Unifiy allowQueryParams and cleanUpQueryParams middlewares

This commit is contained in:
Daniel García Aubert 2018-03-16 14:03:59 +01:00
parent 7b11cdcb74
commit 0aa8d63a6e
5 changed files with 16 additions and 33 deletions

View File

@ -1,6 +1,5 @@
const cors = require('../middleware/cors'); const cors = require('../middleware/cors');
const userMiddleware = require('../middleware/user'); const userMiddleware = require('../middleware/user');
const allowQueryParams = require('../middleware/allow-query-params');
const vectorError = require('../middleware/vector-error'); const vectorError = require('../middleware/vector-error');
const locals = require('../middleware/locals'); const locals = require('../middleware/locals');
const cleanUpQueryParams = require('../middleware/clean-up-query-params'); const cleanUpQueryParams = require('../middleware/clean-up-query-params');
@ -154,9 +153,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/static/center/:token/:z/:lat/:lng/:width/:height.:format`, `${mapconfigBasePath}/static/center/:token/:z/:lat/:lng/:width/:height.:format`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(['layer']),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(['layer']),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),
@ -175,9 +173,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format`, `${mapconfigBasePath}/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(['layer']),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(['layer']),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),
@ -214,9 +211,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/dataview/:dataviewName`, `${mapconfigBasePath}/:token/dataview/:dataviewName`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),
@ -235,9 +231,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName`, `${mapconfigBasePath}/:token/:layer/widget/:dataviewName`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),
@ -256,9 +251,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/dataview/:dataviewName/search`, `${mapconfigBasePath}/:token/dataview/:dataviewName/search`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),
@ -277,9 +271,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName/search`, `${mapconfigBasePath}/:token/:layer/widget/:dataviewName/search`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),

View File

@ -6,7 +6,6 @@ const QueryTables = require('cartodb-query-tables');
const ResourceLocator = require('../models/resource-locator'); const ResourceLocator = require('../models/resource-locator');
const cors = require('../middleware/cors'); const cors = require('../middleware/cors');
const userMiddleware = require('../middleware/user'); const userMiddleware = require('../middleware/user');
const allowQueryParams = require('../middleware/allow-query-params');
const locals = require('../middleware/locals'); const locals = require('../middleware/locals');
const cleanUpQueryParams = require('../middleware/clean-up-query-params'); const cleanUpQueryParams = require('../middleware/clean-up-query-params');
const layergroupToken = require('../middleware/layergroup-token'); const layergroupToken = require('../middleware/layergroup-token');
@ -75,9 +74,8 @@ MapController.prototype.composeCreateMapMiddleware = function (useTemplate = fal
return [ return [
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(['aggregation']),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(['aggregation']),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),

View File

@ -7,7 +7,6 @@ const layergroupToken = require('../middleware/layergroup-token');
const credentials = require('../middleware/credentials'); const credentials = require('../middleware/credentials');
const dbConnSetup = require('../middleware/db-conn-setup'); const dbConnSetup = require('../middleware/db-conn-setup');
const authorize = require('../middleware/authorize'); const authorize = require('../middleware/authorize');
const allowQueryParams = require('../middleware/allow-query-params');
const vectorError = require('../middleware/vector-error'); const vectorError = require('../middleware/vector-error');
const DEFAULT_ZOOM_CENTER = { const DEFAULT_ZOOM_CENTER = {
@ -82,9 +81,8 @@ NamedMapsController.prototype.register = function(app) {
`${mapconfigBasePath}/static/named/:template_id/:width/:height.:format`, `${mapconfigBasePath}/static/named/:template_id/:width/:height.:format`,
cors(), cors(),
userMiddleware(), userMiddleware(),
allowQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
locals(), locals(),
cleanUpQueryParams(), cleanUpQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
layergroupToken(), layergroupToken(),
credentials(), credentials(),
authorize(this.authApi), authorize(this.authApi),

View File

@ -1,10 +0,0 @@
module.exports = function allowQueryParams (params) {
if (!Array.isArray(params)) {
throw new Error('allowQueryParams must receive an Array of params');
}
return function allowQueryParamsMiddleware (req, res, next) {
res.locals.allowedQueryParams = params;
next();
};
};

View File

@ -14,12 +14,16 @@ const REQUEST_QUERY_PARAMS_WHITELIST = [
'filters' // json 'filters' // json
]; ];
module.exports = function cleanUpQueryParamsMiddleware () { module.exports = function cleanUpQueryParamsMiddleware (customQueryParams = []) {
if (!Array.isArray(customQueryParams)) {
throw new Error('customQueryParams must receive an Array of params');
}
return function cleanUpQueryParams (req, res, next) { return function cleanUpQueryParams (req, res, next) {
var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST; var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST;
if (Array.isArray(res.locals.allowedQueryParams)) { if (Array.isArray(customQueryParams)) {
allowedQueryParams = allowedQueryParams.concat(res.locals.allowedQueryParams); allowedQueryParams = allowedQueryParams.concat(customQueryParams);
} }
req.query = _.pick(req.query, allowedQueryParams); req.query = _.pick(req.query, allowedQueryParams);