From d9870305da8115a5c055b3babc3439e9a435f652 Mon Sep 17 00:00:00 2001 From: Simon Tokumine Date: Wed, 7 Sep 2011 12:05:10 +0100 Subject: [PATCH] updated to post --- app/controllers/app.js | 14 +++++++++--- test/acceptance/app.test.js | 43 ++++++++++++++++++++++++------------- 2 files changed, 39 insertions(+), 18 deletions(-) diff --git a/app/controllers/app.js b/app/controllers/app.js index fce6a504..ee9dc447 100755 --- a/app/controllers/app.js +++ b/app/controllers/app.js @@ -23,11 +23,16 @@ var express= require('express') , PSQL = require(global.settings.app_root + '/app/models/psql') , _ = require('underscore'); +app.use(express.bodyParser()); app.enable('jsonp callback'); -app.get('/api/v1/', function(req, res){ + +app.get('/api/v1/sql', function(req, res) { handleQuery(req, res) } ); +app.post('/api/v1/sql', function(req, res) { handleQuery(req, res) } ); +function handleQuery(req, res){ // sanitize input - var sql = req.query.sql; + var body = (req.body) ? req.body : {}; + var sql = req.query.q || body.q; // get and post var database = req.query.database; // deprecate this in future var limit = parseInt(req.query.rows_per_page); var offset = parseInt(req.query.page); @@ -75,9 +80,12 @@ app.get('/api/v1/', function(req, res){ } ); } catch (err) { + console.log('[ERROR]\n' + err); handleException(err, res); } -}); +} + + function handleException(err, res){ var msg = (global.settings.environment == 'development') ? {error:[err.message], stack: err.stack} : {error:[err.message]} diff --git a/test/acceptance/app.test.js b/test/acceptance/app.test.js index b2c6a077..98786380 100644 --- a/test/acceptance/app.test.js +++ b/test/acceptance/app.test.js @@ -12,15 +12,17 @@ * */ require('../helper'); + var app = require(global.settings.app_root + '/app/controllers/app') , assert = require('assert') - , tests = module.exports = {}; + , tests = module.exports = {} + , querystring = require('querystring'); var real_oauth_header = 'OAuth realm="http://vizzuality.testhost.lan/",oauth_consumer_key="fZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2",oauth_token="l0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR",oauth_signature_method="HMAC-SHA1", oauth_signature="o4hx4hWP6KtLyFwggnYB4yPK8xI%3D",oauth_timestamp="1313581372",oauth_nonce="W0zUmvyC4eVL8cBd4YwlH1nnPTbxW0QBYcWkXTwe4",oauth_version="1.0"'; -tests['GET /api/v1/'] = function(){ +tests['GET /api/v1/sql'] = function(){ assert.response(app, { - url: '/api/v1/', + url: '/api/v1/sql', method: 'GET' },{ body: '{"error":["You must indicate a sql query"]}', @@ -28,18 +30,18 @@ tests['GET /api/v1/'] = function(){ }); }; -tests['GET /api/v1/ with SQL parameter on SELECT only. No oAuth included '] = function(){ +tests['GET /api/v1/sql with SQL parameter on SELECT only. No oAuth included '] = function(){ assert.response(app, { - url: '/api/v1/?sql=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_dev_user_1_db', + url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_dev_user_1_db', method: 'GET' },{ status: 200 }); }; -tests['GET /api/v1/ with SQL parameter on SELECT only. no database param, just id using headers'] = function(){ +tests['GET /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers'] = function(){ assert.response(app, { - url: '/api/v1/?sql=SELECT%20*%20FROM%20untitle_table_4', + url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4', headers: {host: 'vizzuality.cartodb.com'}, method: 'GET' },{ @@ -47,27 +49,38 @@ tests['GET /api/v1/ with SQL parameter on SELECT only. no database param, just i }); }; -tests['GET /api/v1/ with SQL parameter on INSERT only. oAuth not used, so public user - should fail'] = function(){ +tests['POST /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers'] = function(){ assert.response(app, { - url: "/api/v1/?sql=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db", + url: '/api/v1/sql', + data: querystring.stringify({q: "SELECT * FROM untitle_table_4"}), + headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' }, + method: 'POST' + },{ + status: 200 + }); +}; + +tests['GET /api/v1/sql with SQL parameter on INSERT only. oAuth not used, so public user - should fail'] = function(){ + assert.response(app, { + url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db", method: 'GET' },{ status: 400 }); }; -tests['GET /api/v1/ with SQL parameter on DROP DATABASE only. oAuth not used, so public user - should fail'] = function(){ +tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only. oAuth not used, so public user - should fail'] = function(){ assert.response(app, { - url: "/api/v1/?sql=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db", + url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db", method: 'GET' },{ status: 400 }); }; -tests['GET /api/v1/ with SQL parameter on INSERT only. header based db - should fail'] = function(){ +tests['GET /api/v1/sql with SQL parameter on INSERT only. header based db - should fail'] = function(){ assert.response(app, { - url: "/api/v1/?sql=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)", + url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)", headers: {host: 'vizzuality.cartodb.com'}, method: 'GET' },{ @@ -75,9 +88,9 @@ tests['GET /api/v1/ with SQL parameter on INSERT only. header based db - should }); }; -tests['GET /api/v1/ with SQL parameter on DROP DATABASE only.header based db - should fail'] = function(){ +tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only.header based db - should fail'] = function(){ assert.response(app, { - url: "/api/v1/?sql=DROP%20TABLE%20untitle_table_4", + url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4", headers: {host: 'vizzuality.cartodb.com'}, method: 'GET' },{