cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use apikey midlleware

Browse Source
This commit is contained in:
Daniel García Aubert 2018-02-15 17:24:04 +01:00
parent ad772246d0
commit 756fbe42c9
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/controllers/job_controller.js
View File

@ -6,6 +6,7 @@ var util = require('util');
var userMiddleware = require('../middlewares/user'); var userMiddleware = require('../middlewares/user');
var authenticatedMiddleware = require('../middlewares/authenticated-request'); var authenticatedMiddleware = require('../middlewares/authenticated-request');
var handleException = require('../utils/error_handler'); var handleException = require('../utils/error_handler');
const apikeyMiddleware = require('../middlewares/api-key');
var ONE_KILOBYTE_IN_BYTES = 1024; var ONE_KILOBYTE_IN_BYTES = 1024;
var MAX_LIMIT_QUERY_SIZE_IN_KB = 16; var MAX_LIMIT_QUERY_SIZE_IN_KB = 16;
@ -45,7 +46,10 @@ module.exports.getMaxSizeErrorMessage = getMaxSizeErrorMessage;
JobController.prototype.route = function (app) { JobController.prototype.route = function (app) {
app.post( app.post(
global.settings.base_url + '/sql/job', global.settings.base_url + '/sql/job',
bodyPayloadSizeMiddleware, userMiddleware, authenticatedMiddleware(this.userDatabaseService), bodyPayloadSizeMiddleware,
userMiddleware,
apikeyMiddleware(),
authenticatedMiddleware(this.userDatabaseService),
this.createJob.bind(this) this.createJob.bind(this)
); );
app.get( app.get(
@ -54,12 +58,16 @@ JobController.prototype.route = function (app) {
); );
app.get( app.get(
global.settings.base_url + '/sql/job/:job_id', global.settings.base_url + '/sql/job/:job_id',
userMiddleware, authenticatedMiddleware(this.userDatabaseService), userMiddleware,
apikeyMiddleware(),
authenticatedMiddleware(this.userDatabaseService),
this.getJob.bind(this) this.getJob.bind(this)
); );
app.delete( app.delete(
global.settings.base_url + '/sql/job/:job_id', global.settings.base_url + '/sql/job/:job_id',
userMiddleware, authenticatedMiddleware(this.userDatabaseService), userMiddleware,
apikeyMiddleware(),
authenticatedMiddleware(this.userDatabaseService),
this.cancelJob.bind(this) this.cancelJob.bind(this)
); );
}; };

7
app/controllers/query_controller.js
View File

@ -14,6 +14,7 @@ var formats = require('../models/formats');
var sanitize_filename = require('../utils/filename_sanitizer'); var sanitize_filename = require('../utils/filename_sanitizer');
var getContentDisposition = require('../utils/content_disposition'); var getContentDisposition = require('../utils/content_disposition');
var handleException = require('../utils/error_handler'); var handleException = require('../utils/error_handler');
const apikeyMiddleware = require('../middlewares/api-key');
var ONE_YEAR_IN_SECONDS = 31536000; // 1 year time to live by default var ONE_YEAR_IN_SECONDS = 31536000; // 1 year time to live by default
@ -26,8 +27,8 @@ function QueryController(userDatabaseService, tableCache, statsd_client) {
} }
QueryController.prototype.route = function (app) { QueryController.prototype.route = function (app) {
app.all(global.settings.base_url + '/sql', this.handleQuery.bind(this)); app.all(global.settings.base_url + '/sql', apikeyMiddleware() ,this.handleQuery.bind(this));
app.all(global.settings.base_url + '/sql.:f', this.handleQuery.bind(this)); app.all(global.settings.base_url + '/sql.:f', apikeyMiddleware() ,this.handleQuery.bind(this));
}; };
// jshint maxcomplexity:21 // jshint maxcomplexity:21
@ -121,7 +122,7 @@ QueryController.prototype.handleQuery = function (req, res) {
// 5. Send formatted results back // 5. Send formatted results back
step( step(
function getUserDBInfo() { function getUserDBInfo() {
self.userDatabaseService.getConnectionParams(new AuthApi(req, params), cdbUsername, this); self.userDatabaseService.getConnectionParams(new AuthApi(req, res, params), cdbUsername, this);
}, },
function queryExplain(err, dbParams, authDbParams, userTimeoutLimits) { function queryExplain(err, dbParams, authDbParams, userTimeoutLimits) {
assert.ifError(err); assert.ifError(err);