CartoDB-SQL-API/app/controllers/query_controller.js

'use strict';

var _ = require('underscore');
var step = require('step');
var PSQL = require('cartodb-psql');
var CachedQueryTables = require('../services/cached-query-tables');
const pgEntitiesAccessValidator = require('../services/pg-entities-access-validator');
var queryMayWrite = require('../utils/query_may_write');

var formats = require('../models/formats');

var sanitize_filename = require('../utils/filename_sanitizer');
var getContentDisposition = require('../utils/content_disposition');
const bodyParserMiddleware = require('../middlewares/body-parser');
const userMiddleware = require('../middlewares/user');
const errorMiddleware = require('../middlewares/error');
const authorizationMiddleware = require('../middlewares/authorization');
const connectionParamsMiddleware = require('../middlewares/connection-params');
const timeoutLimitsMiddleware = require('../middlewares/timeout-limits');
const { initializeProfilerMiddleware } = require('../middlewares/profiler');
const rateLimitsMiddleware = require('../middlewares/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimitsMiddleware;
const handleQueryMiddleware = require('../middlewares/handle-query');
const logMiddleware = require('../middlewares/log');

const ONE_YEAR_IN_SECONDS = 31536000; // ttl in cache provider
const FIVE_MINUTES_IN_SECONDS = 60 * 5; // ttl in cache provider

function QueryController(metadataBackend, userDatabaseService, tableCache, statsd_client, userLimitsService) {
    this.metadataBackend = metadataBackend;
    this.statsd_client = statsd_client;
    this.userDatabaseService = userDatabaseService;
    this.queryTables = new CachedQueryTables(tableCache);
    this.userLimitsService = userLimitsService;
}

QueryController.prototype.route = function (app) {
    const { base_url } = global.settings;
    const forceToBeMaster = false;

    const queryMiddlewares = () => {
        return [
            bodyParserMiddleware(),
            initializeProfilerMiddleware('query'),
            userMiddleware(this.metadataBackend),
            rateLimitsMiddleware(this.userLimitsService, RATE_LIMIT_ENDPOINTS_GROUPS.QUERY),
            authorizationMiddleware(this.metadataBackend, forceToBeMaster),
            connectionParamsMiddleware(this.userDatabaseService),
            timeoutLimitsMiddleware(this.metadataBackend),
            handleQueryMiddleware(),
            logMiddleware(logMiddleware.TYPES.QUERY),
            this.handleQuery.bind(this),
            errorMiddleware()
        ];
    };

    app.all(`${base_url}/sql`, queryMiddlewares());
    app.all(`${base_url}/sql.:f`, queryMiddlewares());
};

// jshint maxcomplexity:21
QueryController.prototype.handleQuery = function (req, res, next) {
    var self = this;
    // clone so don't modify req.params or req.body so oauth is not broken
    var params = _.extend({}, req.query, req.body || {});
    var limit = parseInt(params.rows_per_page);
    var offset = parseInt(params.page);
    var orderBy = params.order_by;
    var sortOrder = params.sort_order;
    var requestedFormat = params.format;
    var format = _.isArray(requestedFormat) ? _.last(requestedFormat) : requestedFormat;
    var requestedFilename = params.filename;
    var filename = requestedFilename;
    var requestedSkipfields = params.skipfields;

    let { sql } = res.locals;
    const { user: username, userDbParams: dbopts, authDbParams, userLimits, authorizationLevel } = res.locals;

    var skipfields;
    var dp = params.dp; // decimal point digits (defaults to 6)
    var gn = "the_geom"; // TODO: read from configuration FILE

    req.aborted = false;
    req.on("close", function() {
        if (req.formatter && _.isFunction(req.formatter.cancel)) {
            req.formatter.cancel();
        }
        req.aborted = true; // TODO: there must be a builtin way to check this
    });

    function checkAborted(step) {
      if ( req.aborted ) {
        var err = new Error("Request aborted during " + step);
        // We'll use status 499, same as ngnix in these cases
        // see http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error
        err.http_status = 499;
        throw err;
      }
    }

    try {

        // sanitize and apply defaults to input
        dp        = (dp       === "" || _.isUndefined(dp))       ? '6'  : dp;
        format    = (format   === "" || _.isUndefined(format))   ? 'json' : format.toLowerCase();
        filename  = (filename === "" || _.isUndefined(filename)) ? 'cartodb-query' : sanitize_filename(filename);
        sql       = (sql      === "" || _.isUndefined(sql))      ? null : sql;
        limit     = (!_.isNaN(limit))  ? limit : null;
        offset    = (!_.isNaN(offset)) ? offset * limit : null;

