updated to post

2011-09-07 12:05:10 +01:00 · 2011-09-07 12:05:10 +01:00 · d9870305da
commit d9870305da
parent 44d62e43b9
2 changed files with 39 additions and 18 deletions
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -23,11 +23,16 @@ var express= require('express')
    , PSQL   = require(global.settings.app_root + '/app/models/psql')
    , _      = require('underscore');
 app.use(express.bodyParser());
 app.enable('jsonp callback');
-app.get('/api/v1/', function(req, res){
+
 app.get('/api/v1/sql',  function(req, res) { handleQuery(req, res) } );
 app.post('/api/v1/sql', function(req, res) { handleQuery(req, res) } );
 function handleQuery(req, res){
    // sanitize input
-    var sql       = req.query.sql;
+    var body      = (req.body) ? req.body : {};
    var sql       = req.query.q || body.q; // get and post
    var database  = req.query.database; // deprecate this in future
    var limit     = parseInt(req.query.rows_per_page);
    var offset    = parseInt(req.query.page);
@ -75,9 +80,12 @@ app.get('/api/v1/', function(req, res){
            }
        );
    } catch (err) {
        console.log('[ERROR]\n' + err);
        handleException(err, res);
    }
-});
+}
 function handleException(err, res){
    var msg = (global.settings.environment == 'development') ? {error:[err.message], stack: err.stack} : {error:[err.message]}
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -12,15 +12,17 @@
 *
 */
 require('../helper');
 var app    = require(global.settings.app_root + '/app/controllers/app')
    , assert = require('assert')
-    , tests  = module.exports = {};
+    , tests  = module.exports = {}
    , querystring = require('querystring');
 var real_oauth_header = 'OAuth realm="http://vizzuality.testhost.lan/",oauth_consumer_key="fZeNGv5iYayvItgDYHUbot1Ukb5rVyX6QAg8GaY2",oauth_token="l0lPbtP68ao8NfStCiA3V3neqfM03JKhToxhUQTR",oauth_signature_method="HMAC-SHA1", oauth_signature="o4hx4hWP6KtLyFwggnYB4yPK8xI%3D",oauth_timestamp="1313581372",oauth_nonce="W0zUmvyC4eVL8cBd4YwlH1nnPTbxW0QBYcWkXTwe4",oauth_version="1.0"';
-tests['GET /api/v1/'] = function(){
+tests['GET /api/v1/sql'] = function(){
    assert.response(app, {
-        url: '/api/v1/',
+        url: '/api/v1/sql',
        method: 'GET'
    },{
        body: '{"error":["You must indicate a sql query"]}',
@ -28,18 +30,18 @@ tests['GET /api/v1/'] = function(){
    });
 };
-tests['GET /api/v1/ with SQL parameter on SELECT only. No oAuth included '] = function(){
+tests['GET /api/v1/sql with SQL parameter on SELECT only. No oAuth included '] = function(){
    assert.response(app, {
-        url: '/api/v1/?sql=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_dev_user_1_db',
+        url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_dev_user_1_db',
        method: 'GET'
    },{
        status: 200
    });
 };
-tests['GET /api/v1/ with SQL parameter on SELECT only. no database param, just id using headers'] = function(){
+tests['GET /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers'] = function(){
    assert.response(app, {
-        url: '/api/v1/?sql=SELECT%20*%20FROM%20untitle_table_4',
+        url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4',
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{
@ -47,27 +49,38 @@ tests['GET /api/v1/ with SQL parameter on SELECT only. no database param, just i
    });
 };
-tests['GET /api/v1/ with SQL parameter on INSERT only. oAuth not used, so public user - should fail'] = function(){
+tests['POST /api/v1/sql with SQL parameter on SELECT only. no database param, just id using headers'] = function(){
    assert.response(app, {
-        url: "/api/v1/?sql=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db",
+        url: '/api/v1/sql',
        data: querystring.stringify({q: "SELECT * FROM untitle_table_4"}),
        headers: {host: 'vizzuality.cartodb.com', 'Content-Type': 'application/x-www-form-urlencoded' },
        method: 'POST'
    },{
        status: 200
    });
 };
 tests['GET /api/v1/sql with SQL parameter on INSERT only. oAuth not used, so public user - should fail'] = function(){
    assert.response(app, {
        url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)&database=cartodb_dev_user_1_db",
        method: 'GET'
    },{
        status: 400
    });
 };
-tests['GET /api/v1/ with SQL parameter on DROP DATABASE only. oAuth not used, so public user - should fail'] = function(){
+tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only. oAuth not used, so public user - should fail'] = function(){
    assert.response(app, {
-        url: "/api/v1/?sql=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db",
+        url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4&database=cartodb_dev_user_1_db",
        method: 'GET'
    },{
        status: 400
    });
 };
-tests['GET /api/v1/ with SQL parameter on INSERT only. header based db - should fail'] = function(){
+tests['GET /api/v1/sql with SQL parameter on INSERT only. header based db - should fail'] = function(){
    assert.response(app, {
-        url: "/api/v1/?sql=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)",
+        url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(id)%20VALUES%20(1)",
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{
@ -75,9 +88,9 @@ tests['GET /api/v1/ with SQL parameter on INSERT only. header based db - should
    });
 };
-tests['GET /api/v1/ with SQL parameter on DROP DATABASE only.header based db - should fail'] = function(){
+tests['GET /api/v1/sql with SQL parameter on DROP DATABASE only.header based db - should fail'] = function(){
    assert.response(app, {
-        url: "/api/v1/?sql=DROP%20TABLE%20untitle_table_4",
+        url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4",
        headers: {host: 'vizzuality.cartodb.com'},
        method: 'GET'
    },{