Context with user
This commit is contained in:
Raul Ochoa
parent
ac3afd5695
commit
c81048312d
@ -2,7 +2,6 @@ var step = require('step');
|
||||
var assert = require('assert');
|
||||
var _ = require('underscore');
|
||||
var templateName = require('../backends/template_maps').templateName;
|
||||
var CdbRequest = require('../models/cdb_request');
|
||||
var NamedMapsCacheEntry = require('../cache/model/named_maps_entry');
|
||||
var cors = require('../middleware/cors');
|
||||
|
||||
@ -19,8 +18,6 @@ function NamedMapsController(app, templateMaps, metadataBackend, mapBackend, tem
|
||||
|
||||
module.exports = NamedMapsController;
|
||||
|
||||
var cdbRequest = new CdbRequest();
|
||||
|
||||
NamedMapsController.prototype.register = function(app) {
|
||||
app.get(this.templateBaseUrl + '/:template_id/:layer/:z/:x/:y.:format', cors(), this.tile.bind(this));
|
||||
app.get(this.templateBaseUrl + '/:template_id/jsonp', cors(), this.jsonp.bind(this));
|
||||
@ -30,7 +27,7 @@ NamedMapsController.prototype.register = function(app) {
|
||||
NamedMapsController.prototype.tile = function(req, res) {
|
||||
var self = this;
|
||||
|
||||
var cdbUser = cdbRequest.userByReq(req);
|
||||
var cdbUser = req.context.user;
|
||||
var template;
|
||||
var layergroupConfig;
|
||||
var layergroupId;
|
||||
@ -190,7 +187,7 @@ NamedMapsController.prototype.jsonp = function(req, res) {
|
||||
try {
|
||||
config = JSON.parse(req.query.config);
|
||||
} catch(e) {
|
||||
throw new Error('badformed config parameter, should be a valid JSON');
|
||||
throw new Error('Invalid config parameter, should be a valid JSON');
|
||||
}
|
||||
}
|
||||
self.instantiateTemplate(req, res, config, this);
|
||||
@ -216,7 +213,7 @@ NamedMapsController.prototype.instantiateTemplate = function(req, res, template_
|
||||
|
||||
var template;
|
||||
var layergroup;
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
var params = {
|
||||
user: req.params.user
|
||||
};
|
||||
@ -247,7 +244,7 @@ NamedMapsController.prototype.instantiateTemplate = function(req, res, template_
|
||||
throw err;
|
||||
}
|
||||
if ( ! authorized ) {
|
||||
err = new Error('Unauthorized template instanciation');
|
||||
err = new Error('Unauthorized template instantiation');
|
||||
err.http_status = 403;
|
||||
throw err;
|
||||
}
|
||||
|
||||
@ -2,7 +2,6 @@ var step = require('step');
|
||||
var assert = require('assert');
|
||||
var _ = require('underscore');
|
||||
var templateName = require('../backends/template_maps').templateName;
|
||||
var CdbRequest = require('../models/cdb_request');
|
||||
var cors = require('../middleware/cors');
|
||||
|
||||
|
||||
@ -14,8 +13,6 @@ function NamedMapsAdminController(app, templateMaps, templateBaseUrl) {
|
||||
|
||||
module.exports = NamedMapsAdminController;
|
||||
|
||||
var cdbRequest = new CdbRequest();
|
||||
|
||||
NamedMapsAdminController.prototype.register = function(app) {
|
||||
app.post(this.templateBaseUrl, cors(), this.create.bind(this));
|
||||
app.put(this.templateBaseUrl + '/:template_id', cors(), this.update.bind(this));
|
||||
@ -28,7 +25,7 @@ NamedMapsAdminController.prototype.register = function(app) {
|
||||
NamedMapsAdminController.prototype.create = function(req, res) {
|
||||
var self = this;
|
||||
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
|
||||
step(
|
||||
function checkPerms(){
|
||||
@ -52,7 +49,7 @@ NamedMapsAdminController.prototype.create = function(req, res) {
|
||||
NamedMapsAdminController.prototype.update = function(req, res) {
|
||||
var self = this;
|
||||
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
var template;
|
||||
var tpl_id;
|
||||
step(
|
||||
@ -84,7 +81,7 @@ NamedMapsAdminController.prototype.retrieve = function(req, res) {
|
||||
req.profiler.start('windshaft-cartodb.get_template');
|
||||
}
|
||||
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
var tpl_id;
|
||||
step(
|
||||
