Protect API mount point in aliases

utils/utils.go

@@ -82,6 +82,12 @@ func IsValidAlias(alias string) bool {
 		return false
 	}
 
+	// API module
+	regexpeApi := regexp.MustCompile(`^\/api\/`)
+	if alias == "/api" || regexpeApi.MatchString(alias) {
+		return false
+	}
+
 	regexpeSlash := regexp.MustCompile(`[\/]{2,}`)
 	regexpeChars := regexp.MustCompile(`^\/([a-zA-Z0-9\/\-_\.]+)\/?$`)
 	return (!regexpeSlash.MatchString(alias) && regexpeChars.MatchString(alias)) || alias == "/"

utils/utils_test.go

@@ -81,6 +81,12 @@ func TestIsValidAlias(t *testing.T) {
 	Expect(t, IsValidAlias("/shop/some"), false)
 	Expect(t, IsValidAlias("/shop-1"), true)
 	Expect(t, IsValidAlias("/shop-some"), true)
+
+	Expect(t, IsValidAlias("/api"), false)
+	Expect(t, IsValidAlias("/api/"), false)
+	Expect(t, IsValidAlias("/api/some"), false)
+	Expect(t, IsValidAlias("/api-1"), true)
+	Expect(t, IsValidAlias("/api-some"), true)
 }
 
 func TestIsValidSingleAlias(t *testing.T) {