function trySendMethodNotAllowedResponse (res, methods, next) {
try {
sendMethodNotAllowedResponse(res, methods)
} catch (err) {
next(err)
}
}

/**
* Wrap a function
*
Expand Down
27 changes: 27 additions & 0 deletions test/router.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,33 @@ describe('Router', function () {
})
})

describe('with "methodNotAllowed" option', function () {
it('should default to 404 for unsupported methods', function (done) {
const router = new Router()
const server = createServer(router)

router.get('/users', saw)
router.post('/users', saw)

request(server)
.put('/users')
.expect(404, done)
})

it('should respond with 405 and Allow header when enabled', function (done) {
const router = new Router({ methodNotAllowed: true })
const server = createServer(router)

router.get('/users', saw)
router.post('/users', saw)

request(server)
.put('/users')
.expect('Allow', 'GET, HEAD, POST')
.expect(405, done)
})
})

methods.slice().sort().forEach(function (method) {
if (method === 'connect') {
// CONNECT is tricky and supertest doesn't support it
Expand Down