        // Accept both comma-separated string or array of comma-separated strings
        if ( requestedSkipfields ) {
          if ( _.isString(requestedSkipfields) ) {
              skipfields = requestedSkipfields.split(',');
          } else if ( _.isArray(requestedSkipfields) ) {
            skipfields = [];
            _.each(requestedSkipfields, function(ele) {
              skipfields = skipfields.concat(ele.split(','));
            });
          }
        } else {
          skipfields = [];
        }

        //if ( -1 === supportedFormats.indexOf(format) )
        if ( ! formats.hasOwnProperty(format) ) {
            throw new Error("Invalid format: " + format);
        }

        if (!_.isString(sql)) {
            throw new Error("You must indicate a sql query");
        }

        var formatter;

        if ( req.profiler ) {
            req.profiler.done('init');
        }

        // 1. Get the list of tables affected by the query
        // 2. Setup headers
        // 3. Send formatted results back
        // 4. Handle error
        step(
            function queryExplain() {
                var next = this;

                checkAborted('queryExplain');

                var pg = new PSQL(authDbParams);

                var skipCache = authorizationLevel === 'master';

                self.queryTables.getAffectedTablesFromQuery(pg, sql, skipCache, function(err, result) {
                    if (err) {
                        var errorMessage = (err && err.message) || 'unknown error';
                        console.error("Error on query explain '%s': %s", sql, errorMessage);
                    }
                    return next(null, result);
                });
            },
            function setHeaders(err, affectedTables) {
                if (err) {
                    throw err;
                }

                var mayWrite = queryMayWrite(sql);
                if ( req.profiler ) {
                    req.profiler.done('queryExplain');
                }

                checkAborted('setHeaders');
                if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {
                    const syntaxError = new SyntaxError("system tables are forbidden");
                    syntaxError.http_status = 403;
                    throw(syntaxError);
                }

                var FormatClass = formats[format];
                formatter = new FormatClass();
                req.formatter = formatter;


                // configure headers for given format
                var use_inline = !requestedFormat && !requestedFilename;
                res.header("Content-Disposition", getContentDisposition(formatter, filename, use_inline));
                res.header("Content-Type", formatter.getContentType());

                // set cache headers
                var cachePolicy = req.query.cache_policy;
                if (cachePolicy === 'persist') {
                    res.header('Cache-Control', 'public,max-age=' + ONE_YEAR_IN_SECONDS);
                } else {
                    if (affectedTables && affectedTables.getTables().every(table => table.updated_at !== null)) {
                        const maxAge = mayWrite ? 0 : (global.settings.cache.ttl || ONE_YEAR_IN_SECONDS);
                        res.header('Cache-Control', `no-cache,max-age=${maxAge},must-revalidate,public`);
                    } else {
                        const maxAge = global.settings.cache.fallbackTtl || FIVE_MINUTES_IN_SECONDS;
                        res.header('Cache-Control', `no-cache,max-age=${maxAge},must-revalidate,public`);
                    }
                }

                // Only set an X-Cache-Channel for responses we want Varnish to cache.
                var skipNotUpdatedAtTables = true;
                if (!!affectedTables && affectedTables.getTables(skipNotUpdatedAtTables).length > 0 && !mayWrite) {
                    res.header('X-Cache-Channel', affectedTables.getCacheChannel(skipNotUpdatedAtTables));
                    res.header('Surrogate-Key', affectedTables.key(skipNotUpdatedAtTables).join(' '));
                }

                if(!!affectedTables) {
                    res.header('Last-Modified',
                               new Date(affectedTables.getLastUpdatedAt(Number(new Date()))).toUTCString());
                }

                return null;
            },
            function generateFormat(err){
                if (err) {
                    throw err;
                }
                checkAborted('generateFormat');

