cartodb/CartoDB-SQL-API
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,982 Commits 1 Branch 118 Tags 9.7 MiB
2aed90392e
Commit Graph

172 Commits

Author SHA1 Message Date
Raul Ochoa
21b8e6947c Non authenticated request cannot use pg_ catalogs/functions 2014-08-08 12:48:29 +02:00
Raul Ochoa
f6c364b3b9 CDB-3032 Removes sql statements restriction on pg_ queries 2014-08-07 16:22:48 +02:00
Raul Ochoa
93ed7a43be Merge pull request #165 from CartoDB/CDB-3255 
CDB-3255 More secure test
 2014-08-05 00:57:59 +02:00
Raul Ochoa
63d41e4843 CDB-3255 More secure test 2014-08-05 00:57:09 +02:00
Raul Ochoa
6dd08253bf Merge pull request #162 from CartoDB/CDB-3774 
CDB-3774 Re-enables disabled tests
 2014-08-04 18:48:35 +02:00
Raul Ochoa
c3aefd16c1 CDB-3774 Re-enables disabled tests 2014-08-04 15:58:37 +02:00
Raul Ochoa
ce70e7252b Callback requests send 200 status error even if the query failed 2014-08-04 15:56:43 +02:00
Raul Ochoa
eaba2e20d4 Adds test to cover jsonp callbacks wrapped responses 2014-07-30 20:01:43 +02:00
Raul Ochoa
572f8c59b7 Changes authentication to start using public user if it is defined in redis. 2014-07-04 16:47:59 +02:00
Raul Ochoa
ac0826dc91 Updates CDB_QueryTables to match the one from the extension. Fixes some tests to show the schema presence. 
Skip some tests that we need to review because with the current implementation of CDB_QueryTables dont make sense.
CDB_QueryTables should be used from the extension as a dependency.
 2014-06-26 11:22:40 +02:00
Sandro Santilli
07a5a20d5f Fix paging with queries starting with comments 
Closes #144
Includes testcase
 2014-03-27 12:47:34 +01:00
Sandro Santilli
73624dc89f Extend paging test 
Tests page=0, POST and authentication
 2014-03-27 12:46:49 +01:00
Sandro Santilli
622846b453 Add '/version' endpoint 
Closes #138
Includes testcase
 2014-03-13 13:40:56 +01:00
Sandro Santilli
6c47537f47 Honour the 'node_socket_timeout' configuration directive 
Closes #128
Includes testcase, which required enhancing assert.response to
handle errors.
Changes app controller to a function that only reads configuration
when executed (rather than when only require'd).
 2014-01-31 10:58:19 +01:00
Sandro Santilli
61cec80d4d Fix use of "SELECT .. INTO" with windowing params 
Includes testcase. Closes #127
 2014-01-09 17:56:09 +01:00
Sandro Santilli
80c30858bd Enhance error message on unknown cartodb username 
Closes #126
 2013-12-18 12:02:51 +01:00
Sandro Santilli
fcf982e045 Document and test "page" and "rows_per_page" parameters. 
Closes #123
 2013-12-03 10:52:55 -05:00
Sandro Santilli
77acd2567e Request that notices are sent to client while testing them 
See https://travis-ci.org/CartoDB/CartoDB-SQL-API/builds/14146134
 2013-11-18 17:09:57 +01:00
Sandro Santilli
9389a04030 Add warnings and notices to JSON response. Closes #104. 2013-11-18 17:01:06 +01:00
Sandro Santilli
6ebeed04c2 Optionally read user-specific database_password from redis 
Follows CartoDB-2.5.0 model. Includes testcase.
Closes #120 -- Jira ref CDB-870
 2013-11-18 13:31:11 +01:00
Sandro Santilli
af1f3daa69 Optionally read user-specific database_host from redis 
Follows CartoDB-2.5.0 model. Includes testcase.
