Windshaft-cartodb/lib/cartodb/api/template/admin-template-controller.js

const { templateName } = require('../../backends/template_maps');
const credentials = require('../middlewares/credentials');
const rateLimit = require('../middlewares/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;

/**
 * @param {AuthBackend} authBackend
 * @param {PgConnection} pgConnection
 * @param {TemplateMaps} templateMaps
 * @constructor
 */
function AdminTemplateController(authBackend, templateMaps, userLimitsBackend) {
    this.authBackend = authBackend;
    this.templateMaps = templateMaps;
    this.userLimitsBackend = userLimitsBackend;
}

module.exports = AdminTemplateController;

AdminTemplateController.prototype.register = function (templateRouter) {
    templateRouter.options(`/:template_id`);

    templateRouter.post(
        `/`,
        credentials(),
        authorizedByAPIKey({ authBackend: this.authBackend, action: 'create', label: 'POST TEMPLATE' }),
        rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_CREATE),
        checkContentType({ action: 'POST', label: 'POST TEMPLATE' }),
        createTemplate({ templateMaps: this.templateMaps })
    );

    templateRouter.put(
        `/:template_id`,
        credentials(),
        authorizedByAPIKey({ authBackend: this.authBackend, action: 'update', label: 'PUT TEMPLATE' }),
        rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_UPDATE),
        checkContentType({ action: 'PUT', label: 'PUT TEMPLATE' }),
        updateTemplate({ templateMaps: this.templateMaps })
    );

    templateRouter.get(
        `/:template_id`,
        credentials(),
        authorizedByAPIKey({ authBackend: this.authBackend, action: 'get', label: 'GET TEMPLATE' }),
        rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_GET),
        retrieveTemplate({ templateMaps: this.templateMaps })
    );

    templateRouter.delete(
        `/:template_id`,
        credentials(),
        authorizedByAPIKey({ authBackend: this.authBackend, action: 'delete', label: 'DELETE TEMPLATE' }),
        rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_DELETE),
        destroyTemplate({ templateMaps: this.templateMaps })
    );

    templateRouter.get(
        `/`,
        credentials(),
        authorizedByAPIKey({ authBackend: this.authBackend, action: 'list', label: 'GET TEMPLATE LIST' }),
        rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_LIST),
        listTemplates({ templateMaps: this.templateMaps })
    );
};

function checkContentType ({ action, label }) {
    return function checkContentTypeMiddleware (req, res, next) {
        if (!req.is('application/json')) {
            const error = new Error(`template ${action} data must be of type application/json`);
            error.label = label;
            return next(error);
        }

        next();
    };
}

function authorizedByAPIKey ({ authBackend, action, label }) {
    return function authorizedByAPIKeyMiddleware (req, res, next) {
        const { user } = res.locals;

        authBackend.authorizedByAPIKey(user, res, (err, authenticated, apikey) => {
            if (err) {
                return next(err);
            }

            if (!authenticated) {
                const error = new Error(`Only authenticated user can ${action} templated maps`);
                error.http_status = 403;
                error.label = label;
                return next(error);
            }

            if (apikey.type !== 'master') {
                const error = new Error('Forbidden');
                error.type = 'auth';
                error.subtype = 'api-key-does-not-grant-access';
                error.http_status = 403;

                return next(error);
            }

            next();
        });
    };
}

function createTemplate ({ templateMaps }) {
    return function createTemplateMiddleware (req, res, next) {
        const { user } = res.locals;
        const template = req.body;

        templateMaps.addTemplate(user, template, (err, templateId) => {
            if (err) {
                return next(err);
            }

            res.statusCode = 200;
            res.body = { template_id: templateId };

            next();
        });
    };
}

function updateTemplate ({ templateMaps }) {
    return function updateTemplateMiddleware (req, res, next) {
        const { user } = res.locals;
        const template = req.body;
        const templateId = templateName(req.params.template_id);

        templateMaps.updTemplate(user, templateId, template, (err) => {
            if (err) {
                return next(err);
            }

            res.statusCode = 200;
            res.body = { template_id: templateId };

