Make public PostgreSQL user name a configuration parameter

Closes #56.
Updates documentation and tests and example config files
This commit is contained in:
Sandro Santilli 2013-11-05 17:49:10 +01:00
parent 2abb136258
commit 8d2347af99
12 changed files with 30 additions and 12 deletions

View File

@ -3,6 +3,7 @@
* Still set a meaningful X-Cache-Channel with cache_policy=persist (#105)
* Fix wrong projection in KML exports for manually altered tables (#116)
* Set KML folder name to the requested filename (#115)
* Make public PostgreSQL user name a configuration parameter (#56)
1.6.0 - 2013-10-02
------------------

View File

@ -38,7 +38,8 @@ Make sure redis is running and knows about active cartodb user.
Make sure your PostgreSQL server is running, is accessible on
the host and port specified in the <environment> file, has
a 'publicuser' role and trusts user authentication from localhost
a 'publicuser' role (or whatever you set ``db_pubuser`` configuration
directive to) and trusts user authentication from localhost
connections.
``` bash

View File

@ -38,6 +38,9 @@ var express = require('express')
, formats = require(global.settings.app_root + '/app/models/formats')
;
// Set default configuration
global.settings.db_pubuser = global.settings.db_pubuser || "publicuser";
var tableCache = LRU({
// store no more than these many items in the cache
max: global.settings.tableCacheMax || 8192,

View File

@ -14,7 +14,7 @@ var bakingExports = {};
function userid_to_dbuser(user_id) {
if ( _.isString(user_id) )
return _.template(global.settings.db_user, {user_id: user_id});
return "publicuser" // FIXME: make configurable
return global.settings.db_pubuser;
};

View File

@ -87,7 +87,7 @@ var PSQL = function(user_id, db) {
if (!_.isString(user_id) && !_.isString(db)) throw new Error(error_text);
var me = {
public_user: "publicuser"
public_user: global.settings.db_pubuser
, user_id: user_id
, db: db
};

View File

@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
module.exports.environment = 'development';
module.exports.db_base_name = 'cartodb_dev_user_<%= user_id %>_db';
module.exports.db_user = 'development_cartodb_user_<%= user_id %>';
// Name of the anonymous PostgreSQL user
module.exports.db_pubuser = 'publicuser';
module.exports.db_host = 'localhost';
module.exports.db_port = '5432';
// Max database connections in the pool

View File

@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
module.exports.environment = 'production';
module.exports.db_base_name = 'cartodb_user_<%= user_id %>_db';
module.exports.db_user = 'cartodb_user_<%= user_id %>';
// Name of the anonymous PostgreSQL user
module.exports.db_pubuser = 'publicuser';
module.exports.db_host = 'localhost';
module.exports.db_port = '6432';
// Max database connections in the pool

View File

@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
module.exports.environment = 'staging';
module.exports.db_base_name = 'cartodb_staging_user_<%= user_id %>_db';
module.exports.db_user = 'cartodb_staging_user_<%= user_id %>';
// Name of the anonymous PostgreSQL user
module.exports.db_pubuser = 'publicuser';
module.exports.db_host = 'localhost';
module.exports.db_port = '6432';
// Max database connections in the pool

View File

@ -6,6 +6,8 @@ module.exports.node_socket_timeout = 600000;
module.exports.environment = 'test';
module.exports.db_base_name = 'cartodb_test_user_<%= user_id %>_db';
module.exports.db_user = 'test_cartodb_user_<%= user_id %>';
// Name of the anonymous PostgreSQL user
module.exports.db_pubuser = 'publicuser';
module.exports.db_host = 'localhost';
module.exports.db_port = '5432';
// Max database connections in the pool

