Unifiy allowQueryParams and cleanUpQueryParams middlewares

This commit is contained in:
Daniel García Aubert 2018-03-16 14:03:59 +01:00
parent 7b11cdcb74
commit 0aa8d63a6e
5 changed files with 16 additions and 33 deletions

View File

@ -1,6 +1,5 @@
const cors = require('../middleware/cors');
const userMiddleware = require('../middleware/user');
const allowQueryParams = require('../middleware/allow-query-params');
const vectorError = require('../middleware/vector-error');
const locals = require('../middleware/locals');
const cleanUpQueryParams = require('../middleware/clean-up-query-params');
@ -154,9 +153,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/static/center/:token/:z/:lat/:lng/:width/:height.:format`,
cors(),
userMiddleware(),
allowQueryParams(['layer']),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(['layer']),
layergroupToken(),
credentials(),
authorize(this.authApi),
@ -175,9 +173,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format`,
cors(),
userMiddleware(),
allowQueryParams(['layer']),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(['layer']),
layergroupToken(),
credentials(),
authorize(this.authApi),
@ -214,9 +211,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/dataview/:dataviewName`,
cors(),
userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(),
credentials(),
authorize(this.authApi),
@ -235,9 +231,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName`,
cors(),
userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(),
credentials(),
authorize(this.authApi),
@ -256,9 +251,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/dataview/:dataviewName/search`,
cors(),
userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(),
credentials(),
authorize(this.authApi),
@ -277,9 +271,8 @@ LayergroupController.prototype.register = function(app) {
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName/search`,
cors(),
userMiddleware(),
allowQueryParams(allowedDataviewQueryParams),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(allowedDataviewQueryParams),
layergroupToken(),
credentials(),
authorize(this.authApi),

View File

@ -6,7 +6,6 @@ const QueryTables = require('cartodb-query-tables');
const ResourceLocator = require('../models/resource-locator');
const cors = require('../middleware/cors');
const userMiddleware = require('../middleware/user');
const allowQueryParams = require('../middleware/allow-query-params');
const locals = require('../middleware/locals');
const cleanUpQueryParams = require('../middleware/clean-up-query-params');
const layergroupToken = require('../middleware/layergroup-token');
@ -75,9 +74,8 @@ MapController.prototype.composeCreateMapMiddleware = function (useTemplate = fal
return [
cors(),
userMiddleware(),
allowQueryParams(['aggregation']),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(['aggregation']),
layergroupToken(),
credentials(),
authorize(this.authApi),

View File

@ -7,7 +7,6 @@ const layergroupToken = require('../middleware/layergroup-token');
const credentials = require('../middleware/credentials');
const dbConnSetup = require('../middleware/db-conn-setup');
const authorize = require('../middleware/authorize');
const allowQueryParams = require('../middleware/allow-query-params');
const vectorError = require('../middleware/vector-error');
const DEFAULT_ZOOM_CENTER = {
@ -82,9 +81,8 @@ NamedMapsController.prototype.register = function(app) {
`${mapconfigBasePath}/static/named/:template_id/:width/:height.:format`,
cors(),
userMiddleware(),
allowQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
locals(),
cleanUpQueryParams(),
cleanUpQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
layergroupToken(),
credentials(),
authorize(this.authApi),

View File

@ -1,10 +0,0 @@
module.exports = function allowQueryParams (params) {
if (!Array.isArray(params)) {
throw new Error('allowQueryParams must receive an Array of params');
}
return function allowQueryParamsMiddleware (req, res, next) {
res.locals.allowedQueryParams = params;
next();
};
};

View File

@ -14,12 +14,16 @@ const REQUEST_QUERY_PARAMS_WHITELIST = [
'filters' // json
];
module.exports = function cleanUpQueryParamsMiddleware () {
module.exports = function cleanUpQueryParamsMiddleware (customQueryParams = []) {
if (!Array.isArray(customQueryParams)) {
throw new Error('customQueryParams must receive an Array of params');
}
return function cleanUpQueryParams (req, res, next) {
var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST;
if (Array.isArray(res.locals.allowedQueryParams)) {
allowedQueryParams = allowedQueryParams.concat(res.locals.allowedQueryParams);
if (Array.isArray(customQueryParams)) {
allowedQueryParams = allowedQueryParams.concat(customQueryParams);
}
req.query = _.pick(req.query, allowedQueryParams);