Closes #121 -- Jire ref CDB-870
 2013-11-18 12:21:30 +01:00
Sandro Santilli
03ea51a375 CartoDB redis interaction delegated to "cartodb-redis" module 2013-11-15 19:14:55 +01:00
javi
370d45d8b6 fixed #119 2013-11-09 16:55:40 +01:00
Sandro Santilli
973c7181f0 Allow access to tables whose name contains "pg_" (but not at beginning) 
Closes #118
 2013-11-07 10:16:58 +01:00
Sandro Santilli
0139c8fb16 JSON format: correctly recognize "date" type columns 
Closes #117 -- includes testcase
 2013-11-06 11:43:56 +01:00
Sandro Santilli
1637610f66 Set a meaningful X-Cache-Channel with cache_policy=persist 
Closes #105
 2013-10-18 13:29:06 +02:00
Sandro Santilli
7f7ef682ac Improve recognition of non-standard field types names by db lookup 
Closes #112.
Only looks up "geometry" and "raster" types for now, can be improved
over time.
 2013-10-02 10:22:13 +02:00
Sandro Santilli
742936b2b8 Honour skipfields in JSON schema response. Closes #109 2013-09-26 13:26:45 +02:00
Sandro Santilli
f7bee2345d Report boolean values as of boolean type, not string. Closes #106 2013-08-22 13:45:20 +02:00
Sandro Santilli
7a07a25086 Add REINDEX to the list of uncacheable queries 2013-07-24 18:43:38 +02:00
Sandro Santilli
2ee9411889 Review cache-control headers: 
* Raise max-age to one year for all cacheable queries
 * Set max-age to 0 for uncacheable (mutating) queries
 2013-07-22 17:21:38 +02:00
Luis Bosque
7b6b541083 Revert "Set max-age=0 when using no-cache" 2013-07-10 07:58:35 +02:00
Sandro Santilli
46b7f7a309 Parse all numbers as floats. Closes #100 2013-07-09 21:51:40 +02:00
Sandro Santilli
bc49aebd2a Don't assume SELECT "updated_at" may write to the database. 
Closes #99
 2013-07-08 17:36:53 +02:00
javi
69b5d825e3 reverted support for get params in post 2013-07-04 16:23:48 +02:00
javi
320e0b97a8 Merge branch 'develop' of github.com:Vizzuality/CartoDB-SQL-API into develop 2013-07-04 16:14:51 +02:00
javi
838c0c93ba Add support for GET params in POST requests 2013-07-04 16:14:44 +02:00
Sandro Santilli
ba28496127 Add support for "text" datatypes in json output format 2013-07-04 16:04:13 +02:00
Sandro Santilli
46e93355c4 Set max-age=0 when using no-cache (don't be self-contraddicting) 2013-06-28 11:17:52 +02:00
Sandro Santilli
7eff0cb107 Retain UTC offset in JSON output for dates 
Hopefully helps reducing confusion when using timezone-less
with postgresql, in that the time that comes out of JSON output
matches the one input by user, except it may be in an unexpected
timezone (the server's one)
 2013-06-19 12:25:48 +02:00
Sandro Santilli
88f1d33b42 Add "fields" member in JSON return. Closes #97 2013-06-14 18:36:05 +02:00
Sandro Santilli
e03262c5da Upgrade node-postgresql to ~1.1.3 fixing evented query model 2013-06-06 17:06:06 +02:00
Sandro Santilli
339bc0b3a4 Fix windowing support for non-uppercased SELECT queries 2013-06-06 15:24:57 +02:00
Sandro Santilli
aff77399b1 Extract geojson test from main test 2013-05-27 17:34:05 +02:00
Sandro Santilli
3f98cab09a Do not execute queries on OPTIONS. Closes #94 2013-05-24 14:21:13 +02:00
Sandro Santilli
985631092b Fix test for custom base_url 2013-05-24 13:51:39 +02:00
Sandro Santilli
cf6bed9bdb Bubble paging UI hack up from model to controller 
... one day we'll need to completely drop this hack!
 2013-05-24 10:22:17 +02:00
Sandro Santilli
81a83b93e4 Make base url configurable, use a wildcard in the example config 2013-05-23 11:49:23 +02:00
Sandro Santilli
414f4b6c3e Do not request caching of TRUNCATE queries 2013-05-06 18:21:22 +02:00
Sandro Santilli
cc74244b33 Do not choke on multiple skipfields parameter 2013-05-06 12:30:32 +02:00
Sandro Santilli
0f17889b05 Really fix the tests for unauthorized attempts to write db 
It was not about specifying the db trough headers but rather
about referencing the _wrong_ database via params. Also fixes
the expected result (which was indeed wrong).