            next();
        });
    };
}

function retrieveTemplate ({ templateMaps }) {
    return function retrieveTemplateMiddleware (req, res, next) {
        req.profiler.start('windshaft-cartodb.get_template');

        const { user } = res.locals;
        const templateId = templateName(req.params.template_id);

        templateMaps.getTemplate(user, templateId, (err, template) => {
            if (err) {
                return next(err);
            }

            if (!template) {
                const error = new Error(`Cannot find template '${templateId}' of user '${user}'`);
                error.http_status = 404;
                return next(error);
            }
            // auth_id was added by ourselves,
            // so we remove it before returning to the user
            delete template.auth_id;

            res.statusCode = 200;
            res.body = { template };

            next();
        });
    };
}

function destroyTemplate ({ templateMaps }) {
    return function destroyTemplateMiddleware (req, res, next) {
        req.profiler.start('windshaft-cartodb.delete_template');

        const { user } = res.locals;
        const templateId = templateName(req.params.template_id);

        templateMaps.delTemplate(user, templateId, (err/* , tpl_val */) => {
            if (err) {
                return next(err);
            }

            res.statusCode = 204;
            res.body = '';

            next();
        });
    };
}

function listTemplates ({ templateMaps }) {
    return function listTemplatesMiddleware (req, res, next) {
        req.profiler.start('windshaft-cartodb.get_template_list');

        const { user } = res.locals;

        templateMaps.listTemplates(user, (err, templateIds) => {
            if (err) {
                return next(err);
            }

            res.statusCode = 200;
            res.body = { template_ids: templateIds };

            next();
        });
    };
}
Ensure each controller only receives one router 2018-03-29 01:11:19 +08:00			`const { templateName } = require('../../backends/template_maps');`
Move application middlewares to routers folder 2018-04-07 00:20:33 +08:00			`const credentials = require('../middlewares/credentials');`
			`const rateLimit = require('../middlewares/rate-limit');`
changing module exports and middleware name 2018-02-27 23:52:27 +08:00			`const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;`
get apikey token from request in named maps admin middleware 2018-02-15 22:20:52 +08:00
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`/**`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`* @param {AuthBackend} authBackend`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00			`* @param {PgConnection} pgConnection`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`* @param {TemplateMaps} templateMaps`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`* @constructor`
			`*/`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`function AdminTemplateController(authBackend, templateMaps, userLimitsBackend) {`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`this.authBackend = authBackend;`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`this.templateMaps = templateMaps;`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`this.userLimitsBackend = userLimitsBackend;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`}`

Ensure each controller only receives one router 2018-03-29 01:11:19 +08:00			`module.exports = AdminTemplateController;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Ensure each controller only receives one router 2018-03-29 01:11:19 +08:00			`AdminTemplateController.prototype.register = function (templateRouter) {`
Make cors middleware more generic and link it just to application level 2018-04-03 21:32:29 +08:00			templateRouter.options(`/:template_id`);

Use express routers 2018-03-28 00:46:54 +08:00			`templateRouter.post(`
			`/`,
Rename middleware 2018-03-16 23:28:50 +08:00			`credentials(),`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorizedByAPIKey({ authBackend: this.authBackend, action: 'create', label: 'POST TEMPLATE' }),`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_CREATE),`
Ensure each controller only receives one router 2018-03-29 01:11:19 +08:00			`checkContentType({ action: 'POST', label: 'POST TEMPLATE' }),`
Make send-response middleware generic to the router 2018-04-05 01:15:51 +08:00			`createTemplate({ templateMaps: this.templateMaps })`
Back to use just one router 2017-10-05 18:12:21 +08:00			`);`

Use express routers 2018-03-28 00:46:54 +08:00			`templateRouter.put(`
			`/:template_id`,
Rename middleware 2018-03-16 23:28:50 +08:00			`credentials(),`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorizedByAPIKey({ authBackend: this.authBackend, action: 'update', label: 'PUT TEMPLATE' }),`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_UPDATE),`
Ensure each controller only receives one router 2018-03-29 01:11:19 +08:00			`checkContentType({ action: 'PUT', label: 'PUT TEMPLATE' }),`
Make send-response middleware generic to the router 2018-04-05 01:15:51 +08:00			`updateTemplate({ templateMaps: this.templateMaps })`
Back to use just one router 2017-10-05 18:12:21 +08:00			`);`

