Do not choke on multiple skipfields parameter

2013-05-06 12:30:32 +02:00 · 2013-05-06 12:30:32 +02:00 · cc74244b33
commit cc74244b33
parent ddd9cc547a
3 changed files with 47 additions and 13 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -1,5 +1,6 @@
 1.3.9
 -----
+* Do not choke on multiple `skipfields` parameter

 1.3.8
 -----
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -104,12 +104,14 @@ function handleQuery(req, res) {
    var requestedFilename = req.query.filename || body.filename
    var filename  = requestedFilename;
    var requestedSkipfields = req.query.skipfields || body.skipfields;
-    var skipfields = requestedSkipfields ? requestedSkipfields.split(',') : [];
+    var skipfields;
    var dp        = req.query.dp || body.dp; // decimal point digits (defaults to 6)
    var gn        = "the_geom"; // TODO: read from configuration file
    var user_id;
    var tableCacheItem;

+    try {
+
        // sanitize and apply defaults to input
        dp        = (dp       === "" || _.isUndefined(dp))       ? '6'  : dp;
        format    = (format   === "" || _.isUndefined(format))   ? 'json' : format.toLowerCase();
@ -119,11 +121,22 @@ function handleQuery(req, res) {
        limit     = (_.isNumber(limit))  ? limit : null;
        offset    = (_.isNumber(offset)) ? offset * limit : null;

+        // Accept both comma-separated string or array of comma-separated strings
+        if ( requestedSkipfields ) {
+          if ( _.isString(requestedSkipfields) ) skipfields = requestedSkipfields.split(',');
+          else if ( _.isArray(requestedSkipfields) ) {
+            skipfields = [];
+            _.each(requestedSkipfields, function(ele) {
+              skipfields = skipfields.concat(ele.split(','));
+            });
+          }
+        } else {
+          skipfields = [];
+        }
+
        // setup step run
        var start = new Date().getTime();

-    try {
-
        if ( -1 === supportedFormats.indexOf(format) )
          throw new Error("Invalid format: " + format);

--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -602,6 +602,26 @@ test('skipfields controls included fields', function(done){
    });
 });

+test('multiple skipfields parameter do not kill the backend', function(done){
+    assert.response(app, {
+        url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&skipfields=unexistent,the_geom_webmercator&skipfields=cartodb_id,unexistant',
+        headers: {host: 'vizzuality.cartodb.com'},
+        method: 'GET'
+    },{ }, function(res){
+        assert.equal(res.statusCode, 200, res.body);
+        var row0 = JSON.parse(res.body).rows[0];
+        var checkfields = {'name':1, 'cartodb_id':0, 'the_geom':1, 'the_geom_webmercator':0};
+        for ( var f in checkfields ) {
+          if ( checkfields[f] ) {
+            assert.ok(row0.hasOwnProperty(f), "result does not include '" + f + "'");
+          } else {
+            assert.ok(!row0.hasOwnProperty(f), "result includes '" + f + "'");
+          }
+        }
+        done();
+    });
+});
+
 test('GET /api/v1/sql ensure cross domain set on errors', function(done){
    assert.response(app, {
        url: '/api/v1/sql?q=SELECT%20*gadfgadfg%20FROM%20untitle_table_4',