From f3f44895a56f006e82315cbf9d07085d546ac343 Mon Sep 17 00:00:00 2001
From: Francesco Noacco <francesco.noacco@secomind.com>
Date: Tue, 1 Aug 2023 19:09:27 +0200
Subject: [PATCH] fix(api)!: only accept json content

1. Clients can not send urlencoded/multipart requests.
BREAKING CHANGE: this means that eg an appengine request on the endpoint
`interface_values_path  POST    /v1/:realm_name/devices/:device_id/interfaces/:interface/*path_token`

which previously _could_ be successful with an urlencoded body of `data=2`
will not be successful anymore.

2. Remove `pass: ["*/*"]`
From the [Plug.Parsers documentation](https://hexdocs.pm/plug/Plug.Parsers.html),
"This plug will raise Plug.Parsers.UnsupportedMediaTypeError by default
if the request cannot be parsed by any of the given types and the MIME
type has not been explicitly accepted with the :pass option".

I believe this to be the desired behavior, as the application should return
error code 415 if it is not parsable by one of the specified parsers.

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>
---
 CHANGELOG.md                                                 | 3 +++
 .../lib/astarte_appengine_api_web/endpoint.ex                | 5 ++---
 .../lib/astarte_housekeeping_api_web/endpoint.ex             | 5 ++---
 .../lib/astarte_pairing_api_web/endpoint.ex                  | 5 ++---
 .../lib/astarte_realm_management_api_web/endpoint.ex         | 5 ++---
 5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5d32d4545..1d153dc79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Forward port changes from release 1.1.
 
+### Fixed
+- [all] API now only accepts json requests
+
 ## [1.1.0] - 2023-06-20
 ### Fixed
 - [astarte_trigger_engine] Allow to decode events that do not contain the
diff --git a/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex b/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex
index 73560a08e..cfff0ae47 100644
--- a/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex
+++ b/apps/astarte_appengine_api/lib/astarte_appengine_api_web/endpoint.ex
@@ -1,7 +1,7 @@
 #
 # This file is part of Astarte.
 #
-# Copyright 2017 Ispirata Srl
+# Copyright 2017-2023 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -44,8 +44,7 @@ defmodule Astarte.AppEngine.APIWeb.Endpoint do
   plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]
 
   plug Plug.Parsers,
-    parsers: [:urlencoded, :multipart, :json],
-    pass: ["*/*"],
+    parsers: [:json],
     json_decoder: Phoenix.json_library()
 
   plug Plug.MethodOverride
diff --git a/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex b/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex
index 9c9239d5f..2031fd78c 100644
--- a/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex
+++ b/apps/astarte_housekeeping_api/lib/astarte_housekeeping_api_web/endpoint.ex
@@ -1,7 +1,7 @@
 #
 # This file is part of Astarte.
 #
-# Copyright 2017 Ispirata Srl
+# Copyright 2017-2023 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -45,8 +45,7 @@ defmodule Astarte.Housekeeping.APIWeb.Endpoint do
   plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]
 
   plug Plug.Parsers,
-    parsers: [:urlencoded, :multipart, :json],
-    pass: ["*/*"],
+    parsers: [:json],
     json_decoder: Phoenix.json_library()
 
   plug Plug.MethodOverride
diff --git a/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex b/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex
index b108fc382..7f14f8467 100644
--- a/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex
+++ b/apps/astarte_pairing_api/lib/astarte_pairing_api_web/endpoint.ex
@@ -1,7 +1,7 @@
 #
 # This file is part of Astarte.
 #
-# Copyright 2017 Ispirata Srl
+# Copyright 2017-2023 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -47,8 +47,7 @@ defmodule Astarte.Pairing.APIWeb.Endpoint do
   plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]
 
   plug Plug.Parsers,
-    parsers: [:urlencoded, :multipart, :json],
-    pass: ["*/*"],
+    parsers: [:json],
     json_decoder: Phoenix.json_library()
 
   plug Plug.MethodOverride
diff --git a/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex b/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex
index fc082598b..e2498531f 100644
--- a/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex
+++ b/apps/astarte_realm_management_api/lib/astarte_realm_management_api_web/endpoint.ex
@@ -1,7 +1,7 @@
 #
 # This file is part of Astarte.
 #
-# Copyright 2017 Ispirata Srl
+# Copyright 2017-2023 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -45,8 +45,7 @@ defmodule Astarte.RealmManagement.APIWeb.Endpoint do
   plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]
 
   plug Plug.Parsers,
-    parsers: [:urlencoded, :multipart, :json],
-    pass: ["*/*"],
+    parsers: [:json],
     json_decoder: Phoenix.json_library()
 
   plug Plug.MethodOverride