cartodb/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #721 from CartoDB/lzma-middleware

Browse Source 
Implement LZMA query param inflating as middleware
This commit is contained in:
Simon Martín 2017-09-22 16:16:36 +02:00 committed by GitHub
commit ca63c2ef1a
5 changed files with 95 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/cartodb/controllers/base.js
View File

@ -4,9 +4,6 @@ var _ = require('underscore');
var step = require('step'); var step = require('step');
var debug = require('debug')('windshaft:cartodb'); var debug = require('debug')('windshaft:cartodb');
var LZMA = require('lzma').LZMA;
var lzmaWorker = new LZMA();
// Whitelist query parameters and attach format // Whitelist query parameters and attach format
var REQUEST_QUERY_PARAMS_WHITELIST = [ var REQUEST_QUERY_PARAMS_WHITELIST = [
'config', 'config',
@ -28,7 +25,7 @@ function BaseController(authApi, pgConnection) {
module.exports = BaseController; module.exports = BaseController;
// jshint maxcomplexity:10 // jshint maxcomplexity:8
/** /**
* Whitelist input and get database name & default geometry type from * Whitelist input and get database name & default geometry type from
* subdomain/user metadata held in CartoDB Redis * subdomain/user metadata held in CartoDB Redis
@ -38,35 +35,6 @@ module.exports = BaseController;
BaseController.prototype.req2params = function(req, callback){ BaseController.prototype.req2params = function(req, callback){
var self = this; var self = this;
if ( req.query.lzma ) {
// Decode (from base64)
var lzma = new Buffer(req.query.lzma, 'base64')
.toString('binary')
.split('')
.map(function(c) {
return c.charCodeAt(0) - 128;
});
// Decompress
lzmaWorker.decompress(
lzma,
function(result) {
req.profiler.done('lzma');
try {
delete req.query.lzma;
_.extend(req.query, JSON.parse(result));
self.req2params(req, callback);
} catch (err) {
req.profiler.done('req2params');
callback(new Error('Error parsing lzma as JSON: ' + err));
}
}
);
return;
}
var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST; var allowedQueryParams = REQUEST_QUERY_PARAMS_WHITELIST;
if (Array.isArray(req.context.allowedQueryParams)) { if (Array.isArray(req.context.allowedQueryParams)) {
allowedQueryParams = allowedQueryParams.concat(req.context.allowedQueryParams); allowedQueryParams = allowedQueryParams.concat(req.context.allowedQueryParams);

30
lib/cartodb/middleware/lzma.js Normal file
View File

@ -0,0 +1,30 @@
'use strict';
var LZMA = require('lzma').LZMA;
var lzmaWorker = new LZMA();
module.exports = function lzmaMiddleware(req, res, next) {
if (!req.query.hasOwnProperty('lzma')) {
return next();
}
// Decode (from base64)
var lzma = new Buffer(req.query.lzma, 'base64')
.toString('binary')
.split('')
.map(function(c) {
return c.charCodeAt(0) - 128;
});
// Decompress
lzmaWorker.decompress(lzma, function(result) {
try {
delete req.query.lzma;
Object.assign(req.query, JSON.parse(result));
next();
} catch (err) {
next(new Error('Error parsing lzma as JSON: ' + err));
}
});
};

4
lib/cartodb/server.js
View File

@ -4,6 +4,8 @@ var RedisPool = require('redis-mpool');
var cartodbRedis = require('cartodb-redis'); var cartodbRedis = require('cartodb-redis');
var _ = require('underscore'); var _ = require('underscore');
var lzmaMiddleware = require('./middleware/lzma');
var controller = require('./controllers'); var controller = require('./controllers');
var SurrogateKeysCache = require('./cache/surrogate_keys_cache'); var SurrogateKeysCache = require('./cache/surrogate_keys_cache');
@ -364,6 +366,8 @@ function bootstrap(opts) {
next(); next();
}); });
app.use(lzmaMiddleware);
// temporary measure until we upgrade to newer version expressjs so we can check err.status // temporary measure until we upgrade to newer version expressjs so we can check err.status
app.use(function(err, req, res, next) { app.use(function(err, req, res, next) {
if (err) { if (err) {

36
test/unit/cartodb/lzmaMiddleware.test.js Normal file
View File

@ -0,0 +1,36 @@
var assert = require('assert');
var testHelper = require('../../support/test_helper');
var lzmaMiddleware = require('../../../lib/cartodb/middleware/lzma');
describe('lzma-middleware', function() {
it('it should extend params with decoded lzma', function(done) {
var qo = {
config: {
version: '1.3.0'
}
};
testHelper.lzma_compress_to_base64(JSON.stringify(qo), 1, function(err, data) {
var req = {
headers: {
host:'localhost'
},
query: {
api_key: 'test',
lzma: data
}
};
lzmaMiddleware(req, {}, function(err) {
if ( err ) {
return done(err);
}
var query = req.query;
assert.deepEqual(qo.config, query.config);
assert.equal('test', query.api_key);
done();
});
});
});
});

51
test/unit/cartodb/req2params.test.js
View File

@ -1,6 +1,6 @@
var assert = require('assert'); var assert = require('assert');
var _ = require('underscore'); var _ = require('underscore');
var test_helper = require('../../support/test_helper'); require('../../support/test_helper');
var RedisPool = require('redis-mpool'); var RedisPool = require('redis-mpool');
var cartodbRedis = require('cartodb-redis'); var cartodbRedis = require('cartodb-redis');
@ -98,34 +98,31 @@ describe('req2params', function() {
}); });
}); });
it('it should extend params with decoded lzma', function(done) { it('it should remove invalid params', function(done) {
var qo = { var config = {
config: { version: '1.3.0'
version: '1.3.0' };
var req = {
headers: {
host:'localhost'
},
query: {
non_included: 'toberemoved',
api_key: 'test',
style: 'override',
config: config
} }
}; };
test_helper.lzma_compress_to_base64(JSON.stringify(qo), 1, function(err, data) { baseController.req2params(prepareRequest(req), function(err, req) {
var req = { if (err) {
headers: { return done(err);
host:'localhost' }
}, var query = req.params;
query: { assert.deepEqual(config, query.config);
non_included: 'toberemoved', assert.equal('test', query.api_key);
api_key: 'test', assert.equal(undefined, query.non_included);
style: 'override', assert.equal(undefined, query.style);
lzma: data done();
}
};
baseController.req2params(prepareRequest(req), function(err, req) {
if ( err ) {
return done(err);
}
var query = req.params;
assert.deepEqual(qo.config, query.config);
assert.equal('test', query.api_key);
assert.equal(undefined, query.non_included);
done();
});
}); });
}); });