From f2f6b9d49c2d3c5f4a7ff4802de775c440de5aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa=20Aubert?= Date: Fri, 2 Mar 2018 13:29:30 +0100 Subject: [PATCH] ES6 goodies --- .../middleware/context/layergroup-token.js | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/cartodb/middleware/context/layergroup-token.js b/lib/cartodb/middleware/context/layergroup-token.js index af213bf5..f611b068 100644 --- a/lib/cartodb/middleware/context/layergroup-token.js +++ b/lib/cartodb/middleware/context/layergroup-token.js @@ -1,26 +1,29 @@ var LayergroupToken = require('../../models/layergroup-token'); +const authErrorMessageTemplate = function (signer, user) { + return `Cannot use map signature of user "${signer}" on db of user "${user}"`; +}; + module.exports = function layergroupToken () { return function layergroupTokenMiddleware (req, res, next) { if (!res.locals.token) { return next(); } - var user = res.locals.user; + const user = res.locals.user; + + const layergroupToken = LayergroupToken.parse(res.locals.token); - var layergroupToken = LayergroupToken.parse(res.locals.token); res.locals.token = layergroupToken.token; res.locals.cache_buster = layergroupToken.cacheBuster; if (layergroupToken.signer) { res.locals.signer = layergroupToken.signer; + if (res.locals.signer !== user) { - var err = new Error(`Cannot use map signature of user "${res.locals.signer}" on db of user "${user}"`); + const err = new Error(authErrorMessageTemplate(res.locals.signer, user)); err.type = 'auth'; - err.http_status = 403; - if (req.query && req.query.callback) { - err.http_status = 200; - } + err.http_status = (req.query && req.query.callback) ? 200: 403; return next(err); }