View File

@ -17,6 +17,9 @@ PGHOST=`grep \.db_host ${TESTENV} | sed "s/.*= *'\([^']*\)'.*/\1/"`
echo "PGHOST: [$PGHOST]"
PGPORT=`grep \.db_port ${TESTENV} | sed "s/.*=[\t ]*'\([^']*\)'.*/\1/"`
echo "PGPORT: [$PGPORT]"
public_user=`grep \.db_pubuser ${TESTENV} | sed "s/.*= *'\([^']*\)'.*/\1/"`
[ -z "${public_user}" ] && public_user=publicuser
echo "PUBLICUSER: [${public_user}]"
TEST_DB="cartodb_test_user_1_db"
@ -33,7 +36,7 @@ die() {
echo "preparing postgres..."
dropdb ${TEST_DB} # 2> /dev/null # error expected if doesn't exist, but not otherwise
createdb -Ttemplate_postgis -EUTF8 ${TEST_DB} || die "Could not create test database"
psql -f test.sql ${TEST_DB}
cat test.sql | sed "s/:PUBLICUSER/${public_user}/" | psql ${TEST_DB}
psql -f support/CDB_QueryStatements.sql ${TEST_DB}
psql -f support/CDB_QueryTables.sql ${TEST_DB}

View File

@ -112,15 +112,15 @@ CREATE INDEX test_table_the_geom_webmercator_idx_p ON private_table USING gist (
CREATE USER publicuser WITH PASSWORD '';
CREATE USER :PUBLICUSER WITH PASSWORD '';
CREATE USER test_cartodb_user_1 WITH PASSWORD '';
GRANT ALL ON TABLE untitle_table_4 TO test_cartodb_user_1;
GRANT SELECT ON TABLE untitle_table_4 TO publicuser;
GRANT SELECT ON TABLE untitle_table_4 TO :PUBLICUSER;
GRANT ALL ON TABLE private_table TO test_cartodb_user_1;
GRANT ALL ON SEQUENCE test_table_cartodb_id_seq_p TO test_cartodb_user_1;
GRANT ALL ON TABLE spatial_ref_sys TO test_cartodb_user_1, publicuser;
GRANT ALL ON TABLE spatial_ref_sys TO test_cartodb_user_1, :PUBLICUSER;
REVOKE ALL ON geometry_columns FROM public;
GRANT ALL ON geometry_columns TO test_cartodb_user_1;

View File

@ -4,6 +4,8 @@ var _ = require('underscore')
, PSQL = require('../../app/models/psql')
, assert = require('assert');
var public_user = global.settings.db_pubuser;
suite('psql', function() {
test('test throws error if no args passed to constructor', function(){
@ -28,7 +30,7 @@ test('test instantiate with just db constructor', function(){
test('test username returns default user if not set', function(){
var pg = new PSQL(null, 'my_database');
assert.equal(pg.username(), "publicuser");
assert.equal(pg.username(), public_user);
});
test('test username returns interpolated user if set', function(){
@ -76,9 +78,9 @@ test('test private user can execute INSERT on db', function(done){
});
});
test('test publicuser can execute SELECT on enabled tables', function(done){
test('test public user can execute SELECT on enabled tables', function(done){
var pg = new PSQL("1");
var sql = "DROP TABLE IF EXISTS distributors2; CREATE TABLE distributors2 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors2 TO publicuser;";
var sql = "DROP TABLE IF EXISTS distributors2; CREATE TABLE distributors2 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors2 TO " + public_user + ";";
pg.query(sql, function(err, result){
pg = new PSQL(null, 'cartodb_test_user_1_db');
pg.query("SELECT count(*) FROM distributors2", function(err, result){
@ -88,9 +90,9 @@ test('test publicuser can execute SELECT on enabled tables', function(done){
});
});
test('test publicuser cannot execute INSERT on db', function(done){
test('test public user cannot execute INSERT on db', function(done){
var pg = new PSQL("1");
var sql = "DROP TABLE IF EXISTS distributors3; CREATE TABLE distributors3 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors3 TO publicuser;";
var sql = "DROP TABLE IF EXISTS distributors3; CREATE TABLE distributors3 (id integer, name varchar(40), UNIQUE(name)); GRANT SELECT ON distributors3 TO " + public_user + ";";
pg.query(sql, function(err, result){
pg = new PSQL(null, 'cartodb_test_user_1_db'); //anonymous user