set scheme to host user when public user is accessing

2014-06-26 09:22:51 +02:00 · 2014-06-26 09:22:51 +02:00 · 2763dba289
commit 2763dba289
parent e8eded48ce
1 changed files with 46 additions and 21 deletions
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -361,41 +361,66 @@ function handleQuery(req, res) {
                }
                pg = new PSQL(dbopts);
                if (user_id === null) {
                  var s = "SET search_path = " + cdbuser + ",cartodb, public";
                  pg.query(s, this);
                } else {
                  return data;
                }
            },
            function queryTables(err) {
                if (err) throw err;
                var self = this;
                // get all the tables from Cache or SQL
                tableCacheItem = tableCache.get(sql_md5);
                if (tableCacheItem) {
                   tableCacheItem.hits++;
                   return false;
                } else {
-                   pg.query("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$)", this);
+                   //TODO: sanitize cdbuser
                   console.log("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$");
                   pg.query("SELECT CDB_QueryTables($quotesql$" + sql + "$quotesql$)", function (err, result) {
                      if (err) throw err;
                      if ( result.rowCount === 1 ) {
                        var raw_tables = result.rows[0].cdb_querytables;
                        var tables = raw_tables.split(/^\{(.*)\}$/)[1].split(',');
                        if (user_id === null) {
                          tables = tables.map(function (t) {
                            if (t.indexOf('.') === -1) {
                              return cdbuser + "." + t;
                            }
                            return t;
                          });
                        }
                        self(null, tables);
                      } else {
                        console.error("Unexpected result from CDB_QueryTables($quotesql$" + sql + "$quotesql$): " + result);
                        self(null, []);
                      }
                   });
                }
            },
-            function setHeaders(err, result){
+            function setHeaders(err, tables){
                if (err) throw err;
                if ( req.profiler ) req.profiler.done('queryExplain');
                checkAborted('setHeaders');
                // store explain result in local Cache
-                if ( ! tableCacheItem ) {
+                if ( ! tableCacheItem && tables.length ) {
-
+                    tableCacheItem = {
-                    if ( result.rowCount === 1 ) {
+                      affected_tables: tables,
-                      tableCacheItem = {
+                      // check if query may possibly write
-                        affected_tables: result.rows[0].cdb_querytables, 
+                      may_write: queryMayWrite(sql),
-                        // check if query may possibly write
+                      // initialise hit counter
-                        may_write: queryMayWrite(sql),
+                      hits: 1
-                        // initialise hit counter
+                    };
-                        hits: 1
+                    tableCache.set(sql_md5, tableCacheItem);
                      };
                      tableCache.set(sql_md5, tableCacheItem);
                    } else {
                      console.error("Unexpected result from CDB_QueryTables($quotesql$" + sql + "$quotesql$): " + util.inspect(result));
                    }
                }
                if ( tableCacheItem ) {
-                    var affected_tables = tableCacheItem.affected_tables.split(/^\{(.*)\}$/)[1].split(',');
+                    var affected_tables = tableCacheItem.affected_tables;
-                    for ( var i=0; i<affected_tables.length; ++i ) {
+                    for ( var i = 0; i < affected_tables.length; ++i ) {
                      var t = affected_tables[i];
                      if ( t.match(/\bpg_/) ) {
                        var e = new SyntaxError("system tables are forbidden");
@ -447,9 +472,9 @@ function handleQuery(req, res) {
                //
                res.header('Last-Modified', new Date().toUTCString());
-                return result;
+                return null;
            },
-            function generateFormat(err, result){
+            function generateFormat(err){
                if (err) throw err;
                if ( req.profiler ) req.profiler.done('setHeaders');
                checkAborted('generateFormat');
@ -519,7 +544,7 @@ function generateCacheKey(database, query_info, is_authenticated){
    if ( ! query_info || ( is_authenticated && query_info.may_write ) ) {
      return "NONE";
    } else {
-      return database + ":" + query_info.affected_tables.split(/^\{(.*)\}$/)[1];
+      return database + ":" + query_info.affected_tables.join(',');
    }
 }