From b394427fe7f11c816ac5ae1d59f67b4d9b1620a3 Mon Sep 17 00:00:00 2001
From: Anna Bocharova <robin_tail@me.com>
Date: Thu, 6 Feb 2025 21:34:50 +0100
Subject: [PATCH] Change default response to `405` for wrong method (#2372)

Feature was introduced in #2366 .
Making it default behavior in next major.
---
 CHANGELOG.md                                  |  3 ++-
 src/config-type.ts                            |  3 +--
 src/migration.ts                              | 25 +++++++++++++++++++
 src/routing.ts                                |  2 +-
 tests/system/system.spec.ts                   |  1 -
 .../unit/__snapshots__/migration.spec.ts.snap |  1 +
 tests/unit/migration.spec.ts                  | 18 ++++++++++++-
 7 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 780edd3bd..1363e1d9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,8 @@
 
 ### v23.0.0
 
-- Publicly exposed interface `CustomHeaderSecurity` is renamed to `HeaderSecurity`.
+- Publicly exposed interface `CustomHeaderSecurity` is renamed to `HeaderSecurity`;
+- The default value for `wrongMethodBehavior` config option is changed to `405`.
 
 ## Version 22
 
diff --git a/src/config-type.ts b/src/config-type.ts
index b3c49e8c5..aa93e123e 100644
--- a/src/config-type.ts
+++ b/src/config-type.ts
@@ -41,8 +41,7 @@ export interface CommonConfig {
    * @desc How to respond to a request that uses a wrong method to an existing endpoint
    * @example 404 — Not found
    * @example 405 — Method not allowed, incl. the "Allow" header with a list of methods
-   * @default 404
-   * @todo consider changing default to 405 in v23
+   * @default 405
    * */
   wrongMethodBehavior?: 404 | 405;
   /**
diff --git a/src/migration.ts b/src/migration.ts
index 3b66ae052..c8873d7e1 100644
--- a/src/migration.ts
+++ b/src/migration.ts
@@ -7,12 +7,14 @@ import {
 
 interface Queries {
   headerSecurity: TSESTree.Identifier;
+  createConfig: TSESTree.ObjectExpression;
 }
 
 type Listener = keyof Queries;
 
 const queries: Record<Listener, string> = {
   headerSecurity: `${NT.Identifier}[name='CustomHeaderSecurity']`,
+  createConfig: `${NT.CallExpression}[callee.name='createConfig'] > ${NT.ObjectExpression}`,
 };
 
 const listen = <
@@ -35,6 +37,7 @@ const v23 = ESLintUtils.RuleCreator.withoutDocs({
     schema: [],
     messages: {
       change: "change {{ subject }} from {{ from }} to {{ to }}",
+      add: `add {{ subject }} to {{ to }}`,
     },
   },
   defaultOptions: [],
@@ -47,6 +50,28 @@ const v23 = ESLintUtils.RuleCreator.withoutDocs({
           data: { subject: "interface", from: node.name, to: "HeaderSecurity" },
           fix: (fixer) => fixer.replaceText(node, "HeaderSecurity"),
         }),
+      createConfig: (node) => {
+        const wmProp = node.properties.find(
+          (prop) =>
+            prop.type === NT.Property &&
+            prop.key.type === NT.Identifier &&
+            prop.key.name === "wrongMethodBehavior",
+        );
+        if (wmProp) return;
+        ctx.report({
+          node,
+          messageId: "add",
+          data: {
+            subject: "wrongMethodBehavior property",
+            to: "configuration",
+          },
+          fix: (fixer) =>
+            fixer.insertTextAfterRange(
+              [node.range[0], node.range[0] + 1],
+              "wrongMethodBehavior: 404,",
+            ),
+        });
+      },
     }),
 });
 
diff --git a/src/routing.ts b/src/routing.ts
index 915e645be..353235f88 100644
--- a/src/routing.ts
+++ b/src/routing.ts
@@ -80,7 +80,7 @@ export const initRouting = ({
     app[method](path, ...matchingParsers, handler);
   };
   walkRouting({ routing, onEndpoint, onStatic: app.use.bind(app) });
-  if (config.wrongMethodBehavior !== 405) return;
+  if (config.wrongMethodBehavior === 404) return;
   for (const [path, allowedMethods] of familiar.entries())
     app.all(path, createWrongMethodHandler(allowedMethods));
 };
diff --git a/tests/system/system.spec.ts b/tests/system/system.spec.ts
index 2c4d0544c..a79a75948 100644
--- a/tests/system/system.spec.ts
+++ b/tests/system/system.spec.ts
@@ -112,7 +112,6 @@ describe("App in production mode", async () => {
   const config = createConfig({
     http: { listen: port },
     compression: { threshold: 1 },
-    wrongMethodBehavior: 405,
     beforeRouting: ({ app, getLogger }) => {
       depd("express")("Sample deprecation message");
       app.use((req, {}, next) => {
diff --git a/tests/unit/__snapshots__/migration.spec.ts.snap b/tests/unit/__snapshots__/migration.spec.ts.snap
index 3fa49054d..7c14f1c2d 100644
--- a/tests/unit/__snapshots__/migration.spec.ts.snap
+++ b/tests/unit/__snapshots__/migration.spec.ts.snap
@@ -9,6 +9,7 @@ exports[`Migration > should consist of one rule being the major version of the p
       "meta": {
         "fixable": "code",
         "messages": {
+          "add": "add {{ subject }} to {{ to }}",
           "change": "change {{ subject }} from {{ from }} to {{ to }}",
         },
         "schema": [],
diff --git a/tests/unit/migration.spec.ts b/tests/unit/migration.spec.ts
index e0d5cf7dd..c2bd5578a 100644
--- a/tests/unit/migration.spec.ts
+++ b/tests/unit/migration.spec.ts
@@ -18,7 +18,10 @@ describe("Migration", () => {
   });
 
   tester.run("v23", migration.rules.v23, {
-    valid: [`import { HeaderSecurity } from "express-zod-api";`],
+    valid: [
+      `import { HeaderSecurity } from "express-zod-api";`,
+      `createConfig({ wrongMethodBehavior: 405 });`,
+    ],
     invalid: [
       {
         code: `const security: CustomHeaderSecurity = {};`,
@@ -34,6 +37,19 @@ describe("Migration", () => {
           },
         ],
       },
+      {
+        code: `createConfig({});`,
+        output: `createConfig({wrongMethodBehavior: 404,});`,
+        errors: [
+          {
+            messageId: "add",
+            data: {
+              subject: "wrongMethodBehavior property",
+              to: "configuration",
+            },
+          },
+        ],
+      },
     ],
   });
 });