zap.App.Endpoint.Authenticating: don't require unauthorized handler, return 405 method not allowed for unimplemented HTTP methods

2025-10-20 23:24:09 +00:00 · 2025-07-23 01:46:39 +02:00 · 2025-07-23 01:46:39 +02:00 · ef523d7767
commit ef523d7767
parent 29d339892e
1 changed files with 13 additions and 7 deletions
--- a/src/App.zig
+++ b/src/App.zig
@ -256,7 +256,7 @@ pub fn Create(
                    /// Authenticates GET requests using the Authenticator.
                    pub fn get(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("get", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -265,7 +265,7 @@ pub fn Create(
                    /// Authenticates POST requests using the Authenticator.
                    pub fn post(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("post", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -274,7 +274,7 @@ pub fn Create(
                    /// Authenticates PUT requests using the Authenticator.
                    pub fn put(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: zap.Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("put", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -283,7 +283,7 @@ pub fn Create(
                    /// Authenticates DELETE requests using the Authenticator.
                    pub fn delete(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: zap.Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("delete", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -292,7 +292,7 @@ pub fn Create(
                    /// Authenticates PATCH requests using the Authenticator.
                    pub fn patch(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: zap.Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("patch", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -301,7 +301,7 @@ pub fn Create(
                    /// Authenticates OPTIONS requests using the Authenticator.
                    pub fn options(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: zap.Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("options", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -310,7 +310,7 @@ pub fn Create(
                    /// Authenticates HEAD requests using the Authenticator.
                    pub fn head(self: *AuthenticatingEndpoint, arena: Allocator, context: *Context, request: zap.Request) anyerror!void {
                        try switch (self.authenticator.authenticateRequest(&request)) {
-                            .AuthFailed => return self.ep.*.unauthorized(arena, context, request),
+                            .AuthFailed => callHandlerIfExist("unauthorized", self.ep, arena, context, request),
                            .AuthOK => callHandlerIfExist("head", self.ep, arena, context, request),
                            .Handled => {},
                        };
@ -393,6 +393,12 @@ pub fn Create(
            if (@hasDecl(EndPoint, fn_name)) {
                return @field(EndPoint, fn_name)(e, arena, ctx, r);
            }
+            zap.log.debug(
+                "Unhandled `{s}` {s} request ({s} not implemented in {s})",
+                .{ r.method orelse "<unknown>", r.path orelse "", fn_name, @typeName(Endpoint) },
+            );
+            r.setStatus(.method_not_allowed);
+            try r.sendBody("405 - method not allowed\r\n");
            return;
        }