CartoDB-SQL-API/app/services/user_database_service.js

function isApiKeyFound(apikey) {
    return apikey.type !== null &&
        apikey.user !== null &&
        apikey.databasePassword !== null &&
        apikey.databaseRole !== null;
}

function UserDatabaseService(metadataBackend) {
    this.metadataBackend = metadataBackend;
}

function errorUserNotFoundMessageTemplate (user) {
    return `Sorry, we can't find CARTO user '${user}'. Please check that you have entered the correct domain.`;
}

function isOauthAuthorization({ apikeyToken, authorizationLevel }) {
    return (authorizationLevel === 'master') && !apikeyToken;
}

/**
 * Callback is invoked with `dbParams` and `authDbParams`.
 * `dbParams` depends on AuthApi verification so it might return a public user with just SELECT permission, where
 * `authDbParams` will always return connection params as AuthApi had authorized the connection.
 * That might be useful when you have to run a query with and without permissions.
 *
 * @param {AuthApi} authApi
 * @param {String} cdbUsername
 * @param {Function} callback (err, dbParams, authDbParams)
 */
UserDatabaseService.prototype.getConnectionParams = function (username, apikeyToken, authorizationLevel, callback) {
    this.metadataBackend.getAllUserDBParams(username, (err, dbParams) => {
        if (err) {
            err.http_status = 404;
            err.message = errorUserNotFoundMessageTemplate(username);

            return callback(err);
        }

        const commonDBConfiguration = {
            port: global.settings.db_port,
            host: dbParams.dbhost,
            dbname: dbParams.dbname,
        };

        this.metadataBackend.getMasterApikey(username, (err, masterApikey) => {
            
            if (err) {
                err.http_status = 404;
                err.message = errorUserNotFoundMessageTemplate(username);

                return callback(err);
            }

            if (!isApiKeyFound(masterApikey)) {
                const apiKeyNotFoundError = new Error('Unauthorized');
                apiKeyNotFoundError.type = 'auth';
                apiKeyNotFoundError.subtype = 'api-key-not-found';
                apiKeyNotFoundError.http_status = 401;

                return callback(apiKeyNotFoundError);
            }

            const masterDBConfiguration = Object.assign({
                user: masterApikey.databaseRole,
                pass: masterApikey.databasePassword
            },
                commonDBConfiguration);

            if (isOauthAuthorization({ apikeyToken, authorizationLevel})) {
                return callback(null, masterDBConfiguration, masterDBConfiguration);
            }

            // Default Api key fallback
            apikeyToken = apikeyToken || 'default_public';

            this.metadataBackend.getApikey(username, apikeyToken, (err, apikey) => {
                if (err) {
                    err.http_status = 404;
                    err.message = errorUserNotFoundMessageTemplate(username);

                    return callback(err);
                }

                if (!isApiKeyFound(apikey)) {
                    const apiKeyNotFoundError = new Error('Unauthorized');
                    apiKeyNotFoundError.type = 'auth';
                    apiKeyNotFoundError.subtype = 'api-key-not-found';
                    apiKeyNotFoundError.http_status = 401;

                    return callback(apiKeyNotFoundError);
                }

                const DBConfiguration = Object.assign({
                    user: apikey.databaseRole,
                    pass: apikey.databasePassword
                },
                    commonDBConfiguration);

                callback(null, DBConfiguration, masterDBConfiguration);
            });
        });
    });
};

module.exports = UserDatabaseService;
Implement fallback mechanism to be able to authenticate as usual in case of apikey is not found 2018-02-14 23:22:36 +08:00			`function isApiKeyFound(apikey) {`
Use current implementation of cartodb-redis 2018-02-12 23:41:35 +08:00			`return apikey.type !== null &&`
			`apikey.user !== null &&`
			`apikey.databasePassword !== null &&`
			`apikey.databaseRole !== null;`
			`}`

Refactored user database service ans updated controllers to use it. 2016-01-21 23:17:17 +08:00			`function UserDatabaseService(metadataBackend) {`
			`this.metadataBackend = metadataBackend;`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`}`

Template for User not found error 2018-02-23 00:49:02 +08:00			`function errorUserNotFoundMessageTemplate (user) {`
			return `Sorry, we can't find CARTO user '${user}'. Please check that you have entered the correct domain.`;
			`}`

refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`function isOauthAuthorization({ apikeyToken, authorizationLevel }) {`
			`return (authorizationLevel === 'master') && !apikeyToken;`
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`}`

