CartoDB-SQL-API/app/auth/apikey.js

/**
 * this module allows to auth user using an pregenerated api key
 */
function ApikeyAuth(req) {
    this.req = req;
}

module.exports = ApikeyAuth;

ApikeyAuth.prototype.verifyCredentials = function(options, callback) {
    verifyRequest(this.req, options.apiKey, callback);
};

ApikeyAuth.prototype.hasCredentials = function() {
    return !!(this.req.query.api_key || this.req.query.map_key ||
        (this.req.body && this.req.body.api_key) || (this.req.body && this.req.body.map_key));
};

/**
 * Get id of authorized user
 *
 * @param {Object} req - standard req object. Importantly contains table and host information
 * @param {String} requiredApi - the API associated to the user, req must contain it
 * @param {Function} callback - err, boolean (whether the request is authenticated or not)
 */
function verifyRequest(req, requiredApi, callback) {

    var valid = false;

    if ( requiredApi ) {
        if ( requiredApi === req.query.map_key ) {
            valid = true;
        } else if ( requiredApi === req.query.api_key ) {
            valid = true;
        // check also in request body
        } else if ( req.body && req.body.map_key && requiredApi === req.body.map_key ) {
            valid = true;
        } else if ( req.body && req.body.api_key && requiredApi === req.body.api_key ) {
            valid = true;
        }
    }

    callback(null, valid);
}
added auth using api token 2011-12-27 02:16:41 +08:00			`/**`
			`* this module allows to auth user using an pregenerated api key`
			`*/`
New authentication mechanism: checks in advance if credentials are provided in order to do a single request to redis to retrieve the required database connection parameters. 2014-08-05 22:20:06 +08:00			`function ApikeyAuth(req) {`
			`this.req = req;`
Generalize CartoDB username extraction, allowing for multiuser setups Closes #124 2013-12-18 18:57:46 +08:00			`}`

			`module.exports = ApikeyAuth;`

New authentication mechanism: checks in advance if credentials are provided in order to do a single request to redis to retrieve the required database connection parameters. 2014-08-05 22:20:06 +08:00			`ApikeyAuth.prototype.verifyCredentials = function(options, callback) {`
			`verifyRequest(this.req, options.apiKey, callback);`
			`};`

			`ApikeyAuth.prototype.hasCredentials = function() {`
jshint: fix auth directory 2015-05-13 00:00:30 +08:00			`return !!(this.req.query.api_key \|\| this.req.query.map_key \|\|`
			`(this.req.body && this.req.body.api_key) \|\| (this.req.body && this.req.body.map_key));`
New authentication mechanism: checks in advance if credentials are provided in order to do a single request to redis to retrieve the required database connection parameters. 2014-08-05 22:20:06 +08:00			`};`

Generalize CartoDB username extraction, allowing for multiuser setups Closes #124 2013-12-18 18:57:46 +08:00			`/**`
			`* Get id of authorized user`
			`*`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`* @param {Object} req - standard req object. Importantly contains table and host information`
			`* @param {String} requiredApi - the API associated to the user, req must contain it`
			`* @param {Function} callback - err, boolean (whether the request is authenticated or not)`
Generalize CartoDB username extraction, allowing for multiuser setups Closes #124 2013-12-18 18:57:46 +08:00			`*/`
New authentication mechanism: checks in advance if credentials are provided in order to do a single request to redis to retrieve the required database connection parameters. 2014-08-05 22:20:06 +08:00			`function verifyRequest(req, requiredApi, callback) {`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00
			`var valid = false;`

			`if ( requiredApi ) {`
jshint: fix auth directory 2015-05-13 00:00:30 +08:00			`if ( requiredApi === req.query.map_key ) {`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`valid = true;`
jshint: fix auth directory 2015-05-13 00:00:30 +08:00			`} else if ( requiredApi === req.query.api_key ) {`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`valid = true;`
			`// check also in request body`
jshint: fix auth directory 2015-05-13 00:00:30 +08:00			`} else if ( req.body && req.body.map_key && requiredApi === req.body.map_key ) {`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`valid = true;`
jshint: fix auth directory 2015-05-13 00:00:30 +08:00			`} else if ( req.body && req.body.api_key && requiredApi === req.body.api_key ) {`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`valid = true;`
Generalize CartoDB username extraction, allowing for multiuser setups Closes #124 2013-12-18 18:57:46 +08:00			`}`
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`}`
Generalize CartoDB username extraction, allowing for multiuser setups Closes #124 2013-12-18 18:57:46 +08:00
CDB-3629 Uses one request to redis to retrieve all connection params 2014-08-05 08:29:07 +08:00			`callback(null, valid);`
New authentication mechanism: checks in advance if credentials are provided in order to do a single request to redis to retrieve the required database connection parameters. 2014-08-05 22:20:06 +08:00			`}`