CartoDB-SQL-API/test/acceptance/system-queries-test.js

'use strict';

require('../helper');

var server = require('../../lib/server')();
var assert = require('../support/assert');
var querystring = require('querystring');

describe('system-queries', function () {
    var systemQueriesSuitesToTest = [
        {
            desc: 'pg_ queries work with api_key and fail otherwise',
            queries: [
                'SELECT * FROM pg_attribute',
                'SELECT * FROM PG_attribute',
                'SELECT * FROM "pg_attribute"',
                'SELECT a.* FROM untitle_table_4 a,pg_attribute',
                'SELECT * FROM geometry_columns'
            ],
            api_key_works: true,
            no_api_key_works: false
        },
        {
            desc: 'Possible false positive queries will work with api_key and without it',
            queries: [
                "SELECT 'pg_'",
                'SELECT pg_attribute FROM ( select 1 as pg_attribute ) as f',
                'SELECT * FROM cpg_test'
            ],
            api_key_works: true,
            no_api_key_works: true
        }
    ];

    systemQueriesSuitesToTest.forEach(function (suiteToTest) {
        var apiKeyStatusErrorCode = suiteToTest.api_key_works ? 200 : 403;
        testSystemQueries(suiteToTest.desc + ' with api_key', suiteToTest.queries, apiKeyStatusErrorCode, '1234');
        var noApiKeyStatusErrorCode = suiteToTest.no_api_key_works ? 200 : 403;
        testSystemQueries(suiteToTest.desc, suiteToTest.queries, noApiKeyStatusErrorCode);
    });

    function testSystemQueries (description, queries, statusErrorCode, apiKey) {
        queries.forEach(function (query) {
            it('[' + description + ']  query: ' + query, function (done) {
                var queryStringParams = { q: query };
                if (apiKey) {
                    queryStringParams.api_key = apiKey;
                }
                var request = {
                    headers: { host: 'vizzuality.cartodb.com' },
                    method: 'GET',
                    url: '/api/v1/sql?' + querystring.stringify(queryStringParams)
                };
                assert.response(server, request, function (err, response) {
                    assert.ifError(err);
                    assert.strictEqual(response.statusCode, statusErrorCode);
                    done();
                });
            });
        });
    }
});
Use strict mode 2018-10-24 21:42:33 +08:00			`'use strict';`

System queries 2016-12-09 17:56:50 +08:00			`require('../helper');`

Changed folder structure to reflect application functionallity. Renamed files using hyphens instead of underscore to have a more consistent naming across the whole project 2019-10-04 00:24:39 +08:00			`var server = require('../../lib/server')();`
System queries 2016-12-09 17:56:50 +08:00			`var assert = require('../support/assert');`
			`var querystring = require('querystring');`

Run eslint --fix 2019-12-24 01:19:08 +08:00			`describe('system-queries', function () {`
System queries 2016-12-09 17:56:50 +08:00			`var systemQueriesSuitesToTest = [`
			`{`
			`desc: 'pg_ queries work with api_key and fail otherwise',`
			`queries: [`
			`'SELECT * FROM pg_attribute',`
			`'SELECT * FROM PG_attribute',`
			`'SELECT * FROM "pg_attribute"',`
			`'SELECT a.* FROM untitle_table_4 a,pg_attribute',`
			`'SELECT * FROM geometry_columns'`
			`],`
			`api_key_works: true,`
			`no_api_key_works: false`
			`},`
			`{`
			`desc: 'Possible false positive queries will work with api_key and without it',`
			`queries: [`
			`"SELECT 'pg_'",`
			`'SELECT pg_attribute FROM ( select 1 as pg_attribute ) as f',`
			`'SELECT * FROM cpg_test'`
			`],`
			`api_key_works: true,`
			`no_api_key_works: true`
			`}`
			`];`

Run eslint --fix 2019-12-24 01:19:08 +08:00			`systemQueriesSuitesToTest.forEach(function (suiteToTest) {`
			`var apiKeyStatusErrorCode = suiteToTest.api_key_works ? 200 : 403;`
System queries 2016-12-09 17:56:50 +08:00			`testSystemQueries(suiteToTest.desc + ' with api_key', suiteToTest.queries, apiKeyStatusErrorCode, '1234');`
Run eslint --fix 2019-12-24 01:19:08 +08:00			`var noApiKeyStatusErrorCode = suiteToTest.no_api_key_works ? 200 : 403;`
System queries 2016-12-09 17:56:50 +08:00			`testSystemQueries(suiteToTest.desc, suiteToTest.queries, noApiKeyStatusErrorCode);`
			`});`

Run eslint --fix 2019-12-24 01:19:08 +08:00			`function testSystemQueries (description, queries, statusErrorCode, apiKey) {`
			`queries.forEach(function (query) {`
			`it('[' + description + '] query: ' + query, function (done) {`
			`var queryStringParams = { q: query };`
			`if (apiKey) {`
System queries 2016-12-09 17:56:50 +08:00			`queryStringParams.api_key = apiKey;`
			`}`
			`var request = {`
Run eslint --fix 2019-12-24 01:19:08 +08:00			`headers: { host: 'vizzuality.cartodb.com' },`
System queries 2016-12-09 17:56:50 +08:00			`method: 'GET',`
			`url: '/api/v1/sql?' + querystring.stringify(queryStringParams)`
			`};`
Run eslint --fix 2019-12-24 01:19:08 +08:00			`assert.response(server, request, function (err, response) {`
Fix lint errors 2019-12-26 21:51:09 +08:00			`assert.ifError(err);`
Use asert.strict mode 2019-12-26 21:01:18 +08:00			`assert.strictEqual(response.statusCode, statusErrorCode);`
System queries 2016-12-09 17:56:50 +08:00			`done();`
			`});`
			`});`
			`});`
			`}`
			`});`