Unifiy allowQueryParams and cleanUpQueryParams middlewares
This commit is contained in:
parent
7b11cdcb74
commit
0aa8d63a6e
@ -1,6 +1,5 @@
|
||||
const cors = require('../middleware/cors');
|
||||
const userMiddleware = require('../middleware/user');
|
||||
const allowQueryParams = require('../middleware/allow-query-params');
|
||||
const vectorError = require('../middleware/vector-error');
|
||||
const locals = require('../middleware/locals');
|
||||
const cleanUpQueryParams = require('../middleware/clean-up-query-params');
|
||||
@ -154,9 +153,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/static/center/:token/:z/:lat/:lng/:width/:height.:format`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(['layer']),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(['layer']),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
@ -175,9 +173,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(['layer']),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(['layer']),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
@ -214,9 +211,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/:token/dataview/:dataviewName`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(allowedDataviewQueryParams),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(allowedDataviewQueryParams),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
@ -235,9 +231,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(allowedDataviewQueryParams),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(allowedDataviewQueryParams),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
@ -256,9 +251,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/:token/dataview/:dataviewName/search`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(allowedDataviewQueryParams),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(allowedDataviewQueryParams),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
@ -277,9 +271,8 @@ LayergroupController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/:token/:layer/widget/:dataviewName/search`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(allowedDataviewQueryParams),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(allowedDataviewQueryParams),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
|
@ -6,7 +6,6 @@ const QueryTables = require('cartodb-query-tables');
|
||||
const ResourceLocator = require('../models/resource-locator');
|
||||
const cors = require('../middleware/cors');
|
||||
const userMiddleware = require('../middleware/user');
|
||||
const allowQueryParams = require('../middleware/allow-query-params');
|
||||
const locals = require('../middleware/locals');
|
||||
const cleanUpQueryParams = require('../middleware/clean-up-query-params');
|
||||
const layergroupToken = require('../middleware/layergroup-token');
|
||||
@ -75,9 +74,8 @@ MapController.prototype.composeCreateMapMiddleware = function (useTemplate = fal
|
||||
return [
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(['aggregation']),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(['aggregation']),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
|
@ -7,7 +7,6 @@ const layergroupToken = require('../middleware/layergroup-token');
|
||||
const credentials = require('../middleware/credentials');
|
||||
const dbConnSetup = require('../middleware/db-conn-setup');
|
||||
const authorize = require('../middleware/authorize');
|
||||
const allowQueryParams = require('../middleware/allow-query-params');
|
||||
const vectorError = require('../middleware/vector-error');
|
||||
|
||||
const DEFAULT_ZOOM_CENTER = {
|
||||
@ -82,9 +81,8 @@ NamedMapsController.prototype.register = function(app) {
|
||||
`${mapconfigBasePath}/static/named/:template_id/:width/:height.:format`,
|
||||
cors(),
|
||||
userMiddleware(),
|
||||
allowQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
|
||||
locals(),
|
||||
cleanUpQueryParams(),
|
||||
cleanUpQueryParams(['layer', 'zoom', 'lon', 'lat', 'bbox']),
|
||||
layergroupToken(),
|
||||
credentials(),
|
||||
authorize(this.authApi),
|
||||
|
@ -1,10 +0,0 @@
|
||||
module.exports = function allowQueryParams (params) {
|
||||
if (!Array.isArray(params)) {
|
||||
throw new Error('allowQueryParams must receive an Array of params');
|
||||
}
|
||||
|
||||
return function allowQueryParamsMiddleware (req, res, next) {
|
||||
res.locals.allowedQueryParams = params;
|
||||
next();
|
||||
};
|
||||
};
|
@ -14,12 +14,16 @@ const REQUEST_QUERY_PARAMS_WHITELIST = [
|
||||
'filters' // json
|
||||
];
|
||||
|
||||
module.exports = function cleanUpQueryParamsMiddleware () {
|
||||
module.exports = function cleanUpQueryParamsMiddleware (customQueryParams = []) {
|
||||
if (!Array.isArray(customQueryParams)) {
|
||||
throw new Error('customQueryParams must receive an Array of params');
|
||||
}
|
||||
|
||||
return function cleanUpQueryParams (req, res, next) {
|
||||
var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST;
|
||||
|
||||
if (Array.isArray(res.locals.allowedQueryParams)) {
|
||||
allowedQueryParams = allowedQueryParams.concat(res.locals.allowedQueryParams);
|
||||
if (Array.isArray(customQueryParams)) {
|
||||
allowedQueryParams = allowedQueryParams.concat(customQueryParams);
|
||||
}
|
||||
|
||||
req.query = _.pick(req.query, allowedQueryParams);
|
||||
|
Loading…
Reference in New Issue
Block a user