Windshaft-cartodb/lib/api/middlewares/layergroup-token.js

'use strict';

const LayergroupToken = require('../../models/layergroup-token');
const authErrorMessageTemplate = function (signer, user) {
    return `Cannot use map signature of user "${signer}" on db of user "${user}"`;
};

module.exports = function layergroupToken () {
    return function layergroupTokenMiddleware (req, res, next) {
        const user = res.locals.user;
        const layergroupToken = LayergroupToken.parse(req.params.token);

        res.locals.token = layergroupToken.token;
        res.locals.cache_buster = layergroupToken.cacheBuster;

        if (layergroupToken.templateHash) {
            res.locals.templateHash = layergroupToken.templateHash;
        }

        if (layergroupToken.signer) {
            res.locals.signer = layergroupToken.signer;

            if (res.locals.signer !== user) {
                const err = new Error(authErrorMessageTemplate(res.locals.signer, user));
                err.type = 'auth';
                err.http_status = (req.query && req.query.callback) ? 200 : 403;

                return next(err);
            }
        }

        return next();
    };
};
Use strict mode in modules under lib folder (except lib/cartodb/models/resource-locator.js) 2018-10-23 23:45:42 +08:00			`'use strict';`

Move application middlewares to routers folder 2018-04-07 00:20:33 +08:00			`const LayergroupToken = require('../../models/layergroup-token');`
ES6 goodies 2018-03-02 20:29:30 +08:00			`const authErrorMessageTemplate = function (signer, user) {`
			return `Cannot use map signature of user "${signer}" on db of user "${user}"`;
			`};`

Follow middleware pattern 2018-03-02 01:09:49 +08:00			`module.exports = function layergroupToken () {`
Missing space before paramenter list 2018-03-02 20:08:57 +08:00			`return function layergroupTokenMiddleware (req, res, next) {`
ES6 goodies 2018-03-02 20:29:30 +08:00			`const user = res.locals.user;`
Do not use locals middleware in layergroup controller 2018-03-23 21:13:27 +08:00			`const layergroupToken = LayergroupToken.parse(req.params.token);`
Layergroup Token parsing as middleware Reuses LayergroupToken model from tests. 2017-09-22 20:05:40 +08:00
Follow middleware pattern 2018-03-02 01:09:49 +08:00			`res.locals.token = layergroupToken.token;`
			`res.locals.cache_buster = layergroupToken.cacheBuster;`
Layergroup Token parsing as middleware Reuses LayergroupToken model from tests. 2017-09-22 20:05:40 +08:00
Send template_hash as part of the metrics event 2020-04-29 23:26:33 +08:00			`if (layergroupToken.templateHash) {`
			`res.locals.templateHash = layergroupToken.templateHash;`
			`}`

Follow middleware pattern 2018-03-02 01:09:49 +08:00			`if (layergroupToken.signer) {`
			`res.locals.signer = layergroupToken.signer;`
ES6 goodies 2018-03-02 20:29:30 +08:00
Remove unreachable code 2018-03-02 20:14:02 +08:00			`if (res.locals.signer !== user) {`
ES6 goodies 2018-03-02 20:29:30 +08:00			`const err = new Error(authErrorMessageTemplate(res.locals.signer, user));`
Follow middleware pattern 2018-03-02 01:09:49 +08:00			`err.type = 'auth';`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`err.http_status = (req.query && req.query.callback) ? 200 : 403;`
Follow middleware pattern 2018-03-02 01:09:49 +08:00
			`return next(err);`
Layergroup Token parsing as middleware Reuses LayergroupToken model from tests. 2017-09-22 20:05:40 +08:00			`}`
			`}`

Follow middleware pattern 2018-03-02 01:09:49 +08:00			`return next();`
			`};`
Layergroup Token parsing as middleware Reuses LayergroupToken model from tests. 2017-09-22 20:05:40 +08:00			`};`