CartoDB-SQL-API/app/middlewares/authenticated-request.js

'use strict';

var _ = require('underscore');
var AuthApi = require('../auth/auth_api');

module.exports = function authenticatedRequest (userDatabaseService, forceToBeAuthenticated = false) {
    return function authenticatedRequestMiddleware (req, res, next) {
        req.profiler.start('sqlapi.job');
        req.profiler.done('init');

        const params = _.extend({}, res.locals, req.query, req.body);
        const { user } = res.locals;
        const authApi = new AuthApi(req, res, params);

        userDatabaseService.getConnectionParams(authApi, user, function (err, dbParams, authDbParams, userLimits) {
            req.profiler.done('setDBAuth');

            if (err) {
                return next(err);
            }

            if (forceToBeAuthenticated && !dbParams.authenticated) {
                return next(new Error('permission denied'));
            }

            res.locals.userDbParams = dbParams;
            res.locals.authDbParams = authDbParams;
            res.locals.userLimits = userLimits;

            next();
        });
    };
};
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`'use strict';`

			`var _ = require('underscore');`
			`var AuthApi = require('../auth/auth_api');`

Rename middleware 2018-02-19 21:20:09 +08:00			`module.exports = function authenticatedRequest (userDatabaseService, forceToBeAuthenticated = false) {`
			`return function authenticatedRequestMiddleware (req, res, next) {`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`req.profiler.start('sqlapi.job');`
			`req.profiler.done('init');`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`const params = _.extend({}, res.locals, req.query, req.body);`
			`const { user } = res.locals;`
Rename middleware 2018-02-19 21:20:09 +08:00			`const authApi = new AuthApi(req, res, params);`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00
Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`userDatabaseService.getConnectionParams(authApi, user, function (err, dbParams, authDbParams, userLimits) {`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`req.profiler.done('setDBAuth');`

			`if (err) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`return next(err);`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`}`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`if (forceToBeAuthenticated && !dbParams.authenticated) {`
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`return next(new Error('permission denied'));`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`}`

Use authenticated middleware in query controller 2018-02-19 20:24:44 +08:00			`res.locals.userDbParams = dbParams;`
			`res.locals.authDbParams = authDbParams;`
			`res.locals.userLimits = userLimits;`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00
Check user is the same user that sends the request when basic-auth is provided 2018-02-17 01:21:06 +08:00			`next();`
DRY while authenticating requests 2016-10-04 21:40:56 +08:00			`});`
			`};`
Rename middleware 2018-02-19 21:20:09 +08:00			`};`