[Bug] HTTP Method Not Allowed returns code 500 instead of 405

[time2024]

Contact Information

zenith30@qq.com

MaxKB Version

v1.10.x (latest Docker image)

Problem Description

When sending an HTTP request with a method not supported by an endpoint (e.g., POST to /admin/api/workspace/default/knowledge), the API returns {"code": 500} with message 方法 "POST" 不被允许。 instead of the standard HTTP 405 Method Not Allowed response. The HTTP status code is 200, but the internal code field is 500. According to REST API standards (RFC 7231), unsupported methods should return HTTP 405.

Steps to Reproduce

curl -s -X POST
-H "Authorization: Bearer <your_token>"
-H "Content-Type: application/json"
-d '{"name":"test","desc":"test","type":"0"}'
http://localhost:8080/admin/api/workspace/default/knowledge

The expected correct result

HTTP 405 with response body:
json{"code": 405, "message": "Method Not Allowed", "data": null}

Related log output

Actual response (HTTP 200):
{"code": 500, "message": "方法 \u201cPOST\u201d 不被允许。", "data": null}

Additional Information

Found via automated fuzzing testing. 33+ different POST requests to this endpoint all produce the same code 500 response. This affects monitoring systems that rely on HTTP status codes to detect real server errors, as it produces false positives.