diff --git a/lib/cartodb/controllers/named_maps.js b/lib/cartodb/controllers/named_maps.js index 551aa208..56aa8087 100644 --- a/lib/cartodb/controllers/named_maps.js +++ b/lib/cartodb/controllers/named_maps.js @@ -2,7 +2,6 @@ var step = require('step'); var assert = require('assert'); var _ = require('underscore'); var templateName = require('../backends/template_maps').templateName; -var CdbRequest = require('../models/cdb_request'); var NamedMapsCacheEntry = require('../cache/model/named_maps_entry'); var cors = require('../middleware/cors'); @@ -19,8 +18,6 @@ function NamedMapsController(app, templateMaps, metadataBackend, mapBackend, tem module.exports = NamedMapsController; -var cdbRequest = new CdbRequest(); - NamedMapsController.prototype.register = function(app) { app.get(this.templateBaseUrl + '/:template_id/:layer/:z/:x/:y.:format', cors(), this.tile.bind(this)); app.get(this.templateBaseUrl + '/:template_id/jsonp', cors(), this.jsonp.bind(this)); @@ -30,7 +27,7 @@ NamedMapsController.prototype.register = function(app) { NamedMapsController.prototype.tile = function(req, res) { var self = this; - var cdbUser = cdbRequest.userByReq(req); + var cdbUser = req.context.user; var template; var layergroupConfig; var layergroupId; @@ -190,7 +187,7 @@ NamedMapsController.prototype.jsonp = function(req, res) { try { config = JSON.parse(req.query.config); } catch(e) { - throw new Error('badformed config parameter, should be a valid JSON'); + throw new Error('Invalid config parameter, should be a valid JSON'); } } self.instantiateTemplate(req, res, config, this); @@ -216,7 +213,7 @@ NamedMapsController.prototype.instantiateTemplate = function(req, res, template_ var template; var layergroup; - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; var params = { user: req.params.user }; @@ -247,7 +244,7 @@ NamedMapsController.prototype.instantiateTemplate = function(req, res, template_ throw err; } if ( ! authorized ) { - err = new Error('Unauthorized template instanciation'); + err = new Error('Unauthorized template instantiation'); err.http_status = 403; throw err; } diff --git a/lib/cartodb/controllers/named_maps_admin.js b/lib/cartodb/controllers/named_maps_admin.js index 80dc9870..64a01ac4 100644 --- a/lib/cartodb/controllers/named_maps_admin.js +++ b/lib/cartodb/controllers/named_maps_admin.js @@ -2,7 +2,6 @@ var step = require('step'); var assert = require('assert'); var _ = require('underscore'); var templateName = require('../backends/template_maps').templateName; -var CdbRequest = require('../models/cdb_request'); var cors = require('../middleware/cors'); @@ -14,8 +13,6 @@ function NamedMapsAdminController(app, templateMaps, templateBaseUrl) { module.exports = NamedMapsAdminController; -var cdbRequest = new CdbRequest(); - NamedMapsAdminController.prototype.register = function(app) { app.post(this.templateBaseUrl, cors(), this.create.bind(this)); app.put(this.templateBaseUrl + '/:template_id', cors(), this.update.bind(this)); @@ -28,7 +25,7 @@ NamedMapsAdminController.prototype.register = function(app) { NamedMapsAdminController.prototype.create = function(req, res) { var self = this; - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; step( function checkPerms(){ @@ -52,7 +49,7 @@ NamedMapsAdminController.prototype.create = function(req, res) { NamedMapsAdminController.prototype.update = function(req, res) { var self = this; - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; var template; var tpl_id; step( @@ -84,7 +81,7 @@ NamedMapsAdminController.prototype.retrieve = function(req, res) { req.profiler.start('windshaft-cartodb.get_template'); } - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; var tpl_id; step( function checkPerms(){ @@ -120,7 +117,7 @@ NamedMapsAdminController.prototype.destroy = function(req, res) { req.profiler.start('windshaft-cartodb.delete_template'); } - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; var tpl_id; step( function checkPerms(){ @@ -147,7 +144,7 @@ NamedMapsAdminController.prototype.list = function(req, res) { req.profiler.start('windshaft-cartodb.get_template_list'); } - var cdbuser = cdbRequest.userByReq(req); + var cdbuser = req.context.user; step( function checkPerms(){ diff --git a/lib/cartodb/controllers/named_static_maps.js b/lib/cartodb/controllers/named_static_maps.js index 0694ddbd..06ac335e 100644 --- a/lib/cartodb/controllers/named_static_maps.js +++ b/lib/cartodb/controllers/named_static_maps.js @@ -1,7 +1,6 @@ var step = require('step'); var assert = require('assert'); var templateName = require('../backends/template_maps').templateName; -var CdbRequest = require('../models/cdb_request'); var NamedMapsCacheEntry = require('../cache/model/named_maps_entry'); var _ = require('underscore'); var cors = require('../middleware/cors'); @@ -20,8 +19,6 @@ function NamedStaticMapsController(app, serverOptions, templateMaps, mapBackend, module.exports = NamedStaticMapsController; -var cdbRequest = new CdbRequest(); - NamedStaticMapsController.prototype.register = function(app) { app.get( app.base_url_mapconfig + '/static/named/:template_id/:width/:height.:format', cors(), this.named.bind(this) @@ -31,7 +28,7 @@ NamedStaticMapsController.prototype.register = function(app) { NamedStaticMapsController.prototype.named = function(req, res) { var self = this; - var cdbUser = cdbRequest.userByReq(req); + var cdbUser = req.context.user; var format = req.params.format === 'jpg' ? 