Use express routers 2018-03-28 00:46:54 +08:00			`templateRouter.get(`
			`/:template_id`,
Rename middleware 2018-03-16 23:28:50 +08:00			`credentials(),`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorizedByAPIKey({ authBackend: this.authBackend, action: 'get', label: 'GET TEMPLATE' }),`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_GET),`
Make send-response middleware generic to the router 2018-04-05 01:15:51 +08:00			`retrieveTemplate({ templateMaps: this.templateMaps })`
Back to use just one router 2017-10-05 18:12:21 +08:00			`);`

Use express routers 2018-03-28 00:46:54 +08:00			`templateRouter.delete(`
			`/:template_id`,
Rename middleware 2018-03-16 23:28:50 +08:00			`credentials(),`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorizedByAPIKey({ authBackend: this.authBackend, action: 'delete', label: 'DELETE TEMPLATE' }),`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_DELETE),`
Make send-response middleware generic to the router 2018-04-05 01:15:51 +08:00			`destroyTemplate({ templateMaps: this.templateMaps })`
Back to use just one router 2017-10-05 18:12:21 +08:00			`);`
Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00
Use express routers 2018-03-28 00:46:54 +08:00			`templateRouter.get(`
			`/`,
Rename middleware 2018-03-16 23:28:50 +08:00			`credentials(),`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorizedByAPIKey({ authBackend: this.authBackend, action: 'list', label: 'GET TEMPLATE LIST' }),`
Rename user limits api by user limits backend 2018-04-10 16:16:07 +08:00			`rateLimit(this.userLimitsBackend, RATE_LIMIT_ENDPOINTS_GROUPS.NAMED_LIST),`
Make send-response middleware generic to the router 2018-04-05 01:15:51 +08:00			`listTemplates({ templateMaps: this.templateMaps })`
Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00			`);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Use objects instead of a list of parameters 2018-03-15 00:22:47 +08:00			`function checkContentType ({ action, label }) {`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`return function checkContentTypeMiddleware (req, res, next) {`
			`if (!req.is('application/json')) {`
			const error = new Error(`template ${action} data must be of type application/json`);
			`error.label = label;`
			`return next(error);`
			`}`
Create send response middleware 2018-03-13 20:31:49 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`next();`
			`};`
			`}`

Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`function authorizedByAPIKey ({ authBackend, action, label }) {`
Move to up intermediate middlewares 2017-12-29 22:19:52 +08:00			`return function authorizedByAPIKeyMiddleware (req, res, next) {`
			`const { user } = res.locals;`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00
Merge branch 'separate-routers' into improve-folder-structure 2018-04-10 22:15:49 +08:00			`authBackend.authorizedByAPIKey(user, res, (err, authenticated, apikey) => {`
Move to up intermediate middlewares 2017-12-29 22:19:52 +08:00			`if (err) {`
			`return next(err);`
			`}`

			`if (!authenticated) {`
			const error = new Error(`Only authenticated user can ${action} templated maps`);
			`error.http_status = 403;`
			`error.label = label;`
			`return next(error);`
			`}`

Forbid access to named map admin resources for everyone but master 2018-04-06 21:26:11 +08:00			`if (apikey.type !== 'master') {`
			`const error = new Error('Forbidden');`
			`error.type = 'auth';`
			`error.subtype = 'api-key-does-not-grant-access';`
			`error.http_status = 403;`

