I'm very new working with feathersjs (v2.0) and just did a tiny REST application that only find a handful of records using feathers. However, I don't know and I haven't find a way, reading the documentation and examples, to only allow FIND not get, put, delete, etc. Is there a way to configure which verbs are allowed in a feathers REST API?. I tried to add a reject function in the before hook (in the service hook) that just have a return, but a 500 error is returned, and the response is:
{"name":"GeneralError","message":"Cannot read property 'bind' of undefined","code":500,"className":"general-error","data":{},"errors":{}}
The default (without any function in the hook file) for other verbs is:
"name":"NotFound","message":"No record found for id 'null'","code":404,"className":"not-found","errors":{}}
Which makes sense, but my personal feeling is, if you don't need those verbs why I need to allow them and return this "misleading" error?
UPDATE:
I did the trick, but I'm not satisfied because the response headers does not match with what actually happened.
In order to grab headers information I had to add this code in the service file
// This must be before the service creation
app.use(function(req, res, next) {
req.feathers.headers = req.headers;
next();
});
app.use('/myservice', createService(options));
based on the answer given here. However, the answer given by daffl where the function is on the service creation parameter does not work on code generated using feathers-cli, so it must be before (any better way?, how to set as second or first parameter in the createService function? or inside the options object, is it possible? I just get compilation errors). I had to define a new file with the hook function and include it into "myservice.hooks.js"
module.exports = function () {
return function (hook) {
if(hook.method !== 'find' && hook.method !== 'error'){
throw new Error('Method not allowed');
}else{
return hook;
}
};
};
This of course gives a 500 error, but should be a 405 error with the Allow header on 'GET'. I tried also using this code instead throwing an error:
hook.params.headers.allow = 'GET';
hook.params.headers.status = 405;
it worked better, but on delete for instance it goes and try to delete the record in the database (fortunately the database user only have select privileges), but this shouldn't go that far in POST and PUT similar behavior. Only that the response header status is not 200 OK but 400 (?!!) and the allow header didn't change, so it is "GET,POST,PUT,PATCH,DELETE".
I read this solution, but I don't know how to set the headers' values correctly using feathers' hook.params.headers (or hook.header(s) but it is undefined) to return a more appropriate header response and of course don't continue any further. Any ideas?, please be mercy, I'm just a beginner with feathers (less than a week) and maybe this is an stupid/obvious question.
Thanks in advance.
To throw the correct error codes you have to use feathers-errors as outlined in the errors API documentation. You can throw a 405 by using the MethodNotAllowed error and changing your hook to:
const errors = require('feathers-errors');
module.exports = function () {
return function (hook) {
if(hook.method !== 'find' && hook.method !== 'error'){
throw new errors.MethodNotAllowed('Method not allowed');
}else{
return hook;
}
};
};
Also don't forget to set up the Express error handle as pointed out in the same chapter