CartoDB-SQL-API/app/models/apikey_auth.js

88 lines
2.3 KiB
JavaScript
Raw Normal View History

2011-12-27 02:16:41 +08:00
/**
* this module allows to auth user using an pregenerated api key
*/
var _ = require('underscore')
, Step = require('step');
function ApikeyAuth(cartodb_redis, cartodb_request) {
if ( ! cartodb_redis ) throw new Error("Cannot initialize ApikeyAuth with no cartodb_request");
if ( ! cartodb_request ) throw new Error("Cannot initialize ApikeyAuth with no cartodb-redis");
this.cdbRedis = cartodb_redis;
this.cdbRequest = cartodb_request;
}
module.exports = ApikeyAuth;
var o = ApikeyAuth.prototype;
o.userByReq = function(req) {
return this.cdbRequest.userByReq(req)
};
// Check if a request is authorized by api_key
//
// @param req express request object
// @param callback function(err, authorized)
//
o.authorizedByAPIKey = function(req, callback)
{
var user = this.userByReq(req);
var that = this;
Step(
function (){
that.cdbRedis.getUserMapKey(user, this);
},
function checkApiKey(err, val){
if (err) throw err;
var valid = 0;
if ( val ) {
if ( val == req.query.map_key ) valid = 1;
else if ( val == req.query.api_key ) valid = 1;
// check also in request body
else if ( req.body && req.body.map_key && val == req.body.map_key ) valid = 1;
else if ( req.body && req.body.api_key && val == req.body.api_key ) valid = 1;
}
return valid;
},
function finish(err, authorized) {
callback(err, authorized);
}
);
};
/**
* Get id of authorized user
*
* @param req - standard req object. Importantly contains table and host information
* @param callback - err, user_id (null if no auth)
*/
o.verifyRequest = function(req, callback) {
var user = this.userByReq(req);
var that = this;
Step(
// check api key
function(){
that.authorizedByAPIKey(req, this);
},
// get user id or fail
function (err, apikey_valid) {
if ( err ) throw err;
if (apikey_valid) {
that.cdbRedis.getUserId(user, this);
} else {
// no auth
callback(null, null);
2011-12-27 02:16:41 +08:00
}
},
function (err, user_id){
callback(err, user_id);
}
);
};