fixed sqlemu to return forbidden when table name contains "private" in its name

This commit is contained in:
javi 2014-01-28 12:04:10 +01:00
parent dc3d36e0a5
commit bdea9f10fc

View File

@ -1,5 +1,6 @@
var http = require('http'); var http = require('http');
var url = require('url'); var url = require('url');
var _ = require('underscore');
var o = function(port, cb) { var o = function(port, cb) {
@ -22,7 +23,6 @@ var o = function(port, cb) {
req.on('end', function() { req.on('end', function() {
//console.log("Data is: "); console.dir(data); //console.log("Data is: "); console.dir(data);
query = JSON.parse(data); query = JSON.parse(data);
//console.log("Parsed is: "); console.dir(query);
//console.log("handleQuery is " + that.handleQuery); //console.log("handleQuery is " + that.handleQuery);
that.handleQuery(query, res); that.handleQuery(query, res);
}); });
@ -45,15 +45,20 @@ o.prototype.handleQuery = function(query, res) {
}; };
res.write(JSON.stringify({rows: [ row ]})); res.write(JSON.stringify({rows: [ row ]}));
} else { } else {
var qs = JSON.stringify(query); if ( query.q.match('_private_') && query.api_key === undefined) {
var row = { res.statusCode = 403;
// This is the structure of the known query sent by tiler res.write(JSON.stringify({'error':'forbidden: ' + JSON.stringify(query)}));
'cdb_querytables': '{' + qs + '}', } else {
'max': qs var qs = JSON.stringify(query);
}; var row = {
var out_obj = {rows: [ row ]}; // This is the structure of the known query sent by tiler
var out = JSON.stringify(out_obj); 'cdb_querytables': '{' + qs + '}',
res.write(out); 'max': qs
};
var out_obj = {rows: [ row ]};
var out = JSON.stringify(out_obj);
res.write(out);
}
} }
res.end(); res.end();
}; };