Skip to content

Commit

Permalink
Merge pull request #4920 from mozilla/MNTOR-2566
Browse files Browse the repository at this point in the history 
MNTOR-2566: send status code 401 for unauth'd API endpoints instead of redirect
  • Loading branch information
@mansaj
mansaj authored Aug 7, 2024
2 parents 0ec33a9 + fdeeff6 commit c1f2afb
Show file tree
Hide file tree
Showing 10 changed files with 15 additions and 37 deletions.
7 changes: 2 additions & 5 deletions src/app/api/v1/admin/feature-flags/[flagId]/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import {
updateWaitList,
} from "../../../../../../db/tables/featureFlags";
import { isAdmin } from "../../../../utils/auth";
import appConstants from "../../../../../../appConstants";

export async function GET(
req: NextRequest,
Expand All @@ -32,8 +31,7 @@ export async function GET(
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}

Expand Down Expand Up @@ -92,7 +90,6 @@ export async function PUT(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}
13 changes: 4 additions & 9 deletions src/app/api/v1/admin/feature-flags/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ import {
} from "../../../../../db/tables/featureFlags";

import { isAdmin } from "../../../utils/auth";
import appConstants from "../../../../../appConstants";

export async function GET() {
const session = await getServerSession();
Expand All @@ -30,8 +29,7 @@ export async function GET() {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}

Expand All @@ -51,8 +49,7 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}

Expand Down Expand Up @@ -89,8 +86,7 @@ export async function PUT(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}

Expand All @@ -111,7 +107,6 @@ export async function DELETE(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}
2 changes: 1 addition & 1 deletion src/app/api/v1/hibp/notify/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ export async function POST(req: NextRequest) {
pubsub = new PubSub({ projectId });
} catch (ex) {
logger.error("Error connecting to PubSub:", ex);
return NextResponse.json({ success: false }, { status: 500 });
return NextResponse.json({ success: false }, { status: 429 });
}

try {
Expand Down
7 changes: 2 additions & 5 deletions src/app/api/v1/user/breaches/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import {
getSubscriberByFxaUid,
setBreachResolution,
} from "../../../../../db/tables/subscribers";
import appConstants from "../../../../../appConstants";
import { HibpBreachDataTypes } from "../../../../functions/universal/breach";

export interface BreachResolutionRequest {
Expand Down Expand Up @@ -40,8 +39,7 @@ export async function GET(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}

Expand Down Expand Up @@ -159,7 +157,6 @@ export async function PUT(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(appConstants.SERVER_URL);
return NextResponse.json({ success: false }, { status: 401 });
}
}
3 changes: 1 addition & 2 deletions src/app/api/v1/user/remove-email/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}
4 changes: 1 addition & 3 deletions src/app/api/v1/user/resend-email/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import { getToken } from "next-auth/jwt";
import { NextRequest, NextResponse } from "next/server";

import { logger } from "../../../../functions/server/logging";
import AppConstants from "../../../../../appConstants";
import { getSubscriberByFxaUid } from "../../../../../db/tables/subscribers";
import { getUserEmails } from "../../../../../db/tables/emailAddresses";
import { sendVerificationEmail } from "../../../utils/email";
Expand Down Expand Up @@ -72,7 +71,6 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}
4 changes: 1 addition & 3 deletions src/app/api/v1/user/update-comm-option/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import { getToken } from "next-auth/jwt";
import { NextRequest, NextResponse } from "next/server";

import { logger } from "../../../../functions/server/logging";
import AppConstants from "../../../../../appConstants";

import {
getSubscriberByFxaUid,
Expand Down Expand Up @@ -65,7 +64,6 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 301);
return NextResponse.json({ success: false }, { status: 401 });
}
}
4 changes: 1 addition & 3 deletions src/app/api/v1/user/welcome-scan/create/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import {
} from "../../../../../functions/server/onerep";
import type { CreateProfileRequest } from "../../../../../functions/server/onerep";
import { meetsAgeRequirement } from "../../../../../functions/universal/user";
import AppConstants from "../../../../../../appConstants";
import { getSubscriberByFxaUid } from "../../../../../../db/tables/subscribers";
import {
setOnerepProfileId,
Expand Down Expand Up @@ -144,7 +143,6 @@ export async function POST(
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 302);
return NextResponse.json({ success: false }, { status: 401 });
}
}
4 changes: 1 addition & 3 deletions src/app/api/v1/user/welcome-scan/progress/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import { NextRequest, NextResponse } from "next/server";
import { logger } from "../../../../../functions/server/logging";

import { getServerSession } from "../../../../../functions/server/getServerSession";
import AppConstants from "../../../../../../appConstants";
import {
getOnerepProfileId,
getSubscriberByFxaUid,
Expand Down Expand Up @@ -74,7 +73,6 @@ export async function GET(
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 302);
return NextResponse.json({ success: false }, { status: 401 });
}
}
4 changes: 1 addition & 3 deletions src/app/api/v1/user/welcome-scan/result/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import { NextResponse } from "next/server";
import { logger } from "../../../../../functions/server/logging";

import { getServerSession } from "../../../../../functions/server/getServerSession";
import AppConstants from "../../../../../../appConstants";
import {
getOnerepProfileId,
getSubscriberByFxaUid,
Expand Down Expand Up @@ -45,7 +44,6 @@ export async function GET() {
return NextResponse.json({ success: false }, { status: 500 });
}
} else {
// Not Signed in, redirect to home
return NextResponse.redirect(AppConstants.SERVER_URL, 302);
return NextResponse.json({ success: false }, { status: 401 });
}
}

0 comments on commit c1f2afb

Please sign in to comment.