Do not retrive user's api key if no api key was provided

Reduces redis interaction, see #142
2014-02-13 10:16:11 +01:00 · 2014-02-13 10:16:11 +01:00 · e88e49001a
commit e88e49001a
parent 6a599ccb5d
1 changed files with 12 additions and 10 deletions
--- a/lib/cartodb/server_options.js
+++ b/lib/cartodb/server_options.js
@ -477,9 +477,20 @@ module.exports = function(){
    //
    // @param req express request object
    // @param callback function(err, authorized) 
+    //        NOTE: authorized is expected to be 0 or 1 (integer)
    //                 
    me.authorizedByAPIKey = function(req, callback)
    {
+        var givenKey = req.query.api_key || req.query.map_key;
+        if ( ! givenKey && req.body ) {
+          // check also in request body
+          givenKey = req.body.api_key || req.body.map_key;
+        }
+        if ( ! givenKey ) {
+          callback(null, 0); // no api key, no authorization...
+          return;
+        }
+        //console.log("given ApiKey: " + givenKey);
        var user = me.userByReq(req);
        Step(
          function (){
@ -487,16 +498,7 @@ module.exports = function(){
          },
          function checkApiKey(err, val){
              if (err) throw err;
-
-              var valid = 0;
-              if ( val ) {
-                if ( val == req.query.map_key ) valid = 1;
-                else if ( val == req.query.api_key ) valid = 1;
-                // check also in request body
-                else if ( req.body && req.body.map_key && val == req.body.map_key ) valid = 1;
-                else if ( req.body && req.body.api_key && val == req.body.api_key ) valid = 1;
-              }
-              return valid;
+              return ( val && givenKey == val ) ? 1 : 0;
          },
          function finish(err, authorized) {
              callback(err, authorized);