cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract query may write middleware

Browse Source
This commit is contained in:
Daniel García Aubert 2019-07-26 18:23:14 +02:00
parent 5156fc2ad2
commit fcb7591051
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/query_controller.js
View File

@ -2,7 +2,6 @@
var step = require('step'); var step = require('step');
var PSQL = require('cartodb-psql'); var PSQL = require('cartodb-psql');
var queryMayWrite = require('../utils/query_may_write');
const formats = require('../models/formats'); const formats = require('../models/formats');
var getContentDisposition = require('../utils/content_disposition'); var getContentDisposition = require('../utils/content_disposition');
const bodyParserMiddleware = require('../middlewares/body-parser'); const bodyParserMiddleware = require('../middlewares/body-parser');
@ -19,6 +18,7 @@ const logMiddleware = require('../middlewares/log');
const cancelOnClientAbort = require('../middlewares/cancel-on-client-abort'); const cancelOnClientAbort = require('../middlewares/cancel-on-client-abort');
const affectedTables = require('../middlewares/affected-tables'); const affectedTables = require('../middlewares/affected-tables');
const accessValidator = require('../middlewares/access-validator'); const accessValidator = require('../middlewares/access-validator');
const queryMayWrite = require('../middlewares/query-may-write');
const ONE_YEAR_IN_SECONDS = 31536000; // ttl in cache provider const ONE_YEAR_IN_SECONDS = 31536000; // ttl in cache provider
const FIVE_MINUTES_IN_SECONDS = 60 * 5; // ttl in cache provider const FIVE_MINUTES_IN_SECONDS = 60 * 5; // ttl in cache provider
@ -52,6 +52,7 @@ QueryController.prototype.route = function (app) {
cancelOnClientAbort(), cancelOnClientAbort(),
affectedTables(), affectedTables(),
accessValidator(), accessValidator(),
queryMayWrite(),
this.handleQuery.bind(this), this.handleQuery.bind(this),
errorMiddleware() errorMiddleware()
]; ];
@ -69,7 +70,8 @@ QueryController.prototype.handleQuery = function (req, res, next) {
user: username, user: username,
userDbParams: dbopts, userDbParams: dbopts,
userLimits, userLimits,
affectedTables affectedTables,
mayWrite
} = res.locals; } = res.locals;
const { orderBy, sortOrder, limit, offset } = res.locals.params; const { orderBy, sortOrder, limit, offset } = res.locals.params;
const { sql, format, skipfields, decimalPrecision, filename, callback } = res.locals.params; const { sql, format, skipfields, decimalPrecision, filename, callback } = res.locals.params;
@ -86,13 +88,10 @@ QueryController.prototype.handleQuery = function (req, res, next) {
// 3. Handle error // 3. Handle error
step( step(
function setHeaders() { function setHeaders() {
var mayWrite = queryMayWrite(sql);
var FormatClass = formats[format]; var FormatClass = formats[format];
formatter = new FormatClass(); formatter = new FormatClass();
req.formatter = formatter; req.formatter = formatter;
// configure headers for given format // configure headers for given format
var useInline = (!req.query.format && !req.body.format && !req.query.filename && !req.body.filename); var useInline = (!req.query.format && !req.body.format && !req.query.filename && !req.body.filename);
res.header("Content-Disposition", getContentDisposition(formatter, filename, useInline)); res.header("Content-Disposition", getContentDisposition(formatter, filename, useInline));

12
app/middlewares/query-may-write.js Normal file
View File

@ -0,0 +1,12 @@
'use strict';
const queryMayWrite = require('../utils/query_may_write');
module.exports = function mayWrite () {
return function mayWriteMiddleware (req, res, next) {
const { sql } = res.locals.params;
res.locals.mayWrite = queryMayWrite(sql);
next();
};
};

1
test/acceptance/app.test.js
View File

@ -351,7 +351,6 @@ it('GET /api/v1/sql with SQL parameter and no format, ensuring content-dispositi
var ct = res.headers['content-type']; var ct = res.headers['content-type'];
assert.ok(/json/.test(ct), 'Default format is not JSON: ' + ct); assert.ok(/json/.test(ct), 'Default format is not JSON: ' + ct);
var cd = res.headers['content-disposition']; var cd = res.headers['content-disposition'];
console.log(/^inline/.test(cd), cd);
assert.equal(true, /^inline/.test(cd), 'Default format is not disposed inline: ' + cd); assert.equal(true, /^inline/.test(cd), 'Default format is not disposed inline: ' + cd);
assert.equal(true, /filename=cartodb-query.json/gi.test(cd), 'Unexpected JSON filename: ' + cd); assert.equal(true, /filename=cartodb-query.json/gi.test(cd), 'Unexpected JSON filename: ' + cd);
done(); done();