function checkPerms(){
|
||||
@ -120,7 +117,7 @@ NamedMapsAdminController.prototype.destroy = function(req, res) {
|
||||
req.profiler.start('windshaft-cartodb.delete_template');
|
||||
}
|
||||
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
var tpl_id;
|
||||
step(
|
||||
function checkPerms(){
|
||||
@ -147,7 +144,7 @@ NamedMapsAdminController.prototype.list = function(req, res) {
|
||||
req.profiler.start('windshaft-cartodb.get_template_list');
|
||||
}
|
||||
|
||||
var cdbuser = cdbRequest.userByReq(req);
|
||||
var cdbuser = req.context.user;
|
||||
|
||||
step(
|
||||
function checkPerms(){
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
var step = require('step');
|
||||
var assert = require('assert');
|
||||
var templateName = require('../backends/template_maps').templateName;
|
||||
var CdbRequest = require('../models/cdb_request');
|
||||
var NamedMapsCacheEntry = require('../cache/model/named_maps_entry');
|
||||
var _ = require('underscore');
|
||||
var cors = require('../middleware/cors');
|
||||
@ -20,8 +19,6 @@ function NamedStaticMapsController(app, serverOptions, templateMaps, mapBackend,
|
||||
|
||||
module.exports = NamedStaticMapsController;
|
||||
|
||||
var cdbRequest = new CdbRequest();
|
||||
|
||||
NamedStaticMapsController.prototype.register = function(app) {
|
||||
app.get(
|
||||
app.base_url_mapconfig + '/static/named/:template_id/:width/:height.:format', cors(), this.named.bind(this)
|
||||
@ -31,7 +28,7 @@ NamedStaticMapsController.prototype.register = function(app) {
|
||||
NamedStaticMapsController.prototype.named = function(req, res) {
|
||||
var self = this;
|
||||
|
||||
var cdbUser = cdbRequest.userByReq(req);
|
||||
var cdbUser = req.context.user;
|
||||
|
||||
var format = req.params.format === 'jpg' ? 'jpeg' : 'png';
|
||||
|
||||
|
||||
@ -165,14 +165,12 @@ module.exports = function(serverOptions) {
|
||||
ttl: 60000, // 60 seconds TTL by default
|
||||
statsInterval: 60000, // reports stats every milliseconds defined here
|
||||
beforeRendererCreate: function(req, callback) {
|
||||
var user = cdbRequest.userByReq(req);
|
||||
|
||||
var rendererOptions = {};
|
||||
|
||||
step(
|
||||
function getLimits(err) {
|
||||
assert.ifError(err);
|
||||
metadataBackend.getTilerRenderLimit(user, this);
|
||||
metadataBackend.getTilerRenderLimit(req.context.user, this);
|
||||
},
|
||||
function handleTilerLimits(err, renderLimit) {
|
||||
assert.ifError(err);
|
||||
@ -210,10 +208,15 @@ module.exports = function(serverOptions) {
|
||||
* Routing
|
||||
******************************************************************************************************************/
|
||||
|
||||
app.all('*', function(req, res, next) {
|
||||
req.context.user = cdbRequest.userByReq(req);
|
||||
next();
|
||||
});
|
||||
|
||||
var namedLayersAdapter = new MapConfigNamedLayersAdapter(templateMaps);
|
||||
var layergroupRequestDecorator = {
|
||||
beforeLayergroupCreate: function(req, requestMapConfig, callback) {
|
||||
namedLayersAdapter.getLayers(cdbRequest.userByReq(req), requestMapConfig.layers, pgConnection,
|
||||
namedLayersAdapter.getLayers(req.context.user, requestMapConfig.layers, pgConnection,
|
||||
function(err, layers, datasource) {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
@ -229,7 +232,7 @@ module.exports = function(serverOptions) {
|
||||
afterLayergroupCreate: function(req, mapconfig, response, callback) {
|
||||
var token = response.layergroupid;
|
||||
|
||||
var username = cdbRequest.userByReq(req);
|
||||
var username = req.context.user;
|
||||
|
||||
var tasksleft = 2; // redis key and affectedTables
|
||||
var errors = [];
|
||||
@ -581,7 +584,7 @@ module.exports = function(serverOptions) {
|
||||
req.query = _.pick(req.query, REQUEST_QUERY_PARAMS_WHITELIST);
|
||||
req.params = _.extend({}, req.params); // shuffle things as request is a strange array/object
|
||||
|
||||