                // TODO: drop this, fix UI!
                sql = new PSQL.QueryWrapper(sql).orderBy(orderBy, sortOrder).window(limit, offset).query();

                var opts = {
                  username: username,
                  dbopts: dbopts,
                  sink: res,
                  gn: gn,
                  dp: dp,
                  skipfields: skipfields,
                  sql: sql,
                  filename: filename,
                  bufferedRows: global.settings.bufferedRows,
                  callback: params.callback,
                  abortChecker: checkAborted,
                  timeout: userLimits.timeout
                };

                if ( req.profiler ) {
                  opts.profiler = req.profiler;
                  opts.beforeSink = function() {
                    req.profiler.done('beforeSink');
                    res.header('X-SQLAPI-Profiler', req.profiler.toJSONString());
                  };
                }

                if (dbopts.host) {
                  res.header('X-Served-By-DB-Host', dbopts.host);
                }

                formatter.sendResponse(opts, this);
            },
            function errorHandle(err){
                formatter = null;

                if (err) {
                    next(err);
                }

                if ( req.profiler ) {
                    req.profiler.sendStats();
                }
                if (self.statsd_client) {
                  if ( err ) {
                      self.statsd_client.increment('sqlapi.query.error');
                  } else {
                      self.statsd_client.increment('sqlapi.query.success');
                  }
                }
            }
        );
    } catch (err) {
        next(err);

        if (self.statsd_client) {
            self.statsd_client.increment('sqlapi.query.error');
        }
    }

};

module.exports = QueryController;
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`'use strict';`

			`var _ = require('underscore');`
			`var step = require('step');`
			`var PSQL = require('cartodb-psql');`
Add a cache decorator over QueryTables 2016-03-08 21:48:56 +08:00			`var CachedQueryTables = require('../services/cached-query-tables');`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`const pgEntitiesAccessValidator = require('../services/pg-entities-access-validator');`
Use node-cartodb-querytables library 2016-02-22 19:21:44 +08:00			`var queryMayWrite = require('../utils/query_may_write');`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
			`var formats = require('../models/formats');`

			`var sanitize_filename = require('../utils/filename_sanitizer');`
			`var getContentDisposition = require('../utils/content_disposition');`
moving body-parser from global to routes of query and job 2018-05-04 21:15:37 +08:00			`const bodyParserMiddleware = require('../middlewares/body-parser');`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`const userMiddleware = require('../middlewares/user');`
			`const errorMiddleware = require('../middlewares/error');`
Rename middleware 2018-02-19 22:49:17 +08:00			`const authorizationMiddleware = require('../middlewares/authorization');`
Split authorization middleware, it was actually doing two things: authorize and get database connection params 2018-02-22 19:22:39 +08:00			`const connectionParamsMiddleware = require('../middlewares/connection-params');`
Extract to a middleware user timeout limit from user-database-services 2018-02-22 19:45:55 +08:00			`const timeoutLimitsMiddleware = require('../middlewares/timeout-limits');`
Extract profiler middleware to used in query and job controllers 2018-02-19 22:13:36 +08:00			`const { initializeProfilerMiddleware } = require('../middlewares/profiler');`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00			`const rateLimitsMiddleware = require('../middlewares/rate-limit');`
fix assignment 2018-03-01 20:15:32 +08:00			`const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimitsMiddleware;`
using handleQueryMiddleware in query controller 2019-02-26 21:47:23 +08:00			`const handleQueryMiddleware = require('../middlewares/handle-query');`
log query and job endpoints 2019-02-27 16:02:31 +08:00			`const logMiddleware = require('../middlewares/log');`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
Set directive 'max-age' to 5 min when there are affacted tables where we can't know when were updated for the last time, e.g: non cartodified tables or foreing tables without cartodb support 2019-07-04 16:45:35 +08:00			`const ONE_YEAR_IN_SECONDS = 31536000; // ttl in cache provider`
			`const FIVE_MINUTES_IN_SECONDS = 60 * 5; // ttl in cache provider`
Affected tables and last modified behind QueryTablesApi It handles the internal cache and exposes an unified result 2016-01-28 21:08:18 +08:00
controllers using user limits service 2018-03-01 18:31:35 +08:00			`function QueryController(metadataBackend, userDatabaseService, tableCache, statsd_client, userLimitsService) {`
Move authorization to auth-api and extract it from user-database-service 2018-02-22 18:46:34 +08:00			`this.metadataBackend = metadataBackend;`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`this.statsd_client = statsd_client;`
Added cors middleware, decoupled query and job controllers from its dependencies 2016-01-22 00:24:48 +08:00			`this.userDatabaseService = userDatabaseService;`
Add a cache decorator over QueryTables 2016-03-08 21:48:56 +08:00			`this.queryTables = new CachedQueryTables(tableCache);`
controllers using user limits service 2018-03-01 18:31:35 +08:00			`this.userLimitsService = userLimitsService;`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`

