Improve authorizedByAPIKey
This commit is contained in:
Raul Ochoa
parent
ccd3d0a3bf
commit
aa266f9b61
@ -171,7 +171,7 @@ NamedMapsController.prototype.create = function(req, res) {
|
|||||||
|
|
||||||
step(
|
step(
|
||||||
function checkPerms(){
|
function checkPerms(){
|
||||||
self.app.authorizedByAPIKey(req, this);
|
self.app.authorizedByAPIKey(cdbuser, req, this);
|
||||||
},
|
},
|
||||||
function addTemplate(err, authenticated) {
|
function addTemplate(err, authenticated) {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
@ -199,7 +199,7 @@ NamedMapsController.prototype.update = function(req, res) {
|
|||||||
var tpl_id;
|
var tpl_id;
|
||||||
step(
|
step(
|
||||||
function checkPerms(){
|
function checkPerms(){
|
||||||
self.app.authorizedByAPIKey(req, this);
|
self.app.authorizedByAPIKey(cdbuser, req, this);
|
||||||
},
|
},
|
||||||
function updateTemplate(err, authenticated) {
|
function updateTemplate(err, authenticated) {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
@ -233,7 +233,7 @@ NamedMapsController.prototype.retrieve = function(req, res) {
|
|||||||
var tpl_id;
|
var tpl_id;
|
||||||
step(
|
step(
|
||||||
function checkPerms(){
|
function checkPerms(){
|
||||||
self.app.authorizedByAPIKey(req, this);
|
self.app.authorizedByAPIKey(cdbuser, req, this);
|
||||||
},
|
},
|
||||||
function getTemplate(err, authenticated) {
|
function getTemplate(err, authenticated) {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
@ -271,7 +271,7 @@ NamedMapsController.prototype.destroy = function(req, res) {
|
|||||||
var tpl_id;
|
var tpl_id;
|
||||||
step(
|
step(
|
||||||
function checkPerms(){
|
function checkPerms(){
|
||||||
self.app.authorizedByAPIKey(req, this);
|
self.app.authorizedByAPIKey(cdbuser, req, this);
|
||||||
},
|
},
|
||||||
function deleteTemplate(err, authenticated) {
|
function deleteTemplate(err, authenticated) {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
@ -300,7 +300,7 @@ NamedMapsController.prototype.list = function(req, res) {
|
|||||||
|
|
||||||
step(
|
step(
|
||||||
function checkPerms(){
|
function checkPerms(){
|
||||||
self.app.authorizedByAPIKey(req, this);
|
self.app.authorizedByAPIKey(cdbuser, req, this);
|
||||||
},
|
},
|
||||||
function listTemplates(err, authenticated) {
|
function listTemplates(err, authenticated) {
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
@ -490,7 +490,7 @@ function finishFn(app, res, description, okResponse) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function ifUnauthenticated(authenticated, description) {
|
function ifUnauthenticated(authenticated, description) {
|
||||||
if (authenticated !== 1) {
|
if (!authenticated) {
|
||||||
var err = new Error(description);
|
var err = new Error(description);
|
||||||
err.http_status = 403;
|
err.http_status = 403;
|
||||||
throw err;
|
throw err;
|
||||||
|
|||||||
@ -805,11 +805,6 @@ module.exports = function(serverOptions) {
|
|||||||
var layergroup_id = req.params.token;
|
var layergroup_id = req.params.token;
|
||||||
var auth_token = req.params.auth_token;
|
var auth_token = req.params.auth_token;
|
||||||
|
|
||||||
var mapStore = req.app.mapStore;
|
|
||||||
if (!mapStore) {
|
|
||||||
throw new Error('Unable to retrieve map configuration token');
|
|
||||||
}
|
|
||||||
|
|
||||||
mapStore.load(layergroup_id, function(err, mapConfig) {
|
mapStore.load(layergroup_id, function(err, mapConfig) {
|
||||||
if (err) {
|
if (err) {
|
||||||
return callback(err);
|
return callback(err);
|
||||||
@ -823,29 +818,27 @@ module.exports = function(serverOptions) {
|
|||||||
|
|
||||||
// Check if a request is authorized by api_key
|
