CartoDB-SQL-API/lib/api/middlewares/user.js

'use strict';

const CdbRequest = require('../../models/cartodb-request');

module.exports = function user (metadataBackend) {
    const cdbRequest = new CdbRequest();

    return function userMiddleware (req, res, next) {
        const { logger } = res.locals;

        try {
            res.locals.user = getUserNameFromRequest(req, cdbRequest);
            logger.info({ user: res.locals.user });
        } catch (err) {
            return next(err);
        }

        metadataBackend.getUserId(res.locals.user, (err, userId) => {
            if (err || !userId) {
                const error = new Error('Unauthorized');
                error.type = 'auth';
                error.subtype = 'user-not-found';
                error.http_status = 404;
                error.message = errorUserNotFoundMessageTemplate(res.locals.user);

                return next(error);
            }

            res.locals.userId = userId;
            res.set('Carto-User-Id', `${userId}`);
            return next();
        });
    };
};

function getUserNameFromRequest (req, cdbRequest) {
    return cdbRequest.userByReq(req);
}

function errorUserNotFoundMessageTemplate (user) {
    return `Sorry, we can't find CARTO user '${user}'. Please check that you have entered the correct domain.`;
}
Use strict mode 2018-10-24 21:42:33 +08:00			`'use strict';`

Changed folder structure to reflect application functionallity. Renamed files using hyphens instead of underscore to have a more consistent naming across the whole project 2019-10-04 00:24:39 +08:00			`const CdbRequest = require('../../models/cartodb-request');`
Use user middleware in job controller 2016-10-04 21:19:31 +08:00
Consistent middleware naming 2019-10-04 01:35:18 +08:00			`module.exports = function user (metadataBackend) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`const cdbRequest = new CdbRequest();`

			`return function userMiddleware (req, res, next) {`
Breaking changes: - Log system revamp: - Logs to stdout, disabled while testing - Use header `X-Request-Id`, or create a new `uuid` when no present, to identyfy log entries - Be able to set log level from env variable `LOG_LEVEL`, useful while testing: `LOG_LEVEL=info npm test`; even more human-readable: `LOG_LEVEL=info npm t \| ./node_modules/.bin/pino-pretty` - Be able to reduce the footprint in the final log file depending on the environment - Use one logger for every service: Queries, Batch Queries (Jobs), and Data Ingestion (CopyTo/CopyFrom) - Stop using headers such as: `X-SQL-API-Log`, `X-SQL-API-Profiler`, and `X-SQL-API-Errors` as a way to log info. - Be able to tag requests with labels as an easier way to provide business metrics - Metro: Add log-collector utility (`metro`), it will be moved to its own repository. Attaching it here fro development purposes. Try it with the following command `LOG_LEVEL=info npm t \| node metro` - Metro: Creates `metrics-collector.js` a stream to update Prometheus' counters and histograms and exposes them via Express' app (`:9145/metrics`). Use the ones defined in `grok_exporter` Announcements: - Profiler is always set. No need to check its existence anymore - Unify profiler usage for every endpoint Bug fixes: - Avoid hung requests while fetching user identifier 2020-06-30 23:42:59 +08:00			`const { logger } = res.locals;`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00
Breaking changes: - Log system revamp: - Logs to stdout, disabled while testing - Use header `X-Request-Id`, or create a new `uuid` when no present, to identyfy log entries - Be able to set log level from env variable `LOG_LEVEL`, useful while testing: `LOG_LEVEL=info npm test`; even more human-readable: `LOG_LEVEL=info npm t \| ./node_modules/.bin/pino-pretty` - Be able to reduce the footprint in the final log file depending on the environment - Use one logger for every service: Queries, Batch Queries (Jobs), and Data Ingestion (CopyTo/CopyFrom) - Stop using headers such as: `X-SQL-API-Log`, `X-SQL-API-Profiler`, and `X-SQL-API-Errors` as a way to log info. - Be able to tag requests with labels as an easier way to provide business metrics - Metro: Add log-collector utility (`metro`), it will be moved to its own repository. Attaching it here fro development purposes. Try it with the following command `LOG_LEVEL=info npm t \| node metro` - Metro: Creates `metrics-collector.js` a stream to update Prometheus' counters and histograms and exposes them via Express' app (`:9145/metrics`). Use the ones defined in `grok_exporter` Announcements: - Profiler is always set. No need to check its existence anymore - Unify profiler usage for every endpoint Bug fixes: - Avoid hung requests while fetching user identifier 2020-06-30 23:42:59 +08:00			`try {`
			`res.locals.user = getUserNameFromRequest(req, cdbRequest);`
			`logger.info({ user: res.locals.user });`
			`} catch (err) {`
			`return next(err);`
			`}`