Renamed controllers routing method 2015-12-04 01:43:13 +08:00			`QueryController.prototype.route = function (app) {`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`const { base_url } = global.settings;`
refactor forceToBeAuthenticated to forceToBeMaster 2018-06-05 19:14:50 +08:00			`const forceToBeMaster = false;`

unique rate limit fot both query endpoints 2018-12-11 01:19:56 +08:00			`const queryMiddlewares = () => {`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00			`return [`
moving body-parser from global to routes of query and job 2018-05-04 21:15:37 +08:00			`bodyParserMiddleware(),`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00			`initializeProfilerMiddleware('query'),`
check user exists in user middleware This way, we keep sending a 404 error if the user does not exist. 2018-05-29 19:23:50 +08:00			`userMiddleware(this.metadataBackend),`
unique rate limit fot both query endpoints 2018-12-11 01:19:56 +08:00			`rateLimitsMiddleware(this.userLimitsService, RATE_LIMIT_ENDPOINTS_GROUPS.QUERY),`
refactor forceToBeAuthenticated to forceToBeMaster 2018-06-05 19:14:50 +08:00			`authorizationMiddleware(this.metadataBackend, forceToBeMaster),`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00			`connectionParamsMiddleware(this.userDatabaseService),`
			`timeoutLimitsMiddleware(this.metadataBackend),`
using handleQueryMiddleware in query controller 2019-02-26 21:47:23 +08:00			`handleQueryMiddleware(),`
using the new TYPES 2019-02-28 18:49:05 +08:00			`logMiddleware(logMiddleware.TYPES.QUERY),`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00			`this.handleQuery.bind(this),`
			`errorMiddleware()`
			`];`
make jshint happy 2018-03-01 21:47:34 +08:00			`};`
adding rate limit middleware to controllers 2018-03-01 19:19:57 +08:00
unique rate limit fot both query endpoints 2018-12-11 01:19:56 +08:00			app.all(`${base_url}/sql`, queryMiddlewares());
			app.all(`${base_url}/sql.:f`, queryMiddlewares());
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`};`

			`// jshint maxcomplexity:21`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`QueryController.prototype.handleQuery = function (req, res, next) {`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`var self = this;`
Add support for Basic Auth 2018-02-16 17:46:58 +08:00			`// clone so don't modify req.params or req.body so oauth is not broken`
using handleQueryMiddleware in query controller 2019-02-26 21:47:23 +08:00			`var params = _.extend({}, req.query, req.body \|\| {});`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`var limit = parseInt(params.rows_per_page);`
			`var offset = parseInt(params.page);`
			`var orderBy = params.order_by;`
			`var sortOrder = params.sort_order;`
			`var requestedFormat = params.format;`
			`var format = _.isArray(requestedFormat) ? _.last(requestedFormat) : requestedFormat;`
			`var requestedFilename = params.filename;`
			`var filename = requestedFilename;`
			`var requestedSkipfields = params.skipfields;`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00
renaming from q to sql in middleware 2019-02-26 23:34:26 +08:00			`let { sql } = res.locals;`
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`const { user: username, userDbParams: dbopts, authDbParams, userLimits, authorizationLevel } = res.locals;`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`var skipfields;`
			`var dp = params.dp; // decimal point digits (defaults to 6)`
Rename middleware 2018-02-19 19:37:19 +08:00			`var gn = "the_geom"; // TODO: read from configuration FILE`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
			`req.aborted = false;`
			`req.on("close", function() {`
			`if (req.formatter && _.isFunction(req.formatter.cancel)) {`
			`req.formatter.cancel();`
			`}`
			`req.aborted = true; // TODO: there must be a builtin way to check this`
			`});`

			`function checkAborted(step) {`
			`if ( req.aborted ) {`
			`var err = new Error("Request aborted during " + step);`
			`// We'll use status 499, same as ngnix in these cases`
			`// see http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error`
			`err.http_status = 499;`
			`throw err;`
			`}`
			`}`