Adds documentation about values passed over callback in getConnectionParams 2016-01-28 21:25:03 +08:00			`/**`
			* Callback is invoked with `dbParams` and `authDbParams`.
			* `dbParams` depends on AuthApi verification so it might return a public user with just SELECT permission, where
			* `authDbParams` will always return connection params as AuthApi had authorized the connection.
			`* That might be useful when you have to run a query with and without permissions.`
			`*`
			`* @param {AuthApi} authApi`
			`* @param {String} cdbUsername`
			`* @param {Function} callback (err, dbParams, authDbParams)`
			`*/`
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`UserDatabaseService.prototype.getConnectionParams = function (username, apikeyToken, authorizationLevel, callback) {`
Template for User not found error 2018-02-23 00:49:02 +08:00			`this.metadataBackend.getAllUserDBParams(username, (err, dbParams) => {`
Remove step 2018-02-22 22:58:52 +08:00			`if (err) {`
			`err.http_status = 404;`
Template for User not found error 2018-02-23 00:49:02 +08:00			`err.message = errorUserNotFoundMessageTemplate(username);`

Remove step 2018-02-22 22:58:52 +08:00			`return callback(err);`
			`}`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`const commonDBConfiguration = {`
Remove step 2018-02-22 22:58:52 +08:00			`port: global.settings.db_port,`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00			`host: dbParams.dbhost,`
			`dbname: dbParams.dbname,`
Remove step 2018-02-22 22:58:52 +08:00			`};`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`this.metadataBackend.getMasterApikey(username, (err, masterApikey) => {`

Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`if (err) {`
Remove step 2018-02-22 22:58:52 +08:00			`err.http_status = 404;`
Template for User not found error 2018-02-23 00:49:02 +08:00			`err.message = errorUserNotFoundMessageTemplate(username);`

Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`return callback(err);`
			`}`

refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`if (!isApiKeyFound(masterApikey)) {`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00			`const apiKeyNotFoundError = new Error('Unauthorized');`
			`apiKeyNotFoundError.type = 'auth';`
			`apiKeyNotFoundError.subtype = 'api-key-not-found';`
			`apiKeyNotFoundError.http_status = 401;`

refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`return callback(apiKeyNotFoundError);`
Remove step 2018-02-22 22:58:52 +08:00			`}`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`const masterDBConfiguration = Object.assign({`
			`user: masterApikey.databaseRole,`
			`pass: masterApikey.databasePassword`
			`},`
			`commonDBConfiguration);`

refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`if (isOauthAuthorization({ apikeyToken, authorizationLevel})) {`
FIX add return to callback call 2018-06-13 19:17:01 +08:00			`return callback(null, masterDBConfiguration, masterDBConfiguration);`
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`}`
Move authorization to auth-api and extract it from user-database-service 2018-02-22 18:46:34 +08:00
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`// Default Api key fallback`
			`apikeyToken = apikeyToken \|\| 'default_public';`

			`this.metadataBackend.getApikey(username, apikeyToken, (err, apikey) => {`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00			`if (err) {`
			`err.http_status = 404;`
			`err.message = errorUserNotFoundMessageTemplate(username);`

			`return callback(err);`
			`}`

			`if (!isApiKeyFound(apikey)) {`
			`const apiKeyNotFoundError = new Error('Unauthorized');`
			`apiKeyNotFoundError.type = 'auth';`
			`apiKeyNotFoundError.subtype = 'api-key-not-found';`
			`apiKeyNotFoundError.http_status = 401;`

refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`return callback(apiKeyNotFoundError);`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00			`}`

refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`const DBConfiguration = Object.assign({`
			`user: apikey.databaseRole,`
			`pass: apikey.databasePassword`
			`},`
			`commonDBConfiguration);`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00
refactor user database service. Get proper DB config based on auth type: oauth vs apikey Oauth uses only master api key configuration Api key uses master and the provided api key configurations Also move default api key fallback to this service 2018-05-28 21:53:51 +08:00			`callback(null, DBConfiguration, masterDBConfiguration);`
use apikeys instead of metadata for the database connections parameters 2018-05-25 23:23:24 +08:00			`});`
Remove step 2018-02-22 22:58:52 +08:00			`});`
Move authorization to auth-api and extract it from user-database-service 2018-02-22 18:46:34 +08:00			`});`
			`};`

Renamed exposed function 2015-12-10 22:06:25 +08:00			`module.exports = UserDatabaseService;`