diff --git a/app/controllers/app.js b/app/controllers/app.js index 7d59cecf..5aeccf2a 100755 --- a/app/controllers/app.js +++ b/app/controllers/app.js @@ -39,23 +39,23 @@ app.get('/api/v1/cachestatus', function(req, res) { handleCacheStatus(req, res) // request handlers function handleQuery(req, res){ - // sanitize input + // extract input var body = (req.body) ? req.body : {}; - var sql = req.query.q || body.q; // get and post + var sql = req.query.q || body.q; // HTTP GET and POST store in different vars var api_key = req.query.api_key || body.api_key; - var database = req.query.database; // deprecate this in future + var database = req.query.database; // TODO: Depricate var limit = parseInt(req.query.rows_per_page); var offset = parseInt(req.query.page); - var format = (req.query.format) ? req.query.format : null; - var dp = (req.query.dp) ? req.query.dp: '6'; + var format = req.query.format; + var dp = req.query.dp; - // validate input slightly - dp = (dp === "") ? '6' : dp; - format = (format === "") ? null : format; - sql = (sql === "") ? null : sql; - database = (database === "") ? null : database; + // sanitize and apply defaults to input + dp = (dp === "" || _.isUndefined(dp)) ? '6' : dp; + format = (format === "" || _.isUndefined(format)) ? null : format; + sql = (sql === "" || _.isUndefined(sql)) ? null : sql; + database = (database === "" || _.isUndefined(database)) ? null : database; limit = (_.isNumber(limit)) ? limit : null; - offset = (_.isNumber(offset)) ? offset * limit : null + offset = (_.isNumber(offset)) ? offset * limit : null; // setup step run var start = new Date().getTime(); @@ -80,13 +80,13 @@ function handleQuery(req, res){ }, function setDBGetUser(err, data) { if (err) throw err; - database = (data == "" || _.isNull(data)) ? database : data; - - // If the dataabase could not be found is because the user does not exist - if (!database) { - err = new Error("The URL refers to a non existent CartoDB user. Check that you have entered the correct domain."); - err.http_status=404; - err.stack=undefined; + database = (data == "" || _.isNull(data) || _.isUndefined(data)) ? database : data; + + // If the database could not be found, the user is non-existant + if (_.isNull(database)) { + var msg = "Sorry, we can't find this CartoDB. Please check that you have entered the correct domain."; + err = new Error(msg); + err.http_status = 404; throw err; } @@ -273,7 +273,7 @@ function handleException(err, res){ // allow cross site post setCrossDomain(res); - // if the exception defines a http status code, use that, else a 500 + // if the exception defines a http status code, use that, else a 400 if (!_.isUndefined(err.http_status)){ res.send(msg, err.http_status); } else { diff --git a/test/acceptance/app.test.js b/test/acceptance/app.test.js index 7678a048..4392dce4 100644 --- a/test/acceptance/app.test.js +++ b/test/acceptance/app.test.js @@ -56,7 +56,6 @@ tests['GET /api/v1/sql with SQL parameter on SELECT only. no database param, jus }; - tests['POST /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers'] = function(){ assert.response(app, { url: '/api/v1/sql', @@ -197,7 +196,7 @@ tests['GET /api/v1/sql as csv, properly escaped'] = function(){ }); }; -tests['GET system tables'] = function(){ +tests['cannot GET system tables'] = function(){ assert.response(app, { url: '/api/v1/sql?q=SELECT%20*%20FROM%20pg_attribute', headers: {host: 'vizzuality.cartodb.com'}, @@ -207,6 +206,19 @@ tests['GET system tables'] = function(){ }); }; +tests['GET decent error if domain is incorrect'] = function(){ + assert.response(app, { + url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&format=geojson', + headers: {host: 'vizzualinot.cartodb.com'}, + method: 'GET' + },{ + status: 404 + }, function(res){ + var result = JSON.parse(res.body); + assert.equal(result.error[0],"Sorry, we can't find this CartoDB. Please check that you have entered the correct domain."); + }); +}; + // use dec_sep for internationalization function checkDecimals(x, dec_sep){ tmp='' + x;