CartoDB-SQL-API/app/services/pg-entities-access-validator.js

'use strict';

const FORBIDDEN_ENTITIES = {
    carto: ['*'],
    cartodb: [
        'cdb_analysis_catalog',
        'cdb_conf',
        'cdb_tablemetadata'
    ],
    pg_catalog: ['*'],
    information_schema: ['*'],
    public: ['spatial_ref_sys'],
    topology: [
        'layer',
        'topology'
    ]
};

const Validator = {
    validate(affectedTables, authorizationLevel) {
        let hardValidationResult = true;
        let softValidationResult = true;

        if (!!affectedTables && affectedTables.tables) {
            if (global.settings.validatePGEntitiesAccess) {
                hardValidationResult = this.hardValidation(affectedTables.tables);
            }

            if (authorizationLevel !== 'master') {
                softValidationResult = this.softValidation(affectedTables.tables);
            }
        }

        return hardValidationResult && softValidationResult;
    },

    hardValidation(tables) {
        for (let table of tables) {
            if (FORBIDDEN_ENTITIES[table.schema_name] && FORBIDDEN_ENTITIES[table.schema_name].length &&
                (
                    FORBIDDEN_ENTITIES[table.schema_name][0] === '*' ||
                    FORBIDDEN_ENTITIES[table.schema_name].includes(table.table_name)
                )
            ) {
                return false;
            }
        }

        return true;
    },

    softValidation(tables) {
        for (let table of tables) {
            if (table.table_name.match(/\bpg_/)) {
                return false;
            }
        }

        return true;
    }
};

module.exports = Validator;
Use strict mode 2018-10-24 21:42:33 +08:00			`'use strict';`

pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`const FORBIDDEN_ENTITIES = {`
			`carto: ['*'],`
			`cartodb: [`
			`'cdb_analysis_catalog',`
			`'cdb_conf',`
			`'cdb_tablemetadata'`
			`],`
			`pg_catalog: ['*'],`
			`information_schema: ['*'],`
			`public: ['spatial_ref_sys'],`
			`topology: [`
			`'layer',`
			`'topology'`
			`]`
			`};`

create object and export 2018-04-24 19:21:43 +08:00			`const Validator = {`
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`validate(affectedTables, authorizationLevel) {`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`let hardValidationResult = true;`
			`let softValidationResult = true;`

			`if (!!affectedTables && affectedTables.tables) {`
fix validatePGEntitiesAccess access 2018-04-26 16:13:03 +08:00			`if (global.settings.validatePGEntitiesAccess) {`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`hardValidationResult = this.hardValidation(affectedTables.tables);`
			`}`
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00
			`if (authorizationLevel !== 'master') {`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`softValidationResult = this.softValidation(affectedTables.tables);`
			`}`
			`}`

			`return hardValidationResult && softValidationResult;`
			`},`

			`hardValidation(tables) {`
solving jshint crazy error 2018-04-24 16:10:37 +08:00			`for (let table of tables) {`
create object and export 2018-04-24 19:21:43 +08:00			`if (FORBIDDEN_ENTITIES[table.schema_name] && FORBIDDEN_ENTITIES[table.schema_name].length &&`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`(`
create object and export 2018-04-24 19:21:43 +08:00			`FORBIDDEN_ENTITIES[table.schema_name][0] === '*' \|\|`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`FORBIDDEN_ENTITIES[table.schema_name].includes(table.table_name)`
			`)`
			`) {`
			`return false;`
			`}`
			`}`

			`return true;`
			`},`

			`softValidation(tables) {`
solving jshint crazy error 2018-04-24 16:10:37 +08:00			`for (let table of tables) {`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`if (table.table_name.match(/\bpg_/)) {`
			`return false;`
			`}`
			`}`

			`return true;`
			`}`
Use strict mode 2018-10-24 21:42:33 +08:00			`};`
create object and export 2018-04-24 19:21:43 +08:00
			`module.exports = Validator;`