Closed dassump closed 5 months ago
In many cases the registered status code is 200, but this should not be.
I'm using this code to test
package main import ( "log/slog" "os" "github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2/middleware/recover" slogfiber "github.com/samber/slog-fiber" ) func main() { app := fiber.New() app.Use(slogfiber.New(slog.New(slog.NewTextHandler(os.Stdout, nil))), recover.New()) app.Get("/", func(c *fiber.Ctx) error { return c.SendStatus(fiber.StatusOK) }) app.Post("/bad", func(c *fiber.Ctx) error { return c.SendStatus(fiber.StatusBadRequest) }) app.Get("/die", func(c *fiber.Ctx) error { panic("OK") }) app.Post("/force", func(c *fiber.Ctx) error { return fiber.NewError(fiber.StatusUnauthorized) }) app.Listen(":8080") }
Test 1: Get / (Expected: 200 | Received: 200)
$ curl -X GET localhost:8080/ time=2024-03-07T23:28:05.091-03:00 level=INFO msg="Incoming request" request.time=2024-03-07T23:28:05.091-03:00 request.method=GET request.host=localhost:8080 request.path=/ request.query="" request.params=map[] request.route=/ request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:28:05.091-03:00 response.latency=47.75µs response.status=200 response.length=2 id=4be25d05-8447-499e-b2fb-53464e3f7952
Test 2: Post / (Expected: 405 | Received: 200)
$ curl -X POST localhost:8080/ time=2024-03-07T23:28:22.615-03:00 level=INFO msg="Incoming request" request.time=2024-03-07T23:28:22.615-03:00 request.method=POST request.host=localhost:8080 request.path=/ request.query="" request.params=map[] request.route=/ request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:28:22.615-03:00 response.latency=41.125µs response.status=200 response.length=0 id=d92de5c2-06d6-45f1-882f-381765884d8a
Test 3: Post /bad (Expected: 400 | Received: 400)
$ curl -X POST localhost:8080/bad time=2024-03-07T23:28:39.510-03:00 level=WARN msg="Bad Request" request.time=2024-03-07T23:28:39.510-03:00 request.method=POST request.host=localhost:8080 request.path=/bad request.query="" request.params=map[] request.route=/bad request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:28:39.510-03:00 response.latency=21.375µs response.status=400 response.length=11 id=4fe8f6d7-c20d-4140-998b-9e361e2c8b0a
Test 4: Get /die (Expected: 500 | Received: 200)
$ curl -X GET localhost:8080/die time=2024-03-07T23:28:52.796-03:00 level=INFO msg="Incoming request" request.time=2024-03-07T23:28:52.796-03:00 request.method=GET request.host=localhost:8080 request.path=/die request.query="" request.params=map[] request.route=/die request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:28:52.796-03:00 response.latency=45.959µs response.status=200 response.length=0 id=23796a85-ec18-4279-98fb-f5708ac9482b
Test 5: Post /force (Expected: 401 | Received: 200)
$ curl -X POST localhost:8080/force time=2024-03-07T23:40:35.343-03:00 level=INFO msg="Incoming request" request.time=2024-03-07T23:40:35.343-03:00 request.method=POST request.host=localhost:8080 request.path=/force request.query="" request.params=map[] request.route=/force request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:40:35.343-03:00 response.latency=18.667µs response.status=200 response.length=0 id=d88d82b1-9087-42a0-a75b-960ff50d63ac
Test 6: Get /notfound (Expected: 404 | Received: 200)
curl -X GET localhost:8080/notfound time=2024-03-07T23:29:26.894-03:00 level=INFO msg="Incoming request" request.time=2024-03-07T23:29:26.894-03:00 request.method=GET request.host=localhost:8080 request.path=/notfound request.query="" request.params=map[] request.route=/ request.ip=127.0.0.1 request.x-forwarded-for=[] request.referer="" request.length=0 response.time=2024-03-07T23:29:26.894-03:00 response.latency=20.042µs response.status=200 response.length=0 id=595de28b-ab0b-442b-ae0b-688d665b59d0
With these tests I believe that when the request reaches the ErrorHandler due to an error handled or not, the problem occurs.
In many cases the registered status code is 200, but this should not be.
I'm using this code to test
Test 1: Get / (Expected: 200 | Received: 200)
Test 2: Post / (Expected: 405 | Received: 200)
Test 3: Post /bad (Expected: 400 | Received: 400)
Test 4: Get /die (Expected: 500 | Received: 200)
Test 5: Post /force (Expected: 401 | Received: 200)
Test 6: Get /notfound (Expected: 404 | Received: 200)
With these tests I believe that when the request reaches the ErrorHandler due to an error handled or not, the problem occurs.