diff --git a/CHANGES b/CHANGES index 921e0f8d5..36fdfed34 100644 --- a/CHANGES +++ b/CHANGES @@ -2687,4 +2687,5 @@ [7.6.0] * Update MongoDB to 5.0. Important: this release requires AVX support in CPU * turn: add ddos mitigation settings +* api: return json when route not found diff --git a/package-lock.json b/package-lock.json index b6ed06aa8..4b8ffeb51 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35,7 +35,6 @@ "marked": "^7.0.2", "moment": "^2.29.4", "moment-timezone": "^0.5.43", - "morgan": "^1.10.0", "multiparty": "^4.2.3", "mysql": "^2.18.1", "nodemailer": "^6.9.4", @@ -3842,38 +3841,6 @@ "node": ">= 0.6.0" } }, - "node_modules/morgan": { - "version": "1.10.0", - "license": "MIT", - "dependencies": { - "basic-auth": "~2.0.1", - "debug": "2.6.9", - "depd": "~2.0.0", - "on-finished": "~2.3.0", - "on-headers": "~1.0.2" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/morgan/node_modules/debug": { - "version": "2.6.9", - "license": "MIT", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/morgan/node_modules/depd": { - "version": "2.0.0", - "license": "MIT", - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/morgan/node_modules/ms": { - "version": "2.0.0", - "license": "MIT" - }, "node_modules/ms": { "version": "2.1.2", "license": "MIT" diff --git a/package.json b/package.json index 7a3e837c3..24f257b25 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,6 @@ "marked": "^7.0.2", "moment": "^2.29.4", "moment-timezone": "^0.5.43", - "morgan": "^1.10.0", "multiparty": "^4.2.3", "mysql": "^2.18.1", "nodemailer": "^6.9.4", diff --git a/src/middleware/index.js b/src/middleware/index.js index b51b3cb04..2b3f80ee9 100644 --- a/src/middleware/index.js +++ b/src/middleware/index.js @@ -2,9 +2,8 @@ exports = module.exports = { cookieParser: require('cookie-parser'), - cors: require('./cors'), + cors: require('./cors.js'), json: require('body-parser').json, - morgan: require('morgan'), proxy: require('./proxy-middleware.js'), lastMile: require('connect-lastmile'), multipart: require('./multipart.js'), diff --git a/src/proxyauth.js b/src/proxyauth.js index 2fba94f51..84061f9ae 100644 --- a/src/proxyauth.js +++ b/src/proxyauth.js @@ -217,25 +217,6 @@ function initializeAuthwallExpressSync() { const json = middleware.json({ strict: true, limit: QUERY_LIMIT }); // application/json - if (process.env.BOX_ENV !== 'test') { - app.use(middleware.morgan(function (tokens, req, res) { - return [ - 'proxyauth', - tokens.method(req, res), - tokens.url(req, res), - tokens.status(req, res), - res.errorBody ? res.errorBody.status : '', // attached by connect-lastmile. can be missing when router errors like 404 - res.errorBody ? res.errorBody.message : '', // attached by connect-lastmile. can be missing when router errors like 404 - tokens['response-time'](req, res), 'ms', '-', - tokens.res(req, res, 'content-length') - ].join(' '); - }, { - immediate: false, - // only log failed requests by default - skip: function (req, res) { return res.statusCode < 400; } - })); - } - const router = new express.Router(); router.del = router.delete; // amend router.del for readability further on diff --git a/src/server.js b/src/server.js index 902f99446..d33add7ac 100644 --- a/src/server.js +++ b/src/server.js @@ -12,6 +12,7 @@ const assert = require('assert'), eventlog = require('./eventlog.js'), express = require('express'), http = require('http'), + HttpError = require('connect-lastmile').HttpError, middleware = require('./middleware'), platform = require('./platform.js'), routes = require('./routes/index.js'), @@ -22,6 +23,12 @@ const assert = require('assert'), let gHttpServer = null; +function notFoundHandler(req, res, next) { + const cleanUrl = req.url.replace(/(access_token=)[^&]+/, '$1' + ''); + debug(`no such route: ${req.method} ${cleanUrl}`); + return next(new HttpError(404, 'No such route')); +} + async function initializeExpressSync() { const app = express(); // disable slowloris prevention: https://github.com/nodejs/node/issues/47421 @@ -42,25 +49,6 @@ async function initializeExpressSync() { // for rate limiting app.enable('trust proxy'); - if (process.env.BOX_ENV !== 'test') { - app.use(middleware.morgan(function (tokens, req, res) { - return [ - 'Box', - tokens.method(req, res), - tokens.url(req, res).replace(/(access_token=)[^&]+/, '$1' + ''), - tokens.status(req, res), - res.errorBody ? res.errorBody.status : '', // attached by connect-lastmile. can be missing when router errors like 404 - res.errorBody ? res.errorBody.message : '', // attached by connect-lastmile. can be missing when router errors like 404 - tokens['response-time'](req, res), 'ms', '-', - tokens.res(req, res, 'content-length') - ].join(' '); - }, { - immediate: false, - // only log failed requests by default - skip: function (req, res) { return res.statusCode < 400; } - })); - } - const router = new express.Router(); router.del = router.delete; // amend router.del for readability further on @@ -71,6 +59,7 @@ async function initializeExpressSync() { .use(urlencoded) .use(middleware.cors({ origins: [ '*' ], allowCredentials: false })) .use(router) + .use(notFoundHandler) .use(middleware.lastMile()); // NOTE: routes that use multi-part have to be whitelisted in the reverse proxy