Feat: Add Accept header handling for account list and method check in auth

Enhance REST API to handle different Accept headers for listing accounts, supporting JSON and form-encoded responses. Also, add a method check in the authentication setup to process only POST requests, ensuring correct handling of content types.

Signed-off-by: Christian Roessner <[email protected]>

Author: Christian Roessner

server/core/auth.go

@@ -2149,15 +2149,17 @@ func setAuthenticationFields(auth *AuthState, request *JSONRequest) {
 // If neither of the above conditions match, it sets the error associated with unsupported media type
 // and sets the error type to gin.ErrorTypeBind on the Context.
 func setupBodyBasedAuth(ctx *gin.Context, auth *AuthState) {
-	contentType := ctx.GetHeader("Content-Type")
+	if ctx.Request.Method == "POST" {
+		contentType := ctx.GetHeader("Content-Type")
 
-	if strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {
-		processApplicationXWWWFormUrlencoded(ctx, auth)
-	} else if contentType == "application/json" {
-		processApplicationJSON(ctx, auth)
-	} else {
-		ctx.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Unsupported media type"})
-		ctx.Error(errors.ErrUnsupportedMediaType).SetType(gin.ErrorTypeBind)
+		if strings.HasPrefix(contentType, "application/x-www-form-urlencoded") {
+			processApplicationXWWWFormUrlencoded(ctx, auth)
+		} else if contentType == "application/json" {
+			processApplicationJSON(ctx, auth)
+		} else {
+			ctx.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Unsupported media type"})
+			ctx.Error(errors.ErrUnsupportedMediaType).SetType(gin.ErrorTypeBind)
+		}
 	}
 }
 

server/core/rest.go

@@ -131,8 +131,22 @@ func (a *AuthState) generic(ctx *gin.Context) {
 	if a.ListAccounts {
 		allAccountsList := a.listUserAccounts()
 
-		for _, account := range allAccountsList {
-			ctx.Data(http.StatusOK, "text/plain", []byte(account+"\r\n"))
+		acceptHeader := ctx.GetHeader("Accept")
+
+		switch acceptHeader {
+		case "application/json":
+			ctx.JSON(http.StatusOK, allAccountsList)
+		case "*/*", "text/plain":
+			for _, account := range allAccountsList {
+				ctx.Data(http.StatusOK, "text/plain", []byte(account+"\r\n"))
+			}
+		case "application/x-www-form-urlencoded":
+			for _, account := range allAccountsList {
+				ctx.Data(http.StatusOK, "application/x-www-form-urlencoded", []byte(account+"\r\n"))
+			}
+		default:
+			ctx.Error(errors.ErrUnsupportedMediaType).SetType(gin.ErrorTypeBind)
+			ctx.AbortWithStatus(http.StatusUnsupportedMediaType)
 		}
 
 		level.Info(log.Logger).Log(global.LogKeyGUID, a.GUID, global.LogKeyMode, mode)