diff --git a/app/controllers/job_controller.js b/app/controllers/job_controller.js index 86e3cd26..813aa1f0 100644 --- a/app/controllers/job_controller.js +++ b/app/controllers/job_controller.js @@ -6,6 +6,7 @@ var util = require('util'); var userMiddleware = require('../middlewares/user'); var authenticatedMiddleware = require('../middlewares/authenticated-request'); var handleException = require('../utils/error_handler'); +const apikeyMiddleware = require('../middlewares/api-key'); var ONE_KILOBYTE_IN_BYTES = 1024; var MAX_LIMIT_QUERY_SIZE_IN_KB = 16; @@ -45,7 +46,10 @@ module.exports.getMaxSizeErrorMessage = getMaxSizeErrorMessage; JobController.prototype.route = function (app) { app.post( global.settings.base_url + '/sql/job', - bodyPayloadSizeMiddleware, userMiddleware, authenticatedMiddleware(this.userDatabaseService), + bodyPayloadSizeMiddleware, + userMiddleware, + apikeyMiddleware(), + authenticatedMiddleware(this.userDatabaseService), this.createJob.bind(this) ); app.get( @@ -54,12 +58,16 @@ JobController.prototype.route = function (app) { ); app.get( global.settings.base_url + '/sql/job/:job_id', - userMiddleware, authenticatedMiddleware(this.userDatabaseService), + userMiddleware, + apikeyMiddleware(), + authenticatedMiddleware(this.userDatabaseService), this.getJob.bind(this) ); app.delete( global.settings.base_url + '/sql/job/:job_id', - userMiddleware, authenticatedMiddleware(this.userDatabaseService), + userMiddleware, + apikeyMiddleware(), + authenticatedMiddleware(this.userDatabaseService), this.cancelJob.bind(this) ); }; diff --git a/app/controllers/query_controller.js b/app/controllers/query_controller.js index 406a9444..fc540bb1 100644 --- a/app/controllers/query_controller.js +++ b/app/controllers/query_controller.js @@ -14,6 +14,7 @@ var formats = require('../models/formats'); var sanitize_filename = require('../utils/filename_sanitizer'); var getContentDisposition = require('../utils/content_disposition'); var handleException = require('../utils/error_handler'); +const apikeyMiddleware = require('../middlewares/api-key'); var ONE_YEAR_IN_SECONDS = 31536000; // 1 year time to live by default @@ -26,8 +27,8 @@ function QueryController(userDatabaseService, tableCache, statsd_client) { } QueryController.prototype.route = function (app) { - app.all(global.settings.base_url + '/sql', this.handleQuery.bind(this)); - app.all(global.settings.base_url + '/sql.:f', this.handleQuery.bind(this)); + app.all(global.settings.base_url + '/sql', apikeyMiddleware() ,this.handleQuery.bind(this)); + app.all(global.settings.base_url + '/sql.:f', apikeyMiddleware() ,this.handleQuery.bind(this)); }; // jshint maxcomplexity:21 @@ -121,7 +122,7 @@ QueryController.prototype.handleQuery = function (req, res) { // 5. Send formatted results back step( function getUserDBInfo() { - self.userDatabaseService.getConnectionParams(new AuthApi(req, params), cdbUsername, this); + self.userDatabaseService.getConnectionParams(new AuthApi(req, res, params), cdbUsername, this); }, function queryExplain(err, dbParams, authDbParams, userTimeoutLimits) { assert.ifError(err);