cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

res.locals in auth_api

Browse Source
This commit is contained in:
Simon Martín 2017-09-28 11:55:36 +02:00
parent ca612dd02a
commit 4a2cc6a5f8
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/cartodb/api/auth_api.js
View File

@ -26,15 +26,15 @@ module.exports = AuthApi;
// null if the request is not signed by anyone // null if the request is not signed by anyone
// or will be a string cartodb username otherwise. // or will be a string cartodb username otherwise.
// //
AuthApi.prototype.authorizedBySigner = function(req, callback) { AuthApi.prototype.authorizedBySigner = function(locals, callback) {
if ( ! req.params.token || ! req.params.signer ) { if ( ! locals.token || ! locals.signer ) {
return callback(null, false); // no signer requested return callback(null, false); // no signer requested
} }
var self = this; var self = this;
var layergroup_id = req.params.token; var layergroup_id = locals.token;
var auth_token = req.params.auth_token; var auth_token = locals.auth_token;
this.mapStore.load(layergroup_id, function(err, mapConfig) { this.mapStore.load(layergroup_id, function(err, mapConfig) {
if (err) { if (err) {
@ -86,7 +86,7 @@ AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
* @param req - standard req object. Importantly contains table and host information * @param req - standard req object. Importantly contains table and host information
* @param callback function(err, allowed) is access allowed not? * @param callback function(err, allowed) is access allowed not?
*/ */
AuthApi.prototype.authorize = function(req, callback) { AuthApi.prototype.authorize = function(req, res, callback) {
var self = this; var self = this;
var user = req.context.user; var user = req.context.user;
@ -101,11 +101,11 @@ AuthApi.prototype.authorize = function(req, callback) {
// if not authorized by api_key, continue // if not authorized by api_key, continue
if (!authorized) { if (!authorized) {
// not authorized by api_key, check if authorized by signer // not authorized by api_key, check if authorized by signer
return self.authorizedBySigner(req, this); return self.authorizedBySigner(res.locals, this);
} }
// authorized by api key, login as the given username and stop // authorized by api key, login as the given username and stop
self.pgConnection.setDBAuth(user, req.params, function(err) { self.pgConnection.setDBAuth(user, res.locals.db, function(err) {
callback(err, true); // authorized (or error) callback(err, true); // authorized (or error)
}); });
}, },
@ -120,7 +120,7 @@ AuthApi.prototype.authorize = function(req, callback) {
// if no signer name was given, let dbparams and // if no signer name was given, let dbparams and
// PostgreSQL do the rest. // PostgreSQL do the rest.
// //
if ( ! req.params.signer ) { if ( ! res.locals.signer ) {
return callback(null, true); // authorized so far return callback(null, true); // authorized so far
} }
@ -128,7 +128,7 @@ AuthApi.prototype.authorize = function(req, callback) {
return callback(null, false); return callback(null, false);
} }
self.pgConnection.setDBAuth(user, req.params, function(err) { self.pgConnection.setDBAuth(user, res.locals.db, function(err) {
req.profiler.done('setDBAuth'); req.profiler.done('setDBAuth');
callback(err, true); // authorized (or error) callback(err, true); // authorized (or error)
}); });