var user = cdbRequest.userByReq(req);
|
||||
var user = req.context.user;
|
||||
|
||||
if ( req.params.token ) {
|
||||
// Token might match the following patterns:
|
||||
@ -726,7 +729,7 @@ module.exports = function(serverOptions) {
|
||||
throw new Error("this request doesn't need an X-Cache-Channel generated");
|
||||
}
|
||||
|
||||
queryTablesApi.getAffectedTablesInQuery(cdbRequest.userByReq(req), sql, this); // in addCacheChannel
|
||||
queryTablesApi.getAffectedTablesInQuery(req.context.user, sql, this); // in addCacheChannel
|
||||
},
|
||||
function buildCacheChannel(err, tableNames) {
|
||||
assert.ifError(err);
|
||||
@ -860,7 +863,7 @@ module.exports = function(serverOptions) {
|
||||
*/
|
||||
app.authorize = function(req, callback) {
|
||||
var self = this;
|
||||
var user = cdbRequest.userByReq(req);
|
||||
var user = req.context.user;
|
||||
|
||||
step(
|
||||
function () {
|
||||
|
||||
@ -57,6 +57,7 @@ module.exports = _.extend({}, serverOptions, {
|
||||
|
||||
_.extend(req.params, req.query);
|
||||
req.params.user = 'localhost';
|
||||
req.context = {user: 'localhost'};
|
||||
req.params.dbuser = 'test_windshaft_publicuser';
|
||||
if (req.params.dbname !== 'windshaft_test2') {
|
||||
req.params.dbuser = 'test_windshaft_cartodb_user_1';
|
||||
|
||||
@ -18,8 +18,14 @@ suite('req2params', function() {
|
||||
assert.ok(_.isFunction(server.req2params));
|
||||
});
|
||||
|
||||
function addContext(req) {
|
||||
req.context = { user: 'localhost' };
|
||||
return req;
|
||||
}
|
||||
|
||||
test('cleans up request', function(done){
|
||||
server.req2params({headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}}, function(err, req) {
|
||||
var req = {headers: { host:'localhost' }, query: {dbuser:'hacker',dbname:'secret'}};
|
||||
server.req2params(addContext(req), function(err, req) {
|
||||
if ( err ) { done(err); return; }
|
||||
assert.ok(_.isObject(req.query), 'request has query');
|
||||
assert.ok(!req.query.hasOwnProperty('dbuser'), 'dbuser was removed from query');
|
||||
@ -32,7 +38,8 @@ suite('req2params', function() {
|
||||
});
|
||||
|
||||
test('sets dbname from redis metadata', function(done){
|
||||
server.req2params({headers: { host:'localhost' }, query: {} }, function(err, req) {
|
||||
var req = {headers: { host:'localhost' }, query: {} };
|
||||
server.req2params(addContext(req), function(err, req) {
|
||||
if ( err ) { done(err); return; }
|
||||
//console.dir(req);
|
||||
assert.ok(_.isObject(req.query), 'request has query');
|
||||
@ -46,7 +53,8 @@ suite('req2params', function() {
|
||||
});
|
||||
|
||||
test('sets also dbuser for authenticated requests', function(done){
|
||||
server.req2params({headers: { host:'localhost' }, query: {map_key: '1234'} }, function(err, req) {
|
||||
var req = {headers: { host:'localhost' }, query: {map_key: '1234'} };
|
||||
server.req2params(addContext(req), function(err, req) {
|
||||
if ( err ) { done(err); return; }
|
||||
//console.dir(req);
|
||||
assert.ok(_.isObject(req.query), 'request has query');
|
||||
@ -56,7 +64,7 @@ suite('req2params', function() {
|
||||
assert.equal(req.params.dbname, test_database);
|
||||
assert.equal(req.params.dbuser, test_user);
|
||||
|
||||
server.req2params({headers: { host:'localhost' }, query: {map_key: '1235'} }, function(err, req) {
|
||||
server.req2params(addContext({headers: { host:'localhost' }, query: {map_key: '1235'} }), function(err, req) {
|
||||
// wrong key resets params to no user
|
||||
assert.ok(req.params.dbuser === test_pubuser, 'could inject dbuser ('+req.params.dbuser+')');
|
||||
done();
|
||||
@ -82,7 +90,7 @@ suite('req2params', function() {
|
||||
lzma: data
|
||||
}
|
||||
};
|
||||
server.req2params(req, function(err, req) {
|
||||
server.req2params(addContext(req), function(err, req) {
|
||||
if ( err ) {
|
||||
return done(err);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user