Unifiy allowQueryParams and cleanUpQueryParams middlewares

lib/cartodb/controllers/layergroup.js

@@ -1,6 +1,5 @@
 const cors = require('../middleware/cors');
 const userMiddleware = require('../middleware/user');
-const allowQueryParams = require('../middleware/allow-query-params');
 const vectorError = require('../middleware/vector-error');
 const locals = require('../middleware/locals');
 const cleanUpQueryParams = require('../middleware/clean-up-query-params');
@@ -154,9 +153,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/static/center/:token/:z/:lat/:lng/:width/:height.:format`,
         cors(),
         userMiddleware(),
-        allowQueryParams(['layer']),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(['layer']),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),
@@ -175,9 +173,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format`,
         cors(),
         userMiddleware(),
-        allowQueryParams(['layer']),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(['layer']),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),
@@ -214,9 +211,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/:token/dataview/:dataviewName`,
         cors(),
         userMiddleware(),
-        allowQueryParams(allowedDataviewQueryParams),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(allowedDataviewQueryParams),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),
@@ -235,9 +231,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/:token/:layer/widget/:dataviewName`,
         cors(),
         userMiddleware(),
-        allowQueryParams(allowedDataviewQueryParams),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(allowedDataviewQueryParams),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),
@@ -256,9 +251,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/:token/dataview/:dataviewName/search`,
         cors(),
         userMiddleware(),
-        allowQueryParams(allowedDataviewQueryParams),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(allowedDataviewQueryParams),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),
@@ -277,9 +271,8 @@ LayergroupController.prototype.register = function(app) {
         `${mapconfigBasePath}/:token/:layer/widget/:dataviewName/search`,
         cors(),
         userMiddleware(),
-        allowQueryParams(allowedDataviewQueryParams),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(allowedDataviewQueryParams),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),

lib/cartodb/controllers/map.js

@@ -6,7 +6,6 @@ const QueryTables = require('cartodb-query-tables');
 const ResourceLocator = require('../models/resource-locator');
 const cors = require('../middleware/cors');
 const userMiddleware = require('../middleware/user');
-const allowQueryParams = require('../middleware/allow-query-params');
 const locals = require('../middleware/locals');
 const cleanUpQueryParams = require('../middleware/clean-up-query-params');
 const layergroupToken = require('../middleware/layergroup-token');
@@ -75,9 +74,8 @@ MapController.prototype.composeCreateMapMiddleware = function (useTemplate = fal
     return [
         cors(),
         userMiddleware(),
-        allowQueryParams(['aggregation']),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(['aggregation']),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),

lib/cartodb/controllers/named_maps.js

@@ -7,7 +7,6 @@ const layergroupToken = require('../middleware/layergroup-token');
 const credentials = require('../middleware/credentials');
 const dbConnSetup = require('../middleware/db-conn-setup');
 const authorize = require('../middleware/authorize');
-const allowQueryParams = require('../middleware/allow-query-params');
 const vectorError = require('../middleware/vector-error');
 
 const DEFAULT_ZOOM_CENTER = {
@@ -82,9 +81,8 @@ NamedMapsController.prototype.register = function(app) {
         `${mapconfigBasePath}/static/named/:template_id/:width/:height.:format`,
         cors(),
         userMiddleware(),
-        allowQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
         locals(),
-        cleanUpQueryParams(),
+        cleanUpQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
         layergroupToken(),
         credentials(),
         authorize(this.authApi),

lib/cartodb/middleware/allow-query-params.js

@@ -1,10 +0,0 @@
-module.exports = function allowQueryParams (params) {
-    if (!Array.isArray(params)) {
-        throw new Error('allowQueryParams must receive an Array of params');
-    }
-
-    return function allowQueryParamsMiddleware (req, res, next) {
-        res.locals.allowedQueryParams = params;
-        next();
-    };
-};

lib/cartodb/middleware/clean-up-query-params.js

@@ -14,12 +14,16 @@ const REQUEST_QUERY_PARAMS_WHITELIST = [
     'filters' // json
 ];
 
-module.exports = function cleanUpQueryParamsMiddleware () {
+module.exports = function cleanUpQueryParamsMiddleware (customQueryParams = []) {
+    if (!Array.isArray(customQueryParams)) {
+        throw new Error('customQueryParams must receive an Array of params');
+    }
+
     return function cleanUpQueryParams (req, res, next) {
         var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST;
 
-        if (Array.isArray(res.locals.allowedQueryParams)) {
+        if (Array.isArray(customQueryParams)) {
-            allowedQueryParams = allowedQueryParams.concat(res.locals.allowedQueryParams);
+            allowedQueryParams = allowedQueryParams.concat(customQueryParams);
         }
 
         req.query = _.pick(req.query, allowedQueryParams);