 2013-04-11 13:35:11 +02:00
Sandro Santilli
2210d9b588 Fix test using wrong hostname (thus connecting to wrong db) 2013-04-11 13:00:13 +02:00
Sandro Santilli
e7437ba7cd Rework system catalogue prevention access check to use CDB_QueryTables 
This change reduces the chances of false positive
(forbidding legit queries). Doesn't solve the problem of false
negative (allowing illegit queries).
 2013-04-09 12:36:37 +02:00
Sandro Santilli
d54d953e75 Another bit of improvement for the system-table query prevention 
This work is more important for the testcases than the actual code
 2013-04-09 12:20:27 +02:00
Sandro Santilli
1bcffbc68c Make using SET or querying system catalogues harder 
An hack to "prevent" querying system tables already existed but
was pretty weak. This commits makes that a bit stronger. The
filter for SET is new.
 2013-04-09 11:52:34 +02:00
Sandro Santilli
5fa19a0515 Fix parsing of numeric arrays. Closes #88. 
Includes testcase, requires using a fork of node-postgresql.
 2013-03-14 11:41:07 +01:00
Sandro Santilli
8de8bbc460 Add test for multi-statement and begin/commit 2013-02-18 18:39:09 +01:00
Sandro Santilli
d4b1f580ff Fix X-Cache-Channel computation with paging parameters. Closes #85. 2013-02-18 16:19:12 +01:00
Sandro Santilli
5959e6465a Fix Content-Disposition for error responses. Closes #82 2013-02-13 13:32:34 +01:00
Sandro Santilli
fdf49bd2ab Add a test for COPY TO file 2013-01-21 17:39:07 +01:00
Sandro Santilli
19fc0e5854 Fix crash when issuing SQL "COPY" command 
This involved upgrade of node-postgresql module.
See https://github.com/brianc/node-postgres/issues/242
 2013-01-17 10:14:29 +01:00
Sandro Santilli
ef729a027f Split SVG tests from main test file 2013-01-16 11:16:38 +01:00
Sandro Santilli
76b35b71a1 Split KML tests from main test file 2013-01-16 09:58:09 +01:00
Sandro Santilli
e897cb07d2 Add test for null geoms in geojson 
Also drop an hard-coded "the_geom" in geojson output code
 2013-01-11 18:57:45 +01:00
Sandro Santilli
c84f9b1a52 Split SHP tests from main test file 2013-01-11 16:16:28 +01:00
Sandro Santilli
9550837fbe Split CSV tests from main test file 2013-01-11 11:21:59 +01:00
Sandro Santilli
2e85588d99 Format date fields in CSV output 2012-12-07 14:27:02 +01:00
Sandro Santilli
a63cb20be0 Add test for Date field formatting in CSV (#77) 2012-12-07 12:06:44 +01:00
Sandro Santilli
0274425de9 Add another test for CSV truncation (succeeds) 2012-11-16 12:54:09 +01:00
Sandro Santilli
3a641beda8 Fix UTF8 in shapefile export. Closes #66. 
Testcases count reaches 100 ! Happy post-post-gis day :)
 2012-11-16 12:50:21 +01:00
Sandro Santilli
da05e6f4ca Fix KML export truncation. Closes #947 
Also adds test for SHP truncation (isn't trucated)
 2012-11-16 12:22:06 +01:00
Sandro Santilli
bd08eb4add Use inline attachment also with POST, if format isn't given 2012-11-14 16:30:18 +01:00
Sandro Santilli
6b7cada97d Never dispose "inline" when using POST. 2012-11-13 19:27:25 +01:00
Sandro Santilli
0ef13f08c2 Use inline disposition when no format and no filename are given 
See #61
 2012-11-12 19:44:16 +01:00
Sandro Santilli
120cf3f0c5 Add 'cache_policy' parameter. Closes #62 2012-11-12 19:14:20 +01:00
Sandro Santilli
005ae48e3a Support for specifying a list of fields to skip from output. 
