Don't assume SELECT "updated_at" may write to the database.

Closes #99
This commit is contained in:
Sandro Santilli 2013-07-08 17:36:53 +02:00
parent bd927556c5
commit bc49aebd2a
3 changed files with 21 additions and 1 deletions

View File

@ -1,5 +1,6 @@
1.5.1 1.5.1
----- -----
* Improve cacheability of queries selecting "updated_at" fields (#99)
1.5.0 1.5.0
----- -----

View File

@ -82,7 +82,7 @@ app.get(global.settings.base_url+'/cachestatus', function(req, res) { handleCac
// //
function queryMayWrite(sql) { function queryMayWrite(sql) {
var mayWrite = false; var mayWrite = false;
var pattern = RegExp("(alter|insert|update|delete|create|drop|truncate)", "i"); var pattern = RegExp("\\b(alter|insert|update|delete|create|drop|truncate)\\b", "i");
if ( pattern.test(sql) ) { if ( pattern.test(sql) ) {
mayWrite = true; mayWrite = true;
} }

View File

@ -391,6 +391,25 @@ test('GET /api/v1/sql with SQL parameter on DROP TABLE. should fail', function(d
}); });
}); });
// Check X-Cache-Channel when querying "updated_at" fields
//
// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/99
test('Field name is not confused with UPDATE operation', function(done){
assert.response(app, {
// view prepare_db.sh to see where to set api_key
url: "/api/v1/sql?api_key=1234&"
+ querystring.stringify({q:
"SELECT min(updated_at) FROM private_table"
}),
headers: {host: 'vizzuality.localhost.lan:8080' },
method: 'GET'
},{}, function(res) {
assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
assert.equal(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:private_table');
done();
});
});
test('CREATE TABLE with GET and auth', function(done){ test('CREATE TABLE with GET and auth', function(done){
assert.response(app, { assert.response(app, {
url: "/api/v1/sql?" + querystring.stringify({ url: "/api/v1/sql?" + querystring.stringify({