CartoDB-SQL-API/app/middlewares/authenticated-request.js

'use strict';

var _ = require('underscore');
var AuthApi = require('../auth/auth_api');

function authenticatedMiddleware(userDatabaseService, forceToBeAuthenticated = false) {
    return function middleware(req, res, next) {
        req.profiler.start('sqlapi.job');
        req.profiler.done('init');

        // clone so don't modify req.params or req.body so oauth is not broken
        const params = _.extend({}, res.locals, req.query, req.body);

        const { user } = res.locals;

        var authApi = new AuthApi(req, res, params);
        userDatabaseService.getConnectionParams(authApi, user, function (err, dbParams, authDbParams, userLimits) {
            req.profiler.done('setDBAuth');

            if (err) {
                return next(err);
            }

            if (forceToBeAuthenticated && !dbParams.authenticated) {
                return next(new Error('permission denied'));
            }

            res.locals.userDbParams = dbParams;
            res.locals.authDbParams = authDbParams;
            res.locals.userLimits = userLimits;

            next();
        });
    };
}

module.exports = authenticatedMiddleware;
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`'use strict';`

			`var _ = require('underscore');`
			`var AuthApi = require('../auth/auth_api');`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`function authenticatedMiddleware(userDatabaseService, forceToBeAuthenticated = false) {`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`return function middleware(req, res, next) {`
			`req.profiler.start('sqlapi.job');`
			`req.profiler.done('init');`

			`// clone so don't modify req.params or req.body so oauth is not broken`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`const params = _.extend({}, res.locals, req.query, req.body);`

			`const { user } = res.locals;`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00
Get api_key from specific middleware and save it into res.locals 2018-02-16 00:23:35 +08:00			`var authApi = new AuthApi(req, res, params);`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`userDatabaseService.getConnectionParams(authApi, user, function (err, dbParams, authDbParams, userLimits) {`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`req.profiler.done('setDBAuth');`

			`if (err) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`return next(err);`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`}`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`if (forceToBeAuthenticated && !dbParams.authenticated) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`return next(new Error('permission denied'));`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`}`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`res.locals.userDbParams = dbParams;`
			`res.locals.authDbParams = authDbParams;`
			`res.locals.userLimits = userLimits;`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`next();`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`});`
			`};`
			`}`

			`module.exports = authenticatedMiddleware;`