'jpeg' : 'png'; diff --git a/lib/cartodb/server.js b/lib/cartodb/server.js index 2281ff5d..c79ec2cf 100644 --- a/lib/cartodb/server.js +++ b/lib/cartodb/server.js @@ -165,14 +165,12 @@ module.exports = function(serverOptions) { ttl: 60000, // 60 seconds TTL by default statsInterval: 60000, // reports stats every milliseconds defined here beforeRendererCreate: function(req, callback) { - var user = cdbRequest.userByReq(req); - var rendererOptions = {}; step( function getLimits(err) { assert.ifError(err); - metadataBackend.getTilerRenderLimit(user, this); + metadataBackend.getTilerRenderLimit(req.context.user, this); }, function handleTilerLimits(err, renderLimit) { assert.ifError(err); @@ -210,10 +208,15 @@ module.exports = function(serverOptions) { * Routing ******************************************************************************************************************/ + app.all('*', function(req, res, next) { + req.context.user = cdbRequest.userByReq(req); + next(); + }); + var namedLayersAdapter = new MapConfigNamedLayersAdapter(templateMaps); var layergroupRequestDecorator = { beforeLayergroupCreate: function(req, requestMapConfig, callback) { - namedLayersAdapter.getLayers(cdbRequest.userByReq(req), requestMapConfig.layers, pgConnection, + namedLayersAdapter.getLayers(req.context.user, requestMapConfig.layers, pgConnection, function(err, layers, datasource) { if (err) { return callback(err); @@ -229,7 +232,7 @@ module.exports = function(serverOptions) { afterLayergroupCreate: function(req, mapconfig, response, callback) { var token = response.layergroupid; - var username = cdbRequest.userByReq(req); + var username = req.context.user; var tasksleft = 2; // redis key and affectedTables var errors = []; @@ -581,7 +584,7 @@ module.exports = function(serverOptions) { req.query = _.pick(req.query, REQUEST_QUERY_PARAMS_WHITELIST); req.params = _.extend({}, req.params); // shuffle things as request is a strange array/object - var user = cdbRequest.userByReq(req); + var user = req.context.user; if ( req.params.token ) { // Token might match the following patterns: @@ -726,7 +729,7 @@ module.exports = function(serverOptions) { throw new Error("this request doesn't need an X-Cache-Channel generated"); } - queryTablesApi.getAffectedTablesInQuery(cdbRequest.userByReq(req), sql, this); // in addCacheChannel + queryTablesApi.getAffectedTablesInQuery(req.context.user, sql, this); // in addCacheChannel }, function buildCacheChannel(err, tableNames) { assert.ifError(err); @@ -860,7 +863,7 @@ module.exports = function(serverOptions) { */ app.authorize = function(req, callback) { var self = this; - var user = cdbRequest.userByReq(req); + var user = req.context.user; step( function () { diff --git a/test/acceptance/ported/support/ported_server_options.js b/test/acceptance/ported/support/ported_server_options.js index a635fa51..b17eef6d 100644 --- a/test/acceptance/ported/support/ported_server_options.js +++ b/test/acceptance/ported/support/ported_server_options.js @@ -57,6 +57,7 @@ module.exports = _.extend({}, serverOptions, { _.extend(req.params, req.query); req.params.user = 'localhost'; + req.context = {user: 'localhost'}; req.params.dbuser = 'test_windshaft_publicuser'; if (req.params.dbname !== 'windshaft_test2') { req.params.dbuser = 'test_windshaft_cartodb_user_1'; diff --git a/test/unit/cartodb/req2params.test.js b/test/unit/cartodb/req2params.test.js index e9659461..d0c83416 100644 --- a/test/unit/cartodb/req2params.test.js +++ b/test/unit/cartodb/req2params.test.js @@ -18,8 +18,14 @@ suite('req2params', function() { assert.ok(_.isFunction(server.req2params)); }); + function addContext(req) { + req.context = { user: 'localhost' }; + return req; + } + test('cleans up request', function(done){ - server.req2params({headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}}, function(err, req) { + var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}}; + server.req2params(addContext(req), function(err, req) { if ( err ) { done(err); return; } assert.ok(_.isObject(req.query), 'request has query'); assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query'); @@ -32,7 +38,8 @@ suite('req2params', function() { }); test('sets dbname from redis metadata', function(done){ - server.req2params({headers: { host:'localhost' }, query: {} }, function(err, req) { + var req = {headers: { host:'localhost' }, query: {} }; + server.req2params(addContext(req), function(err, req) { if ( err ) { done(err); return; } //console.dir(req); assert.ok(_.isObject(req.query), 'request has query'); @@ -46,7 +53,8 @@ suite('req2params', function() { }); test('sets also dbuser for authenticated requests', function(done){ - server.req2params({headers: { host:'localhost' }, query: {map_key: '1234'} }, function(err, req) { + var req = {headers: { host:'localhost' }, query: {map_key: '1234'} }; + server.req2params(addContext(req), function(err, req) { if ( err ) { done(err); return; } //console.dir(req); assert.ok(_.isObject(req.query), 'request has query'); @@ -56,7 +64,7 @@ suite('req2params', function() { assert.equal(req.params.dbname, test_database); assert.equal(req.params.dbuser, test_user); - server.req2params({headers: { host:'localhost' }, query: {map_key: '1235'} }, function(err, req) { + server.req2params(addContext({headers: { host:'localhost' }, query: {map_key: '1235'} }), function(err, req) { // wrong key resets params to no user assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')'); done(); @@ -82,7 +90,7 @@ suite('req2params', function() { lzma: data } }; - server.req2params(req, function(err, req) { + server.req2params(addContext(req), function(err, req) { if ( err ) { return done(err); }