CartoDB-SQL-API/test/acceptance/app-configuration-test.js

192 lines
6.9 KiB
JavaScript
Raw Normal View History

2018-10-24 21:42:33 +08:00
'use strict';
2016-12-09 18:19:01 +08:00
require('../helper');
var server = require('../../lib/server')();
2016-12-09 18:19:01 +08:00
var assert = require('../support/assert');
2019-09-27 15:52:51 +08:00
const accessControlHeaders = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization'
].join(', ');
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
].join(', ');
2016-12-09 18:19:01 +08:00
2019-12-24 01:19:08 +08:00
describe('app-configuration', function () {
2016-12-09 18:19:01 +08:00
var RESPONSE_OK = {
statusCode: 200
};
var expected_cache_control = 'no-cache,max-age=31536000,must-revalidate,public';
var expected_cache_control_persist = 'public,max-age=31536000';
2019-12-24 01:19:08 +08:00
it('GET /api/v1/version', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/v1/version',
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2016-12-09 18:19:01 +08:00
var parsed = JSON.parse(res.body);
var sqlapi_version = require(__dirname + '/../../package.json').version;
assert.ok(parsed.hasOwnProperty('cartodb_sql_api'), "No 'cartodb_sql_api' version in " + parsed);
2019-12-26 21:01:18 +08:00
assert.strictEqual(parsed.cartodb_sql_api, sqlapi_version);
2016-12-09 18:19:01 +08:00
done();
});
});
2019-12-24 01:19:08 +08:00
it('GET /api/v1/sql', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/v1/sql',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, {
2016-12-09 18:19:01 +08:00
status: 400
2019-12-24 01:19:08 +08:00
}, function (err, res) {
2019-12-26 21:01:18 +08:00
assert.deepStrictEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepStrictEqual(res.headers['content-disposition'], 'inline');
assert.deepStrictEqual(JSON.parse(res.body), { error: ['You must indicate a sql query'] });
2016-12-09 18:19:01 +08:00
done();
});
});
// Test base_url setting
2019-12-24 01:19:08 +08:00
it('GET /api/whatever/sql', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/whatever/sql?q=SELECT%201',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
}, RESPONSE_OK, done);
});
// Test CORS headers with GET
2019-12-24 01:19:08 +08:00
it('GET /api/whatever/sql', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/whatever/sql?q=SELECT%201',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2019-12-26 21:01:18 +08:00
assert.strictEqual(
res.headers['access-control-allow-headers'],
2019-09-27 15:52:51 +08:00
accessControlHeaders
);
2019-12-26 21:01:18 +08:00
assert.strictEqual(
2019-09-27 15:52:51 +08:00
res.headers['access-control-expose-headers'],
exposedHeaders
2016-12-09 18:19:01 +08:00
);
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
2016-12-09 18:19:01 +08:00
done();
});
});
// Test that OPTIONS does not run queries
2019-12-24 01:19:08 +08:00
it('OPTIONS /api/x/sql', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/x/sql?q=syntax%20error',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'OPTIONS'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.body, '');
assert.strictEqual(
res.headers['access-control-allow-headers'],
2019-09-27 15:52:51 +08:00
accessControlHeaders
);
2019-12-26 21:01:18 +08:00
assert.strictEqual(
2019-09-27 15:52:51 +08:00
res.headers['access-control-expose-headers'],
exposedHeaders
2016-12-09 18:19:01 +08:00
);
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
2016-12-09 18:19:01 +08:00
done();
});
});
2019-12-24 01:19:08 +08:00
it('cache_policy=persist', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/v1/sql?q=' +
'SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db&cache_policy=persist',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2016-12-09 18:19:01 +08:00
// Check cache headers
assert.ok(res.headers.hasOwnProperty('x-cache-channel'));
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/105
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
assert.strictEqual(res.headers['cache-control'], expected_cache_control_persist);
2016-12-09 18:19:01 +08:00
done();
});
});
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/121
2019-12-24 01:19:08 +08:00
it('SELECT from user-specific database', function (done) {
2016-12-09 18:19:01 +08:00
var backupDBHost = global.settings.db_host;
global.settings.db_host = '6.6.6.6';
assert.response(server, {
url: '/api/v1/sql?q=SELECT+2+as+n',
2019-12-24 01:19:08 +08:00
headers: { host: 'cartodb250user.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2016-12-09 18:19:01 +08:00
global.settings.db_host = backupDBHost;
try {
var parsed = JSON.parse(res.body);
2019-12-26 21:01:18 +08:00
assert.strictEqual(parsed.rows.length, 1);
assert.strictEqual(parsed.rows[0].n, 2);
2016-12-09 18:19:01 +08:00
} catch (e) {
return done(e);
}
done();
});
});
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/120
2019-12-24 01:19:08 +08:00
it('SELECT with user-specific password', function (done) {
2016-12-09 18:19:01 +08:00
var backupDBUserPass = global.settings.db_user_pass;
global.settings.db_user_pass = '<%= user_password %>';
assert.response(server, {
url: '/api/v1/sql?q=SELECT+2+as+n&api_key=1234',
2019-12-24 01:19:08 +08:00
headers: { host: 'cartodb250user.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2016-12-09 18:19:01 +08:00
global.settings.db_user_pass = backupDBUserPass;
try {
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.statusCode, 200, res.statusCode + ': ' + res.body);
2019-12-24 01:19:08 +08:00
var parsed = JSON.parse(res.body);
2019-12-26 21:01:18 +08:00
assert.strictEqual(parsed.rows.length, 1);
assert.strictEqual(parsed.rows[0].n, 2);
2016-12-09 18:19:01 +08:00
} catch (e) {
2019-12-24 01:19:08 +08:00
return done(e);
2016-12-09 18:19:01 +08:00
}
return done();
});
});
/**
* CORS
*/
2019-12-24 01:19:08 +08:00
it('GET /api/v1/sql with SQL parameter on SELECT only should return CORS headers ', function (done) {
2016-12-09 18:19:01 +08:00
assert.response(server, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db',
2019-12-24 01:19:08 +08:00
headers: { host: 'vizzuality.cartodb.com' },
2016-12-09 18:19:01 +08:00
method: 'GET'
2019-12-24 01:19:08 +08:00
}, RESPONSE_OK, function (err, res) {
2016-12-09 18:19:01 +08:00
// Check cache headers
2019-12-26 21:01:18 +08:00
assert.strictEqual(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
assert.strictEqual(res.headers['cache-control'], expected_cache_control);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
assert.strictEqual(
2016-12-09 18:19:01 +08:00
res.headers['access-control-allow-headers'],
2019-09-27 15:52:51 +08:00
accessControlHeaders
);
2019-12-26 21:01:18 +08:00
assert.strictEqual(
2019-09-27 15:52:51 +08:00
res.headers['access-control-expose-headers'],
exposedHeaders
2016-12-09 18:19:01 +08:00
);
done();
});
});
});