Closes #63
 2012-11-12 17:11:17 +01:00
Sandro Santilli
46cec7a0e5 Add support for specifying a filename for exports. Closes #64 
Sets release target to 1.3.0, due to parameter addition
 2012-11-12 12:40:53 +01:00
javi
3fd3c5fabc added the needed headers for CORS 2012-11-01 13:17:45 +01:00
Sandro Santilli
9aa28c5bea Initial support for KML output format. Closes #54. 2012-10-25 18:10:56 +02:00
Sandro Santilli
978c0b4cbe Advertise header presence in CSV Content-Type 2012-10-25 13:40:21 +02:00
Sandro Santilli
a6837573c5 Use "attachment" Content-Disposition for all output formats. 
Closes #61, includes tests

NOTE: this includes the default "json" format.
 2012-10-25 13:34:06 +02:00
Sandro Santilli
5d8eccc81e Fix CSV output with no rows. Closes #60 2012-10-25 13:14:47 +02:00
Sandro Santilli
d0ae7e08a6 Initial support for Shapefile output 2012-10-18 12:51:12 +02:00
Sandro Santilli
d399d2153f Improve input data control in test for "dp" parameter 2012-10-18 11:32:08 +02:00
Sandro Santilli
d9b733e5c6 Recognize ALTER as a writing query 2012-10-15 13:40:04 +02:00
Sandro Santilli
d23416cc60 Set X-Cache-Channel to NONE when the SQL may write to the database 
Note that "may write" allows for false positive, so there could be
less cache hits than possibly allowable. If this will be a problem
for any real use case we could still improve the regular expression
used to detect "writing" queries.

Automated tests are added to check for the X-Cache-Channel header
with both writing and read-only queries performed by authenticated
requests.

Closes #27
Closes #43
 2012-10-15 13:23:17 +02:00
Sandro Santilli
ac83700810 Send a 404 on unsupported format requested 2012-10-12 12:17:35 +02:00
Sandro Santilli
0d91ab2c6a Survive multiple "format" parameters, only using last one 2012-10-12 11:42:03 +02:00
Sandro Santilli
6a2c0e9727 Initial support for SVG output (#49) 
This version only dumps the geometries with no identifier.
Scales geometries to fit in a 1024x768 pixels area, using
a circle radius of 5 pixels, a stroke-width of 1 pixel and
no fill.  Supports trimming number of decimals.
Adds a viewBox tag to fit the drawing to the output device window.

Includes an automated testcase.
 2012-10-04 12:04:50 +02:00
Sandro Santilli
4521942820 Test "CSV" format, drop "KML" from the list of supported formats 2012-10-04 12:04:50 +02:00
Sandro Santilli
2ac6e2d132 Add tests for INSERT/UPDATE/DELETE and _no_ RETURNING (#13) 2012-09-17 16:56:25 +02:00
Sandro Santilli
fe2c6bfe1f Add test for DELETE .. RETURNING (#50) 2012-09-17 16:50:15 +02:00
Sandro Santilli
adfe97bf81 Add test for broken SQL (#51) 2012-09-17 13:04:16 +02:00
Sandro Santilli
8b824801cf Fix INSERT and UPDATE with RETURNING clause. Closes #50 
Includes regression test
 2012-09-17 11:50:19 +02:00
Sandro Santilli
acb625b72f Expect correct JSON, never mind formatting of it 
This is because express-3.0.0beta6 send indented JSON ...
 2012-07-16 17:16:28 +02:00
Sandro Santilli
aee257c5ef Do not leak "tmp" variable to globals 2012-07-13 11:11:30 +02:00
Sandro Santilli
ce4f99fa7f Print body on unexpected non-200 response status 2012-07-13 11:01:32 +02:00
Sandro Santilli
e4f3a94256 Port tests to mocha. Closes #35. 2012-07-13 10:29:09 +02:00
Simon Tokumine
374583e655 add tests and refactor validations for input parameters. closes #29 2012-06-06 19:47:21 +01:00
Simon Tokumine
fb61c32850 add acceptance test for default dp change in geojson 2012-06-06 18:57:50 +01:00