CartoDB-SQL-API/test/acceptance/app-configuration-test.js
Esther Lozano ac8086a8e3
Rename accepted headers for metrics events (#641)
* Rename accepted headers for metrics events
2020-02-18 11:14:06 +01:00

203 lines
7.3 KiB
JavaScript

'use strict';
require('../helper');
var server = require('../../lib/server')();
var assert = require('../support/assert');
const accessControlHeaders = [
'X-Requested-With',
'X-Prototype-Version',
'X-CSRF-Token',
'Authorization',
'Carto-Event',
'Carto-Event-Source',
'Carto-Event-Group-Id'
].join(', ');
const exposedHeaders = [
'Carto-Rate-Limit-Limit',
'Carto-Rate-Limit-Remaining',
'Carto-Rate-Limit-Reset',
'Retry-After'
].join(', ');
describe('app-configuration', function () {
var RESPONSE_OK = {
statusCode: 200
};
var expectedCacheControl = 'no-cache,max-age=31536000,must-revalidate,public';
var expectedCacheControlPersist = 'public,max-age=31536000';
it('GET /api/v1/version', function (done) {
assert.response(server, {
url: '/api/v1/version',
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
var parsed = JSON.parse(res.body);
var sqlapiversion = require('../../package.json').version;
assert.ok(Object.prototype.hasOwnProperty.call(parsed, 'cartodb_sql_api'), "No 'cartodb_sql_api' version in " + parsed);
assert.strictEqual(parsed.cartodb_sql_api, sqlapiversion);
done();
});
});
it('GET /api/v1/sql', function (done) {
assert.response(server, {
url: '/api/v1/sql',
headers: { host: 'vizzuality.cartodb.com' },
method: 'GET'
}, {
status: 400
}, function (err, res) {
assert.ifError(err);
assert.deepStrictEqual(res.headers['content-type'], 'application/json; charset=utf-8');
assert.deepStrictEqual(res.headers['content-disposition'], 'inline');
assert.deepStrictEqual(JSON.parse(res.body), { error: ['You must indicate a sql query'] });
done();
});
});
// Test base_url setting
it('GET /api/whatever/sql', function (done) {
assert.response(server, {
url: '/api/whatever/sql?q=SELECT%201',
headers: { host: 'vizzuality.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, done);
});
// Test CORS headers with GET
it('GET /api/whatever/sql', function (done) {
assert.response(server, {
url: '/api/whatever/sql?q=SELECT%201',
headers: { host: 'vizzuality.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
assert.strictEqual(
res.headers['access-control-allow-headers'],
accessControlHeaders
);
assert.strictEqual(
res.headers['access-control-expose-headers'],
exposedHeaders
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
done();
});
});
// Test that OPTIONS does not run queries
it('OPTIONS /api/x/sql', function (done) {
assert.response(server, {
url: '/api/x/sql?q=syntax%20error',
headers: { host: 'vizzuality.cartodb.com' },
method: 'OPTIONS'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
assert.strictEqual(res.body, '');
assert.strictEqual(
res.headers['access-control-allow-headers'],
accessControlHeaders
);
assert.strictEqual(
res.headers['access-control-expose-headers'],
exposedHeaders
);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
done();
});
});
it('cache_policy=persist', function (done) {
assert.response(server, {
url: '/api/v1/sql?q=' +
'SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db&cache_policy=persist',
headers: { host: 'vizzuality.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
// Check cache headers
assert.ok(Object.prototype.hasOwnProperty.call(res.headers, 'x-cache-channel'));
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/105
assert.strictEqual(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
assert.strictEqual(res.headers['cache-control'], expectedCacheControlPersist);
done();
});
});
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/121
it('SELECT from user-specific database', function (done) {
var backupDBHost = global.settings.db_host;
global.settings.db_host = '6.6.6.6';
assert.response(server, {
url: '/api/v1/sql?q=SELECT+2+as+n',
headers: { host: 'cartodb250user.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
global.settings.db_host = backupDBHost;
try {
var parsed = JSON.parse(res.body);
assert.strictEqual(parsed.rows.length, 1);
assert.strictEqual(parsed.rows[0].n, 2);
} catch (e) {
return done(e);
}
done();
});
});
// See https://github.com/CartoDB/CartoDB-SQL-API/issues/120
it('SELECT with user-specific password', function (done) {
var backupDBUserPass = global.settings.db_user_pass;
global.settings.db_user_pass = '<%= user_password %>';
assert.response(server, {
url: '/api/v1/sql?q=SELECT+2+as+n&api_key=1234',
headers: { host: 'cartodb250user.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
global.settings.db_user_pass = backupDBUserPass;
try {
assert.strictEqual(res.statusCode, 200, res.statusCode + ': ' + res.body);
var parsed = JSON.parse(res.body);
assert.strictEqual(parsed.rows.length, 1);
assert.strictEqual(parsed.rows[0].n, 2);
} catch (e) {
return done(e);
}
return done();
});
});
/**
* CORS
*/
it('GET /api/v1/sql with SQL parameter on SELECT only should return CORS headers ', function (done) {
assert.response(server, {
url: '/api/v1/sql?q=SELECT%20*%20FROM%20untitle_table_4&database=cartodb_test_user_1_db',
headers: { host: 'vizzuality.cartodb.com' },
method: 'GET'
}, RESPONSE_OK, function (err, res) {
assert.ifError(err);
// Check cache headers
assert.strictEqual(res.headers['x-cache-channel'], 'cartodb_test_user_1_db:public.untitle_table_4');
assert.strictEqual(res.headers['cache-control'], expectedCacheControl);
assert.strictEqual(res.headers['access-control-allow-origin'], '*');
assert.strictEqual(
res.headers['access-control-allow-headers'],
accessControlHeaders
);
assert.strictEqual(
res.headers['access-control-expose-headers'],
exposedHeaders
);
done();
});
});
});