From 8c1334c421c4099e403771f648b72305cd9564e5 Mon Sep 17 00:00:00 2001
From: Stefan Strigler <stefan.strigler@emqx.io>
Date: Fri, 9 Jun 2023 14:53:27 +0200
Subject: [PATCH] fix(emqx_dashboard): return 404 for everything we don't know

---
 apps/emqx_dashboard/src/emqx_dashboard.erl     |  3 +--
 ...ad_api.erl => emqx_dashboard_not_found.erl} | 18 +++++++++++++++---
 ....erl => emqx_dashboard_not_found_SUITE.erl} |  4 ++--
 changes/ce/fix-10996.en.md                     |  1 +
 4 files changed, 19 insertions(+), 7 deletions(-)
 rename apps/emqx_dashboard/src/{emqx_dashboard_bad_api.erl => emqx_dashboard_not_found.erl} (63%)
 rename apps/emqx_dashboard/test/{emqx_dashboard_bad_api_SUITE.erl => emqx_dashboard_not_found_SUITE.erl} (93%)
 create mode 100644 changes/ce/fix-10996.en.md

diff --git a/apps/emqx_dashboard/src/emqx_dashboard.erl b/apps/emqx_dashboard/src/emqx_dashboard.erl
index ca995990d..a69a1fea2 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard.erl
@@ -72,8 +72,7 @@ start_listeners(Listeners) ->
         {"/", cowboy_static, {priv_file, emqx_dashboard, "www/index.html"}},
         {"/static/[...]", cowboy_static, {priv_dir, emqx_dashboard, "www/static"}},
         {emqx_mgmt_api_status:path(), emqx_mgmt_api_status, []},
-        {emqx_dashboard_swagger:relative_uri("/[...]"), emqx_dashboard_bad_api, []},
-        {'_', cowboy_static, {priv_file, emqx_dashboard, "www/index.html"}}
+        {'_', emqx_dashboard_not_found, []}
     ],
     BaseMinirest = #{
         base_path => emqx_dashboard_swagger:base_path(),
diff --git a/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl b/apps/emqx_dashboard/src/emqx_dashboard_not_found.erl
similarity index 63%
rename from apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl
rename to apps/emqx_dashboard/src/emqx_dashboard_not_found.erl
index 6d65ac081..20fe81483 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_not_found.erl
@@ -14,7 +14,7 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_dashboard_bad_api).
+-module(emqx_dashboard_not_found).
 
 -include_lib("emqx/include/logger.hrl").
 
@@ -23,10 +23,22 @@
 init(Req0, State) ->
     RedactedReq = emqx_utils:redact(Req0),
     ?SLOG(warning, #{msg => "unexpected_api_access", request => RedactedReq}),
+    CT = ct(cowboy_req:header(<<"accept">>, Req0, <<"text/html">>)),
     Req = cowboy_req:reply(
         404,
-        #{<<"content-type">> => <<"application/json">>},
-        <<"{\"code\": \"API_NOT_EXIST\", \"message\": \"Request Path Not Found\"}">>,
+        #{<<"content-type">> => CT},
+        ct_body(CT),
         RedactedReq
     ),
     {ok, Req, State}.
+
+ct(<<"text/plain", _/binary>>) -> <<"text/plain">>;
+ct(<<"application/json", _/binary>>) -> <<"application/json">>;
+ct(_AnyOther) -> <<"text/html">>.
+
+ct_body(<<"text/html">>) ->
+    <<"<html><head><title>404 - NOT FOUND</title></head><body><h1>404 - NOT FOUND</h1></body></html>">>;
+ct_body(<<"text/plain">>) ->
+    <<"404 - NOT FOUND">>;
+ct_body(<<"application/json">>) ->
+    <<"{\"code\": \"NOT_FOUND\", \"message\": \"Request Path Not Found\"}">>.
diff --git a/apps/emqx_dashboard/test/emqx_dashboard_bad_api_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_not_found_SUITE.erl
similarity index 93%
rename from apps/emqx_dashboard/test/emqx_dashboard_bad_api_SUITE.erl
rename to apps/emqx_dashboard/test/emqx_dashboard_not_found_SUITE.erl
index 92327a7db..3a8e23c21 100644
--- a/apps/emqx_dashboard/test/emqx_dashboard_bad_api_SUITE.erl
+++ b/apps/emqx_dashboard/test/emqx_dashboard_not_found_SUITE.erl
@@ -14,7 +14,7 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_dashboard_bad_api_SUITE).
+-module(emqx_dashboard_not_found_SUITE).
 
 -compile(nowarn_export_all).
 -compile(export_all).
@@ -23,7 +23,7 @@
 
 -include_lib("eunit/include/eunit.hrl").
 
--define(SERVER, "http://127.0.0.1:18083/api/v5").
+-define(SERVER, "http://127.0.0.1:18083/").
 
 -import(emqx_mgmt_api_test_util, [request/2]).
 
diff --git a/changes/ce/fix-10996.en.md b/changes/ce/fix-10996.en.md
new file mode 100644
index 000000000..846faecac
--- /dev/null
+++ b/changes/ce/fix-10996.en.md
@@ -0,0 +1 @@
+Default to 404 for any HTTP/API request, we don't know, rather than the dashboard's index.html.