fix!: throwError for allowed Methods

nuxt-modules · Oct 15, 2023 · fdcdc8a · fdcdc8a
1 parent 9861e61
commit fdcdc8a
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 15 deletions.
diff --git a/docs/content/1.documentation/1.getting-started/2.configuration.md b/docs/content/1.documentation/1.getting-started/2.configuration.md
@@ -98,7 +98,10 @@ security: {
     },
     throwError: true
   },
-  allowedMethodsRestricter: '*',
+  allowedMethodsRestricter: {
+    methods: '*',
+    throwError: true
+  },
   hidePoweredBy: true,
   basicAuth: false,
   enabled: true,

diff --git a/docs/content/1.documentation/3.middleware/5.allowed-methods-restricter.md b/docs/content/1.documentation/3.middleware/5.allowed-methods-restricter.md
@@ -23,14 +23,18 @@ export default defineNuxtConfig({
 
   // Global
   security: {
-    allowedMethodsRestricter: ['GET']
+    allowedMethodsRestricter: {
+      methods: ['GET']
+    }
   }
 
   // Per Route
   routeRules: {
     '/my-secret-route': {
       security: {
-        allowedMethodsRestricter: ['GET']
+        allowedMethodsRestricter: {
+          methods: ['GET']
+        }
       }
     }
   }
@@ -46,11 +50,20 @@ Rate limiter accepts following configuration options:
 ```ts
 type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'POST' | string;
 
-type AllowedHTTPMethods = HTTPMethod[] | '*'
+export type AllowedHTTPMethods = {
+  methods: HTTPMethod[] | '*';
+  throwError?: boolean;
+}
 ```
 
-### `HTTP Method`
+### `methods`
 
 - Default: `*`
 
 An array of allowed HTTP methods or `'*'` to allow all methods.
+
+### `throwError`
+
+- Default: `true`
+
+Whether to throw Nuxt Error with appriopriate error code and message. If set to false, it will just return the object with the error that you can handle.
diff --git a/src/defaultConfig.ts b/src/defaultConfig.ts
@@ -64,7 +64,10 @@ export const defaultSecurityConfig = (serverlUrl: string): ModuleOptions => ({
       statusCode: 204
     }
   },
-  allowedMethodsRestricter: '*',
+  allowedMethodsRestricter: {
+    methods: '*',
+    ...defaultThrowErrorValue
+  },
   hidePoweredBy: true,
   basicAuth: false,
   enabled: true,

diff --git a/src/runtime/server/middleware/allowedMethodsRestricter.ts b/src/runtime/server/middleware/allowedMethodsRestricter.ts
@@ -4,15 +4,15 @@ import { getRouteRules } from '#imports'
 
 export default defineEventHandler((event) => {
   const routeRules = getRouteRules(event)
-  const allowedMethods: string[] = routeRules.security.allowedMethodsRestricter
-  if (routeRules.security.allowedMethodsRestricter !== false) {
-    if (!Object.values(allowedMethods).includes(event.node.req.method!)) {
+  const allowedMethodsRestricter = routeRules.security.allowedMethodsRestricter
+  if (allowedMethodsRestricter !== false) {
+    const allowedMethods: string[] = allowedMethodsRestricter.methods
+    if (!allowedMethods.includes(event.node.req.method!)) {
       const methodNotAllowedError = {
         statusCode: 405,
         statusMessage: 'Method not allowed'
       }
 
-      // TODO: fix this as it does not work currently
       if (routeRules.security.allowedMethodsRestricter.throwError === false) {
         return methodNotAllowedError
       }

diff --git a/src/types/middlewares.ts b/src/types/middlewares.ts
@@ -53,10 +53,7 @@ export type CorsOptions = {
   };
 }
 
-export type AllowedHTTPMethods = HTTPMethod[] | '*'
-
-export type MiddlewareConfiguration<MIDDLEWARE> = {
-  value: MIDDLEWARE;
-  route: string;
+export type AllowedHTTPMethods = {
+  methods: HTTPMethod[] | '*';
   throwError?: boolean;
 }