API requires accept json header (alexjustesen#2333)

Co-authored-by: Alex Justesen <[email protected]>
Co-authored-by: GitHub Action <[email protected]>

Author: alexjustesen

app/Http/Middleware/AcceptJsonMiddleware.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
+
+class AcceptJsonMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): SymfonyResponse
+    {
+        // Check if the Accept header includes application/json
+        if (! $request->acceptsJson()) {
+            return response()->json([
+                'message' => 'This endpoint only accepts JSON. Please include "Accept: application/json" in your request headers.',
+                'error' => 'Unsupported Media Type',
+            ], Response::HTTP_NOT_ACCEPTABLE);
+        }
+
+        // Ensure the response is JSON
+        $response = $next($request);
+
+        // Force JSON content type if not already set
+        if (! $response->headers->has('Content-Type') ||
+            ! str_contains($response->headers->get('Content-Type'), 'application/json')) {
+            $response->headers->set('Content-Type', 'application/json');
+        }
+
+        return $response;
+    }
+}

app/OpenApi/Annotations/V1/OoklaAnnotations.php

@@ -17,6 +17,9 @@ class OoklaAnnotations
         description: 'Returns an array of available Ookla speedtest servers. Requires an API token with `ookla:list-servers` scope.',
         operationId: 'listOoklaServers',
         tags: ['Servers'],
+        parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
+        ],
         responses: [
             new OA\Response(
                 response: Response::HTTP_OK,
@@ -33,6 +36,11 @@ class OoklaAnnotations
                 description: 'Forbidden',
                 content: new OA\JsonContent(ref: '#/components/schemas/ForbiddenError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
         ]
     )]
     public function listServers(): void {}

app/OpenApi/Annotations/V1/ResultsAnnotations.php

@@ -17,6 +17,7 @@ class ResultsAnnotations
         operationId: 'listResults',
         tags: ['Results'],
         parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
             new OA\Parameter(
                 name: 'per_page',
                 in: 'query',
@@ -104,6 +105,11 @@ class ResultsAnnotations
                 description: 'Unauthenticated',
                 content: new OA\JsonContent(ref: '#/components/schemas/UnauthenticatedError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
             new OA\Response(
                 response: Response::HTTP_UNPROCESSABLE_ENTITY,
                 description: 'Validation failed',
@@ -119,6 +125,7 @@ public function index(): void {}
         operationId: 'getResult',
         tags: ['Results'],
         parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
             new OA\Parameter(
                 name: 'id',
                 in: 'path',
@@ -143,6 +150,11 @@ public function index(): void {}
                 description: 'Unauthenticated',
                 content: new OA\JsonContent(ref: '#/components/schemas/UnauthenticatedError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
             new OA\Response(
                 response: Response::HTTP_NOT_FOUND,
                 description: 'Result not found',
@@ -157,6 +169,9 @@ public function show(): void {}
         summary: 'Get the most recent result',
         operationId: 'getLatestResult',
         tags: ['Results'],
+        parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
+        ],
         responses: [
             new OA\Response(
                 response: Response::HTTP_OK,
@@ -173,6 +188,11 @@ public function show(): void {}
                 description: 'Unauthenticated',
                 content: new OA\JsonContent(ref: '#/components/schemas/UnauthenticatedError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
             new OA\Response(
                 response: Response::HTTP_NOT_FOUND,
                 description: 'No result found',

app/OpenApi/Annotations/V1/SpeedtestAnnotations.php

@@ -17,6 +17,7 @@ class SpeedtestAnnotations
         operationId: 'runSpeedtest',
         tags: ['Speedtests'],
         parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
             new OA\Parameter(
                 name: 'server_id',
                 in: 'query',
@@ -41,6 +42,11 @@ class SpeedtestAnnotations
                 description: 'Forbidden',
                 content: new OA\JsonContent(ref: '#/components/schemas/ForbiddenError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
             new OA\Response(
                 response: Response::HTTP_UNPROCESSABLE_ENTITY,
                 description: 'Validation error',
@@ -58,6 +64,9 @@ public function run(): void
         summary: 'List available Ookla speedtest servers',
         operationId: 'listSpeedtestServers',
         tags: ['Speedtests'],
+        parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
+        ],
         responses: [
             new OA\Response(
                 response: Response::HTTP_OK,
@@ -77,6 +86,11 @@ public function run(): void
                     example: ['message' => 'You do not have permission to view speedtest servers.']
                 )
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
         ]
     )]
     public function listServers(): void {}

app/OpenApi/Annotations/V1/StatsAnnotations.php

@@ -17,6 +17,7 @@ class StatsAnnotations
         operationId: 'getStats',
         tags: ['Stats'],
         parameters: [
+            new OA\Parameter(ref: '#/components/parameters/AcceptHeader'),
             new OA\Parameter(
                 name: 'start_at',
                 in: 'query',
@@ -48,6 +49,11 @@ class StatsAnnotations
                 description: 'Forbidden',
                 content: new OA\JsonContent(ref: '#/components/schemas/ForbiddenError')
             ),
+            new OA\Response(
+                response: Response::HTTP_NOT_ACCEPTABLE,
+                description: 'Not Acceptable - Missing or invalid Accept header',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotAcceptableError')
+            ),
             new OA\Response(
                 response: Response::HTTP_UNPROCESSABLE_ENTITY,
                 description: 'Validation error',

app/OpenApi/OpenApiDefinition.php

@@ -20,11 +20,12 @@
         ],
         parameters: [
             new OA\Parameter(
+                parameter: 'AcceptHeader',
                 name: 'Accept',
                 in: 'header',
                 required: true,
                 schema: new OA\Schema(type: 'string', default: 'application/json'),
-                description: 'Expected response format'
+                description: 'Must be "application/json" - this API only accepts and returns JSON'
             ),
         ]
     ),

app/OpenApi/Schemas/NotAcceptableErrorSchema.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\OpenApi\Schemas;
+
+use OpenApi\Attributes as OA;
+
+#[OA\Schema(
+    schema: 'NotAcceptableError',
+    description: 'Error response when the Accept header is missing or invalid',
+    type: 'object',
+    properties: [
+        new OA\Property(
+            property: 'message',
+            type: 'string',
+            example: 'This endpoint only accepts JSON. Please include "Accept: application/json" in your request headers.'
+        ),
+        new OA\Property(
+            property: 'error',
+            type: 'string',
+            example: 'Unsupported Media Type'
+        ),
+    ]
+)]
+class NotAcceptableErrorSchema {}

bootstrap/app.php

@@ -17,6 +17,7 @@
         $middleware->alias([
             'getting-started' => App\Http\Middleware\GettingStarted::class,
             'public-dashboard' => App\Http\Middleware\PublicDashboard::class,
+            'accept-json' => App\Http\Middleware\AcceptJsonMiddleware::class,
         ]);
 
         $middleware->prependToGroup('api', [