From 756fbe42c9956e241f58ee399fec39b903a85762 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Garc=C3=ADa=20Aubert?=
 <danielgarciaaubert@gmail.com>
Date: Thu, 15 Feb 2018 17:24:04 +0100
Subject: [PATCH] Use apikey midlleware

---
 app/controllers/job_controller.js   | 14 +++++++++++---
 app/controllers/query_controller.js |  7 ++++---
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/controllers/job_controller.js b/app/controllers/job_controller.js
index 86e3cd26..813aa1f0 100644
--- a/app/controllers/job_controller.js
+++ b/app/controllers/job_controller.js
@@ -6,6 +6,7 @@ var util = require('util');
 var userMiddleware = require('../middlewares/user');
 var authenticatedMiddleware = require('../middlewares/authenticated-request');
 var handleException = require('../utils/error_handler');
+const apikeyMiddleware = require('../middlewares/api-key');
 
 var ONE_KILOBYTE_IN_BYTES = 1024;
 var MAX_LIMIT_QUERY_SIZE_IN_KB = 16;
@@ -45,7 +46,10 @@ module.exports.getMaxSizeErrorMessage = getMaxSizeErrorMessage;
 JobController.prototype.route = function (app) {
     app.post(
         global.settings.base_url + '/sql/job',
-        bodyPayloadSizeMiddleware, userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        bodyPayloadSizeMiddleware,
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
         this.createJob.bind(this)
     );
     app.get(
@@ -54,12 +58,16 @@ JobController.prototype.route = function (app) {
     );
     app.get(
         global.settings.base_url + '/sql/job/:job_id',
-        userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
         this.getJob.bind(this)
     );
     app.delete(
         global.settings.base_url + '/sql/job/:job_id',
-        userMiddleware, authenticatedMiddleware(this.userDatabaseService),
+        userMiddleware,
+        apikeyMiddleware(),
+        authenticatedMiddleware(this.userDatabaseService),
         this.cancelJob.bind(this)
     );
 };
diff --git a/app/controllers/query_controller.js b/app/controllers/query_controller.js
index 406a9444..fc540bb1 100644
--- a/app/controllers/query_controller.js
+++ b/app/controllers/query_controller.js
@@ -14,6 +14,7 @@ var formats = require('../models/formats');
 var sanitize_filename = require('../utils/filename_sanitizer');
 var getContentDisposition = require('../utils/content_disposition');
 var handleException = require('../utils/error_handler');
+const apikeyMiddleware = require('../middlewares/api-key');
 
 var ONE_YEAR_IN_SECONDS = 31536000; // 1 year time to live by default
 
@@ -26,8 +27,8 @@ function QueryController(userDatabaseService, tableCache, statsd_client) {
 }
 
 QueryController.prototype.route = function (app) {
-    app.all(global.settings.base_url + '/sql',  this.handleQuery.bind(this));
-    app.all(global.settings.base_url + '/sql.:f',  this.handleQuery.bind(this));
+    app.all(global.settings.base_url + '/sql', apikeyMiddleware() ,this.handleQuery.bind(this));
+    app.all(global.settings.base_url + '/sql.:f', apikeyMiddleware() ,this.handleQuery.bind(this));
 };
 
 // jshint maxcomplexity:21
@@ -121,7 +122,7 @@ QueryController.prototype.handleQuery = function (req, res) {
         // 5. Send formatted results back
         step(
             function getUserDBInfo() {
-                self.userDatabaseService.getConnectionParams(new AuthApi(req, params), cdbUsername, this);
+                self.userDatabaseService.getConnectionParams(new AuthApi(req, res, params), cdbUsername, this);
             },
             function queryExplain(err, dbParams, authDbParams, userTimeoutLimits) {
                 assert.ifError(err);