From 4c055456d24b768a73c1da7c401dcc2f44c1f704 Mon Sep 17 00:00:00 2001
From: Andreas Nedbal <github-bf215181b5140522137b3d4f6b73544a@desu.email>
Date: Sun, 25 Sep 2022 21:12:50 +0200
Subject: [PATCH] improve fetching of endpoint arguments

including support for route parameters (e.g. '/v2/note/:noteId' giving us a 'noteId' value)
---
 .../backend/src/server/api/api-handler.ts     | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/packages/backend/src/server/api/api-handler.ts b/packages/backend/src/server/api/api-handler.ts
index 956096367..63b0c5a29 100644
--- a/packages/backend/src/server/api/api-handler.ts
+++ b/packages/backend/src/server/api/api-handler.ts
@@ -5,12 +5,23 @@ import authenticate, { AuthenticationError } from './authenticate.js';
 import call from './call.js';
 import { ApiError } from './error.js';
 
+function getRequestArguments(ctx: Koa.Context): any {
+	const args = {
+		...(ctx.params || {}),
+		...ctx.query,
+		...(ctx.request.body || {}),
+	};
+
+	// For security reasons, we drop the i parameter if it's a GET request
+	if (ctx.method === 'GET') {
+		delete args['i'];
+	}
+
+	return args;
+}
+
 export default (endpoint: IEndpoint, ctx: Koa.Context) => new Promise<void>((res) => {
-	const body = ctx.is('multipart/form-data')
-		? (ctx.request as any).body
-		: ctx.method === 'GET'
-			? ctx.query
-			: ctx.request.body;
+	const body = getRequestArguments(ctx);
 
 	const reply = (x?: any, y?: ApiError) => {
 		if (x == null) {