// Check if a request is authorized by api_key
|
||||||
//
|
//
|
||||||
|
// @param user
|
||||||
// @param req express request object
|
// @param req express request object
|
||||||
// @param callback function(err, authorized)
|
// @param callback function(err, authorized)
|
||||||
// NOTE: authorized is expected to be 0 or 1 (integer)
|
// NOTE: authorized is expected to be 0 or 1 (integer)
|
||||||
//
|
//
|
||||||
app.authorizedByAPIKey = function(req, callback) {
|
app.authorizedByAPIKey = function(user, req, callback) {
|
||||||
var givenKey = req.query.api_key || req.query.map_key;
|
var givenKey = req.query.api_key || req.query.map_key;
|
||||||
if ( ! givenKey && req.body ) {
|
if ( ! givenKey && req.body ) {
|
||||||
// check also in request body
|
// check also in request body
|
||||||
givenKey = req.body.api_key || req.body.map_key;
|
givenKey = req.body.api_key || req.body.map_key;
|
||||||
}
|
}
|
||||||
if ( ! givenKey ) {
|
if ( ! givenKey ) {
|
||||||
callback(null, 0); // no api key, no authorization...
|
return callback(null, 0); // no api key, no authorization...
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
//console.log("given ApiKey: " + givenKey);
|
|
||||||
var user = cdbRequest.userByReq(req);
|
|
||||||
step(
|
step(
|
||||||
function (){
|
function () {
|
||||||
metadataBackend.getUserMapKey(user, this);
|
metadataBackend.getUserMapKey(user, this);
|
||||||
},
|
},
|
||||||
function checkApiKey(err, val){
|
function checkApiKey(err, val){
|
||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
return ( val && givenKey == val ) ? 1 : 0;
|
return val && givenKey == val;
|
||||||
},
|
},
|
||||||
function finish(err, authorized) {
|
function finish(err, authorized) {
|
||||||
callback(err, authorized);
|
callback(err, authorized);
|
||||||
@ -865,7 +858,7 @@ module.exports = function(serverOptions) {
|
|||||||
|
|
||||||
step(
|
step(
|
||||||
function () {
|
function () {
|
||||||
self.authorizedByAPIKey(req, this);
|
self.authorizedByAPIKey(user, req, this);
|
||||||
},
|
},
|
||||||
function checkApiKey(err, authorized){
|
function checkApiKey(err, authorized){
|
||||||
if (req.profiler) {
|
if (req.profiler) {
|
||||||
@ -874,11 +867,9 @@ module.exports = function(serverOptions) {
|
|||||||
assert.ifError(err);
|
assert.ifError(err);
|
||||||
|
|
||||||
// if not authorized by api_key, continue
|
// if not authorized by api_key, continue
|
||||||
if (authorized !== 1) {
|
if (!authorized) {
|
||||||
// not authorized by api_key,
|
// not authorized by api_key, check if authorized by signer
|
||||||
// check if authorized by signer
|
return self.authorizedBySigner(req, this);
|
||||||
self.authorizedBySigner(req, this);
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// authorized by api key, login as the given username and stop
|
// authorized by api key, login as the given username and stop
|
||||||
@ -898,13 +889,11 @@ module.exports = function(serverOptions) {
|
|||||||
// PostgreSQL do the rest.
|
// PostgreSQL do the rest.
|
||||||
//
|
//
|
||||||
if ( ! req.params.signer ) {
|
if ( ! req.params.signer ) {
|
||||||
callback(null, true); // authorized so far
|
return callback(null, true); // authorized so far
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// if signer name was given, return no authorization
|
// if signer name was given, return no authorization
|
||||||
callback(null, false);
|
return callback(null, false);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pgConnection.setDBAuth(signed_by, req.params, function(err) {
|
pgConnection.setDBAuth(signed_by, req.params, function(err) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user