make PUT requests actually work

2025-03-13 21:12:55 -04:00 · 2022-12-24 15:34:27 -05:00 · 2022-12-24 15:34:27 -05:00 · 6c90077ff1
commit 6c90077ff1
parent c02fc6f439
3 changed files with 15 additions and 7 deletions
--- a/server/src/web/mod.rs
+++ b/server/src/web/mod.rs
@ -24,7 +24,6 @@ use db::{auth, recording};
 use failure::{format_err, Error};
 use fnv::FnvHashMap;
 use http::header::{self, HeaderValue};
-use http::method::Method;
 use http::{status::StatusCode, Request, Response};
 use http_serve::dir::FsDir;
 use hyper::body::Bytes;
@ -140,9 +139,6 @@ fn extract_sid(req: &Request<hyper::Body>) -> Option<auth::RawSessionId> {
 /// deserialization. Keeping the bytes allows the caller to use a `Deserialize`
 /// that borrows from the bytes.
 async fn extract_json_body(req: &mut Request<hyper::Body>) -> Result<Bytes, HttpError> {
-    if *req.method() != Method::POST {
-        return Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into());
-    }
    let correct_mime_type = match req.headers().get(header::CONTENT_TYPE) {
        Some(t) if t == "application/json" => true,
        Some(t) if t == "application/json; charset=UTF-8" => true,
--- a/server/src/web/session.rs
+++ b/server/src/web/session.rs
@ -5,7 +5,7 @@
 //! Session management: `/api/login` and `/api/logout`.

 use db::auth;
-use http::{header, HeaderValue, Request, Response, StatusCode};
+use http::{header, HeaderValue, Method, Request, Response, StatusCode};
 use log::{info, warn};
 use memchr::memchr;

@ -19,6 +19,9 @@ use std::convert::TryFrom;

 impl Service {
    pub(super) async fn login(&self, mut req: Request<::hyper::Body>) -> ResponseResult {
+        if *req.method() != Method::POST {
+            return Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into());
+        }
        let r = extract_json_body(&mut req).await?;
        let r: json::LoginRequest =
            serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
@ -67,6 +70,9 @@ impl Service {
    }

    pub(super) async fn logout(&self, mut req: Request<hyper::Body>) -> ResponseResult {
+        if *req.method() != Method::POST {
+            return Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into());
+        }
        let r = extract_json_body(&mut req).await?;
        let r: json::LogoutRequest =
            serde_json::from_slice(&r).map_err(|e| bad_req(e.to_string()))?;
--- a/server/src/web/users.rs
+++ b/server/src/web/users.rs
@ -19,7 +19,9 @@ impl Service {
        match *req.method() {
            Method::GET | Method::HEAD => self.get_users(req, caller).await,
            Method::PUT => self.put_users(req, caller).await,
-            _ => Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into()),
+            _ => Err(
+                plain_response(StatusCode::METHOD_NOT_ALLOWED, "GET, HEAD, or PUT expected").into(),
+            ),
        }
    }

@ -71,7 +73,11 @@ impl Service {
            Method::GET | Method::HEAD => self.get_user(req, caller, id).await,
            Method::DELETE => self.delete_user(caller, id).await,
            Method::POST => self.post_user(req, caller, id).await,
-            _ => Err(plain_response(StatusCode::METHOD_NOT_ALLOWED, "POST expected").into()),
+            _ => Err(plain_response(
+                StatusCode::METHOD_NOT_ALLOWED,
+                "GET, HEAD, DELETE, or POST expected",
+            )
+            .into()),
        }
    }