From 2763dba28906d208ff89b9374cacb5d0691d8a0f Mon Sep 17 00:00:00 2001 From: javi Date: Thu, 26 Jun 2014 09:22:51 +0200 Subject: [PATCH] set scheme to host user when public user is accessing --- app/controllers/app.js | 67 +++++++++++++++++++++++++++++------------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/app/controllers/app.js b/app/controllers/app.js index 86502144..0efb59d4 100755 --- a/app/controllers/app.js +++ b/app/controllers/app.js @@ -361,41 +361,66 @@ function handleQuery(req, res) { } pg = new PSQL(dbopts); + if (user_id === null) { + var s = "SET search_path = " + cdbuser + ",cartodb, public"; + pg.query(s, this); + } else { + return data; + } + }, + function queryTables(err) { + if (err) throw err; + var self = this; // get all the tables from Cache or SQL tableCacheItem = tableCache.get(sql_md5); if (tableCacheItem) { tableCacheItem.hits++; return false; } else { - pg.query("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$)", this); + //TODO: sanitize cdbuser + console.log("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$"); + pg.query("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$)", function (err, result) { + if (err) throw err; + if ( result.rowCount === 1 ) { + var raw_tables = result.rows[0].cdb_querytables; + var tables = raw_tables.split(/^\{(.*)\}$/)[1].split(','); + if (user_id === null) { + tables = tables.map(function (t) { + if (t.indexOf('.') === -1) { + return cdbuser + "." + t; + } + return t; + }); + } + self(null, tables); + } else { + console.error("Unexpected result from CDB_QueryTables($quotesql$" + sql + "$quotesql$): " + result); + self(null, []); + } + }); } }, - function setHeaders(err, result){ + function setHeaders(err, tables){ if (err) throw err; if ( req.profiler ) req.profiler.done('queryExplain'); checkAborted('setHeaders'); // store explain result in local Cache - if ( ! tableCacheItem ) { - - if ( result.rowCount === 1 ) { - tableCacheItem = { - affected_tables: result.rows[0].cdb_querytables, - // check if query may possibly write - may_write: queryMayWrite(sql), - // initialise hit counter - hits: 1 - }; - tableCache.set(sql_md5, tableCacheItem); - } else { - console.error("Unexpected result from CDB_QueryTables($quotesql$" + sql + "$quotesql$): " + util.inspect(result)); - } + if ( ! tableCacheItem && tables.length ) { + tableCacheItem = { + affected_tables: tables, + // check if query may possibly write + may_write: queryMayWrite(sql), + // initialise hit counter + hits: 1 + }; + tableCache.set(sql_md5, tableCacheItem); } if ( tableCacheItem ) { - var affected_tables = tableCacheItem.affected_tables.split(/^\{(.*)\}$/)[1].split(','); - for ( var i=0; i