			`try {`

			`// sanitize and apply defaults to input`
			`dp = (dp === "" \|\| _.isUndefined(dp)) ? '6' : dp;`
			`format = (format === "" \|\| _.isUndefined(format)) ? 'json' : format.toLowerCase();`
			`filename = (filename === "" \|\| _.isUndefined(filename)) ? 'cartodb-query' : sanitize_filename(filename);`
			`sql = (sql === "" \|\| _.isUndefined(sql)) ? null : sql;`
			`limit = (!_.isNaN(limit)) ? limit : null;`
			`offset = (!_.isNaN(offset)) ? offset * limit : null;`

			`// Accept both comma-separated string or array of comma-separated strings`
			`if ( requestedSkipfields ) {`
			`if ( _.isString(requestedSkipfields) ) {`
			`skipfields = requestedSkipfields.split(',');`
			`} else if ( _.isArray(requestedSkipfields) ) {`
			`skipfields = [];`
			`_.each(requestedSkipfields, function(ele) {`
			`skipfields = skipfields.concat(ele.split(','));`
			`});`
			`}`
			`} else {`
			`skipfields = [];`
			`}`

			`//if ( -1 === supportedFormats.indexOf(format) )`
			`if ( ! formats.hasOwnProperty(format) ) {`
			`throw new Error("Invalid format: " + format);`
			`}`

			`if (!_.isString(sql)) {`
			`throw new Error("You must indicate a sql query");`
			`}`

			`var formatter;`

			`if ( req.profiler ) {`
			`req.profiler.done('init');`
			`}`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`// 1. Get the list of tables affected by the query`
			`// 2. Setup headers`
			`// 3. Send formatted results back`
			`// 4. Handle error`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`step(`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`function queryExplain() {`
Rethrow error but do not fail when getting affected tables 2016-03-08 21:00:31 +08:00			`var next = this;`

Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`checkAborted('queryExplain');`

Remove unnecessary destroyOnError option 2017-08-09 00:21:10 +08:00			`var pg = new PSQL(authDbParams);`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`var skipCache = authorizationLevel === 'master';`
Rethrow error but do not fail when getting affected tables 2016-03-08 21:00:31 +08:00
Skip query tables cache for authenticated requests 2016-03-11 02:20:56 +08:00			`self.queryTables.getAffectedTablesFromQuery(pg, sql, skipCache, function(err, result) {`
Rethrow error but do not fail when getting affected tables 2016-03-08 21:00:31 +08:00			`if (err) {`
			`var errorMessage = (err && err.message) \|\| 'unknown error';`
			`console.error("Error on query explain '%s': %s", sql, errorMessage);`
			`}`
			`return next(null, result);`
			`});`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`},`
Use node-cartodb-querytables library 2016-02-22 19:21:44 +08:00			`function setHeaders(err, affectedTables) {`
Do not use assert to throw erros as in Node.js > 6 wraps the original error, the keyword 'throw' does the trick and it's backwards compatible 2018-11-08 01:05:39 +08:00			`if (err) {`
			`throw err;`
			`}`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
Use node-cartodb-querytables library 2016-02-22 19:21:44 +08:00			`var mayWrite = queryMayWrite(sql);`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`if ( req.profiler ) {`
			`req.profiler.done('queryExplain');`
			`}`

			`checkAborted('setHeaders');`
refactor authenticated to authorizationLevel 2018-06-05 19:21:56 +08:00			`if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {`
pgEntitiesAccessValidator 2018-04-24 00:17:44 +08:00			`const syntaxError = new SyntaxError("system tables are forbidden");`
			`syntaxError.http_status = 403;`
			`throw(syntaxError);`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`

			`var FormatClass = formats[format];`
			`formatter = new FormatClass();`
			`req.formatter = formatter;`


			`// configure headers for given format`
			`var use_inline = !requestedFormat && !requestedFilename;`
			`res.header("Content-Disposition", getContentDisposition(formatter, filename, use_inline));`
			`res.header("Content-Type", formatter.getContentType());`

