From 466ba6ec1f7bac748640e158e95a70983b7f4e31 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 25 Jul 2019 23:17:45 -0700
Subject: [PATCH] fix: don't echo request back for unknown endpoints closes
 #998

---
 server/api/index.js      |  4 ++++
 server/api/index.test.js | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 server/api/index.test.js

diff --git a/server/api/index.js b/server/api/index.js
index 784e503d2..e2510e326 100644
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -15,6 +15,7 @@ import team from './team';
 import integrations from './integrations';
 import notificationSettings from './notificationSettings';
 
+import { NotFoundError } from '../errors';
 import errorHandling from './middlewares/errorHandling';
 import validation from '../middlewares/validation';
 import methodOverride from './middlewares/methodOverride';
@@ -44,6 +45,9 @@ router.use('/', shares.routes());
 router.use('/', team.routes());
 router.use('/', integrations.routes());
 router.use('/', notificationSettings.routes());
+router.post('*', async (ctx, next) => {
+  ctx.throw(new NotFoundError('Endpoint not found'));
+});
 
 // Router is embedded in a Koa application wrapper, because koa-router does not
 // allow middleware to catch any routes which were not explicitly defined.
diff --git a/server/api/index.test.js b/server/api/index.test.js
new file mode 100644
index 000000000..b407716cb
--- /dev/null
+++ b/server/api/index.test.js
@@ -0,0 +1,22 @@
+/* eslint-disable flowtype/require-valid-file-annotation */
+import TestServer from 'fetch-test-server';
+import app from '../app';
+import { flushdb } from '../test/support';
+const server = new TestServer(app.callback());
+
+beforeEach(flushdb);
+afterAll(server.close);
+
+describe('POST unknown endpoint', async () => {
+  it('should be not found', async () => {
+    const res = await server.post('/api/blah');
+    expect(res.status).toEqual(404);
+  });
+});
+
+describe('GET unknown endpoint', async () => {
+  it('should be not found', async () => {
+    const res = await server.get('/api/blah');
+    expect(res.status).toEqual(404);
+  });
+});