			`metadataBackend.getUserId(res.locals.user, (err, userId) => {`
Add pubsub metrics (#642) * Create middleware and service for pubsub metrics * Use pubsub middleware for all request * Replace isEnabled with isDisabled to avoid negation * Use new headers names * Add acceptance and unit tests * Remove commented log calls * Remove only filters in tests Remove typo * Refactor service to ease integration test * Fix interaction with query controller * Use middleware at api-router and test all controllers * Rename user middleware function * Use sinon latest version * Create middleware and service for pubsub metrics * Use pubsub middleware for all request * Replace isEnabled with isDisabled to avoid negation * Use new headers names * Add acceptance and unit tests * Remove commented log calls * Remove only filters in tests Remove typo * Refactor service to ease integration test * Fix interaction with query controller * Use middleware at api-router and test all controllers * Rename user middleware function * Use sinon latest version * Fix tests * Fix typos * Checks if pubsub config exists to enable the service * Fix typo * Normalize headers values for pubsub * Trim fields when normalizing * Trim fields when normalizing 2020-02-27 00:19:07 +08:00			`if (err \|\| !userId) {`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			`const error = new Error('Unauthorized');`
			`error.type = 'auth';`
			`error.subtype = 'user-not-found';`
			`error.http_status = 404;`
			`error.message = errorUserNotFoundMessageTemplate(res.locals.user);`
Breaking changes: - Log system revamp: - Logs to stdout, disabled while testing - Use header `X-Request-Id`, or create a new `uuid` when no present, to identyfy log entries - Be able to set log level from env variable `LOG_LEVEL`, useful while testing: `LOG_LEVEL=info npm test`; even more human-readable: `LOG_LEVEL=info npm t \| ./node_modules/.bin/pino-pretty` - Be able to reduce the footprint in the final log file depending on the environment - Use one logger for every service: Queries, Batch Queries (Jobs), and Data Ingestion (CopyTo/CopyFrom) - Stop using headers such as: `X-SQL-API-Log`, `X-SQL-API-Profiler`, and `X-SQL-API-Errors` as a way to log info. - Be able to tag requests with labels as an easier way to provide business metrics - Metro: Add log-collector utility (`metro`), it will be moved to its own repository. Attaching it here fro development purposes. Try it with the following command `LOG_LEVEL=info npm t \| node metro` - Metro: Creates `metrics-collector.js` a stream to update Prometheus' counters and histograms and exposes them via Express' app (`:9145/metrics`). Use the ones defined in `grok_exporter` Announcements: - Profiler is always set. No need to check its existence anymore - Unify profiler usage for every endpoint Bug fixes: - Avoid hung requests while fetching user identifier 2020-06-30 23:42:59 +08:00
			`return next(error);`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			`}`
make function checkUserExists node callback pattern compilant 2018-06-06 21:48:22 +08:00
Add pubsub metrics (#642) * Create middleware and service for pubsub metrics * Use pubsub middleware for all request * Replace isEnabled with isDisabled to avoid negation * Use new headers names * Add acceptance and unit tests * Remove commented log calls * Remove only filters in tests Remove typo * Refactor service to ease integration test * Fix interaction with query controller * Use middleware at api-router and test all controllers * Rename user middleware function * Use sinon latest version * Create middleware and service for pubsub metrics * Use pubsub middleware for all request * Replace isEnabled with isDisabled to avoid negation * Use new headers names * Add acceptance and unit tests * Remove commented log calls * Remove only filters in tests Remove typo * Refactor service to ease integration test * Fix interaction with query controller * Use middleware at api-router and test all controllers * Rename user middleware function * Use sinon latest version * Fix tests * Fix typos * Checks if pubsub config exists to enable the service * Fix typo * Normalize headers values for pubsub * Trim fields when normalizing * Trim fields when normalizing 2020-02-27 00:19:07 +08:00			`res.locals.userId = userId;`
respond with user-id and client in the headers added headers to the test-client callback to be able to check them 2020-06-22 15:47:22 +08:00			res.set('Carto-User-Id', `${userId}`);
make function checkUserExists node callback pattern compilant 2018-06-06 21:48:22 +08:00			`return next();`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			`});`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`};`
Use user middleware in job controller 2016-10-04 21:19:31 +08:00			`};`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00
Consistent middleware naming 2019-10-04 01:35:18 +08:00			`function getUserNameFromRequest (req, cdbRequest) {`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			`return cdbRequest.userByReq(req);`
			`}`

Consistent middleware naming 2019-10-04 01:35:18 +08:00			`function errorUserNotFoundMessageTemplate (user) {`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			return `Sorry, we can't find CARTO user '${user}'. Please check that you have entered the correct domain.`;
			`}`