			`// set cache headers`
Affected tables and last modified behind QueryTablesApi It handles the internal cache and exposes an unified result 2016-01-28 21:08:18 +08:00			`var cachePolicy = req.query.cache_policy;`
			`if (cachePolicy === 'persist') {`
			`res.header('Cache-Control', 'public,max-age=' + ONE_YEAR_IN_SECONDS);`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`} else {`
Improve condition readability 2019-07-04 22:52:18 +08:00			`if (affectedTables && affectedTables.getTables().every(table => table.updated_at !== null)) {`
			`const maxAge = mayWrite ? 0 : (global.settings.cache.ttl \|\| ONE_YEAR_IN_SECONDS);`
Set directive 'max-age' to 5 min when there are affacted tables where we can't know when were updated for the last time, e.g: non cartodified tables or foreing tables without cartodb support 2019-07-04 16:45:35 +08:00			res.header('Cache-Control', `no-cache,max-age=${maxAge},must-revalidate,public`);
			`} else {`
Improve condition readability 2019-07-04 22:52:18 +08:00			`const maxAge = global.settings.cache.fallbackTtl \|\| FIVE_MINUTES_IN_SECONDS;`
Set directive 'max-age' to 5 min when there are affacted tables where we can't know when were updated for the last time, e.g: non cartodified tables or foreing tables without cartodb support 2019-07-04 16:45:35 +08:00			res.header('Cache-Control', `no-cache,max-age=${maxAge},must-revalidate,public`);
			`}`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`

			`// Only set an X-Cache-Channel for responses we want Varnish to cache.`
Skip tables with no updated_at registered in cdb_tablemetadata 2016-07-11 22:39:12 +08:00			`var skipNotUpdatedAtTables = true;`
			`if (!!affectedTables && affectedTables.getTables(skipNotUpdatedAtTables).length > 0 && !mayWrite) {`
			`res.header('X-Cache-Channel', affectedTables.getCacheChannel(skipNotUpdatedAtTables));`
			`res.header('Surrogate-Key', affectedTables.key(skipNotUpdatedAtTables).join(' '));`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`

Use Date.now() fallback value for getLastUpdatedTime 2016-02-23 02:08:04 +08:00			`if(!!affectedTables) {`
			`res.header('Last-Modified',`
			`new Date(affectedTables.getLastUpdatedAt(Number(new Date()))).toUTCString());`
			`}`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
			`return null;`
			`},`
			`function generateFormat(err){`
Do not use assert to throw erros as in Node.js > 6 wraps the original error, the keyword 'throw' does the trick and it's backwards compatible 2018-11-08 01:05:39 +08:00			`if (err) {`
			`throw err;`
			`}`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`checkAborted('generateFormat');`

			`// TODO: drop this, fix UI!`
			`sql = new PSQL.QueryWrapper(sql).orderBy(orderBy, sortOrder).window(limit, offset).query();`

			`var opts = {`
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`username: username,`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`dbopts: dbopts,`
			`sink: res,`
			`gn: gn,`
			`dp: dp,`
			`skipfields: skipfields,`
			`sql: sql,`
			`filename: filename,`
			`bufferedRows: global.settings.bufferedRows,`
			`callback: params.callback,`
Apply user timeout to ogr2ogr command 2017-08-09 18:50:16 +08:00			`abortChecker: checkAborted,`
			`timeout: userLimits.timeout`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`};`

			`if ( req.profiler ) {`
			`opts.profiler = req.profiler;`
			`opts.beforeSink = function() {`
			`req.profiler.done('beforeSink');`
			`res.header('X-SQLAPI-Profiler', req.profiler.toJSONString());`
			`};`
			`}`

			`if (dbopts.host) {`
			`res.header('X-Served-By-DB-Host', dbopts.host);`
			`}`
log query and job endpoints 2019-02-27 16:02:31 +08:00
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`formatter.sendResponse(opts, this);`
			`},`
			`function errorHandle(err){`
			`formatter = null;`

Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`if (err) {`
			`next(err);`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`

			`if ( req.profiler ) {`
Extract profiler middleware to used in query and job controllers 2018-02-19 22:13:36 +08:00			`req.profiler.sendStats();`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`if (self.statsd_client) {`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`if ( err ) {`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`self.statsd_client.increment('sqlapi.query.error');`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`} else {`
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`self.statsd_client.increment('sqlapi.query.success');`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`
			`}`
			`}`
			`);`
			`} catch (err) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`next(err);`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00
Implemented job controller to enqueue jobs 2015-12-07 16:40:51 +08:00			`if (self.statsd_client) {`
			`self.statsd_client.increment('sqlapi.query.error');`
Split query controller and separated from app 2015-12-04 00:28:18 +08:00			`}`
			`}`

			`};`

			`module.exports = QueryController;`