			`return next(error);`
			`}`

Move to up intermediate middlewares 2017-12-29 22:19:52 +08:00			`next();`
			`});`
			`};`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`}`
Move to up intermediate middlewares 2017-12-29 22:19:52 +08:00
Use objects instead of param list 2018-03-15 00:31:37 +08:00			`function createTemplate ({ templateMaps }) {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`return function createTemplateMiddleware (req, res, next) {`
Use spread assignment 2017-12-30 01:34:54 +08:00			`const { user } = res.locals;`
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const template = req.body;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`templateMaps.addTemplate(user, template, (err, templateId) => {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`if (err) {`
			`return next(err);`
			`}`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Set 404 as defautl status code and set the proper status code fir the response at very same time that the response body 2018-05-09 21:00:18 +08:00			`res.statusCode = 200;`
Create send response middleware 2018-03-13 20:31:49 +08:00			`res.body = { template_id: templateId };`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`next();`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`});`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`};`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Use objects instead of param list 2018-03-15 00:31:37 +08:00			`function updateTemplate ({ templateMaps }) {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`return function updateTemplateMiddleware (req, res, next) {`
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const { user } = res.locals;`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`const template = req.body;`
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const templateId = templateName(req.params.template_id);`
Now turbo-cartocss is also parsed in template modification. 2016-03-11 18:06:51 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`templateMaps.updTemplate(user, templateId, template, (err) => {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`if (err) {`
			`return next(err);`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Set 404 as defautl status code and set the proper status code fir the response at very same time that the response body 2018-05-09 21:00:18 +08:00			`res.statusCode = 200;`
Create send response middleware 2018-03-13 20:31:49 +08:00			`res.body = { template_id: templateId };`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`next();`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`});`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`};`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Use objects instead of param list 2018-03-15 00:31:37 +08:00			`function retrieveTemplate ({ templateMaps }) {`
Rename middleware function 2018-01-03 20:15:11 +08:00			`return function retrieveTemplateMiddleware (req, res, next) {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`req.profiler.start('windshaft-cartodb.get_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Use spread assignment 2017-12-30 01:34:54 +08:00			`const { user } = res.locals;`
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const templateId = templateName(req.params.template_id);`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`templateMaps.getTemplate(user, templateId, (err, template) => {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`if (err) {`
			`return next(err);`
			`}`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`if (!template) {`
Use spread assignment 2017-12-30 01:34:54 +08:00			const error = new Error(`Cannot find template '${templateId}' of user '${user}'`);
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`error.http_status = 404;`
			`return next(error);`
			`}`
			`// auth_id was added by ourselves,`
			`// so we remove it before returning to the user`
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`delete template.auth_id;`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Set 404 as defautl status code and set the proper status code fir the response at very same time that the response body 2018-05-09 21:00:18 +08:00			`res.statusCode = 200;`
Create send response middleware 2018-03-13 20:31:49 +08:00			`res.body = { template };`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`next();`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`});`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`};`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Use objects instead of param list 2018-03-15 00:31:37 +08:00			`function destroyTemplate ({ templateMaps }) {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`return function destroyTemplateMiddleware (req, res, next) {`
			`req.profiler.start('windshaft-cartodb.delete_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const { user } = res.locals;`
			`const templateId = templateName(req.params.template_id);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`templateMaps.delTemplate(user, templateId, (err/* , tpl_val */) => {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`if (err) {`
			`return next(err);`
			`}`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`res.statusCode = 204;`
			`res.body = '';`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`next();`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`});`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`};`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Use objects instead of param list 2018-03-15 00:31:37 +08:00			`function listTemplates ({ templateMaps }) {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`return function listTemplatesMiddleware (req, res, next) {`
			`req.profiler.start('windshaft-cartodb.get_template_list');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Avoid snake_case notation 2017-12-29 23:30:42 +08:00			`const { user } = res.locals;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`templateMaps.listTemplates(user, (err, templateIds) => {`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`if (err) {`
			`return next(err);`
			`}`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Set 404 as defautl status code and set the proper status code fir the response at very same time that the response body 2018-05-09 21:00:18 +08:00			`res.statusCode = 200;`
Create send response middleware 2018-03-13 20:31:49 +08:00			`res.body = { template_ids: templateIds };`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Create send response middleware 2018-03-13 20:31:49 +08:00			`next();`
Now main middlewares return a named function with the right context bound 2017-12-29 23:15:48 +08:00			`});`
Extract middlewares form controller's context 2018-03-13 20:12:18 +08:00			`};`
			`}`