res.locals in auth_api

2017-09-28 11:55:36 +02:00 · 2017-09-28 11:55:36 +02:00 · 4a2cc6a5f8
commit 4a2cc6a5f8
parent ca612dd02a
1 changed files with 9 additions and 9 deletions
--- a/lib/cartodb/api/auth_api.js
+++ b/lib/cartodb/api/auth_api.js
@ -26,15 +26,15 @@ module.exports = AuthApi;
 //                 null if the request is not signed by anyone
 //                 or will be a string cartodb username otherwise.
 //
-AuthApi.prototype.authorizedBySigner = function(req, callback) {
-    if ( ! req.params.token || ! req.params.signer ) {
+AuthApi.prototype.authorizedBySigner = function(locals, callback) {
+    if ( ! locals.token || ! locals.signer ) {
        return callback(null, false); // no signer requested
    }

    var self = this;

-    var layergroup_id = req.params.token;
-    var auth_token = req.params.auth_token;
+    var layergroup_id = locals.token;
+    var auth_token = locals.auth_token;

    this.mapStore.load(layergroup_id, function(err, mapConfig) {
        if (err) {
@ -86,7 +86,7 @@ AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
 * @param req - standard req object. Importantly contains table and host information
 * @param callback function(err, allowed) is access allowed not?
 */
-AuthApi.prototype.authorize = function(req, callback) {
+AuthApi.prototype.authorize = function(req, res, callback) {
    var self = this;
    var user = req.context.user;

@ -101,11 +101,11 @@ AuthApi.prototype.authorize = function(req, callback) {
            // if not authorized by api_key, continue
            if (!authorized)  {
                // not authorized by api_key, check if authorized by signer
-                return self.authorizedBySigner(req, this);
+                return self.authorizedBySigner(res.locals, this);
            }

            // authorized by api key, login as the given username and stop
-            self.pgConnection.setDBAuth(user, req.params, function(err) {
+            self.pgConnection.setDBAuth(user, res.locals.db, function(err) {
                callback(err, true); // authorized (or error)
            });
        },
@ -120,7 +120,7 @@ AuthApi.prototype.authorize = function(req, callback) {
                // if no signer name was given, let dbparams and
                // PostgreSQL do the rest.
                //
-                if ( ! req.params.signer ) {
+                if ( ! res.locals.signer ) {
                    return callback(null, true); // authorized so far
                }

@ -128,7 +128,7 @@ AuthApi.prototype.authorize = function(req, callback) {
                return callback(null, false);
            }

-            self.pgConnection.setDBAuth(user, req.params, function(err) {
+            self.pgConnection.setDBAuth(user, res.locals.db, function(err) {
                req.profiler.done('setDBAuth');
                callback(err, true); // authorized (or error)
            });