Use apikey midlleware

2018-02-15 17:24:04 +01:00 · 2018-02-15 17:24:04 +01:00 · 756fbe42c9
commit 756fbe42c9
parent ad772246d0
2 changed files with 15 additions and 6 deletions
--- a/app/controllers/job_controller.js
+++ b/app/controllers/job_controller.js
@ -6,6 +6,7 @@ var util = require('util');
 var userMiddleware = require('../middlewares/user');
 var authenticatedMiddleware = require('../middlewares/authenticated-request');
 var handleException = require('../utils/error_handler');
+const apikeyMiddleware = require('../middlewares/api-key');

 var ONE_KILOBYTE_IN_BYTES = 1024;
 var MAX_LIMIT_QUERY_SIZE_IN_KB = 16;
@ -45,7 +46,10 @@ module.exports.getMaxSizeErrorMessage = getMaxSizeErrorMessage;
 JobController.prototype.route = function (app) {
    app.post(
        global.settings.base_url + '/sql/job',
-        bodyPayloadSizeMiddleware, userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        bodyPayloadSizeMiddleware,
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
        this.createJob.bind(this)
    );
    app.get(
@ -54,12 +58,16 @@ JobController.prototype.route = function (app) {
    );
    app.get(
        global.settings.base_url + '/sql/job/:job_id',
-        userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
        this.getJob.bind(this)
    );
    app.delete(
        global.settings.base_url + '/sql/job/:job_id',
-        userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
        this.cancelJob.bind(this)
    );
 };
--- a/app/controllers/query_controller.js
+++ b/app/controllers/query_controller.js
@ -14,6 +14,7 @@ var formats = require('../models/formats');
 var sanitize_filename = require('../utils/filename_sanitizer');
 var getContentDisposition = require('../utils/content_disposition');
 var handleException = require('../utils/error_handler');
+const apikeyMiddleware = require('../middlewares/api-key');

 var ONE_YEAR_IN_SECONDS = 31536000; // 1 year time to live by default

@ -26,8 +27,8 @@ function QueryController(userDatabaseService, tableCache, statsd_client) {
 }

 QueryController.prototype.route = function (app) {
-    app.all(global.settings.base_url + '/sql',  this.handleQuery.bind(this));
-    app.all(global.settings.base_url + '/sql.:f',  this.handleQuery.bind(this));
+    app.all(global.settings.base_url + '/sql', apikeyMiddleware() ,this.handleQuery.bind(this));
+    app.all(global.settings.base_url + '/sql.:f', apikeyMiddleware() ,this.handleQuery.bind(this));
 };

 // jshint maxcomplexity:21
@ -121,7 +122,7 @@ QueryController.prototype.handleQuery = function (req, res) {
        // 5. Send formatted results back
        step(
            function getUserDBInfo() {
-                self.userDatabaseService.getConnectionParams(new AuthApi(req, params), cdbUsername, this);
+                self.userDatabaseService.getConnectionParams(new AuthApi(req, res, params), cdbUsername, this);
            },
            function queryExplain(err, dbParams, authDbParams, userTimeoutLimits) {
                assert.ifError(err);