cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moving layergroup-token middleware to middlewarify style

Browse Source
This commit is contained in:
Simon 2017-09-27 16:32:49 +02:00
parent ac474cb253
commit 178b9e8563
3 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/cartodb/middleware/context/index.js
View File

@ -1,12 +1,12 @@
const cleanUpQueryParams = require('./clean-up-query-params'); const cleanUpQueryParams = require('./clean-up-query-params');
const parseTokenParam = require('./parse-token-param'); const layergroupToken = require('./layergroup-token');
const authorize = require('./authorize'); const authorize = require('./authorize');
const dbConnSetup = require('./db-conn-setup'); const dbConnSetup = require('./db-conn-setup');
module.exports = function prepareContextMiddleware(authApi, pgConnection) { module.exports = function prepareContextMiddleware(authApi, pgConnection) {
return [ return [
cleanUpQueryParams(), cleanUpQueryParams(),
parseTokenParam(), layergroupToken,
authorize(authApi), authorize(authApi),
dbConnSetup(pgConnection) dbConnSetup(pgConnection)
]; ];

19
lib/cartodb/middleware/layergroup-token.js → lib/cartodb/middleware/context/layergroup-token.js
View File

@ -1,4 +1,4 @@
var LayergroupToken = require('../models/layergroup-token'); var LayergroupToken = require('../../models/layergroup-token');
module.exports = function layergroupTokenMiddleware(req, res, next) { module.exports = function layergroupTokenMiddleware(req, res, next) {
if (!req.params.hasOwnProperty('token')) { if (!req.params.hasOwnProperty('token')) {
@ -16,18 +16,15 @@ module.exports = function layergroupTokenMiddleware(req, res, next) {
if (!req.params.signer) { if (!req.params.signer) {
req.params.signer = user; req.params.signer = user;
} else if (req.params.signer !== user) { } else if (req.params.signer !== user) {
var statusCode = 403; var err = new Error(`Cannot use map signature of user "${req.params.signer}" on db of user "${user}"`);
err.type = 'auth';
err.http_status = 403;
if (req.query && req.query.callback) { if (req.query && req.query.callback) {
statusCode = 200; err.http_status = 200;
} }
var errorMessage = `Cannot use map signature of user "${req.params.signer}" on db of user "{${user}"`;
return res.status(statusCode).json({ req.profiler.done('req2params');
errors: [errorMessage], return next(err);
errors_with_context: [{
type: 'auth',
message: errorMessage
}]
});
} }
} }

9
test/acceptance/ported/support/ported_server_options.js
View File

@ -1,6 +1,7 @@
var _ = require('underscore'); var _ = require('underscore');
var serverOptions = require('../../../../lib/cartodb/server_options'); var serverOptions = require('../../../../lib/cartodb/server_options');
var mapnik = require('windshaft').mapnik; var mapnik = require('windshaft').mapnik;
var LayergroupToken = require('../../../../lib/cartodb/models/layergroup-token');
var OverviewsQueryRewriter = require('../../../../lib/cartodb/utils/overviews_query_rewriter'); var OverviewsQueryRewriter = require('../../../../lib/cartodb/utils/overviews_query_rewriter');
var overviewsQueryRewriter = new OverviewsQueryRewriter({ var overviewsQueryRewriter = new OverviewsQueryRewriter({
zoom_level: 'CDB_ZoomFromScale(!scale_denominator!)' zoom_level: 'CDB_ZoomFromScale(!scale_denominator!)'
@ -56,11 +57,9 @@ module.exports = _.extend({}, serverOptions, {
// this is in case you want to test sql parameters eg ...png?sql=select * from my_table limit 10 // this is in case you want to test sql parameters eg ...png?sql=select * from my_table limit 10
req.params = _.extend({}, req.params); req.params = _.extend({}, req.params);
// We don't want to inherit Date.now() `cache_buster` as it is the default value if (req.params.token) {
// introduced by the middleware when no cache buster is found. req.params.token = LayergroupToken.parse(req.params.token).token;
// We are only interested in the `token` for the ported tests. }
delete req.params.cache_buster;
delete req.params.signer;
_.extend(req.params, req.query); _.extend(req.params, req.query);
req.params.user = 'localhost'; req.params.user = 'localhost';