Windshaft-cartodb/test/unit/prepare-context-test.js

'use strict';

var assert = require('assert');
var _ = require('underscore');

var RedisPool = require('redis-mpool');
var cartodbRedis = require('cartodb-redis');
var PgConnection = require('../../lib/backends/pg-connection');
var AuthBackend = require('../../lib/backends/auth');
var TemplateMaps = require('../../lib/backends/template-maps');
const MapStore = require('../support/map-store');

const cleanUpQueryParamsMiddleware = require('../../lib/api/middlewares/clean-up-query-params');
const authorizeMiddleware = require('../../lib/api/middlewares/authorize');
const dbConnSetupMiddleware = require('../../lib/api/middlewares/db-conn-setup');
const credentialsMiddleware = require('../../lib/api/middlewares/credentials');

describe('prepare-context', function () {
    var testUser = _.template(global.environment.postgres_auth_user, { user_id: 1 });
    var testPubuser = global.environment.postgres.user;
    var testDatabase = testUser + '_db';

    let cleanUpQueryParams;
    let dbConnSetup;
    let authorize;
    let setCredentials;

    before(function () {
        var redisPool = new RedisPool(global.environment.redis);
        var mapStore = new MapStore(redisPool);
        var metadataBackend = cartodbRedis({ pool: redisPool });
        var pgConnection = new PgConnection(metadataBackend);
        var templateMaps = new TemplateMaps(redisPool);
        var authBackend = new AuthBackend(pgConnection, metadataBackend, mapStore, templateMaps);

        cleanUpQueryParams = cleanUpQueryParamsMiddleware();
        authorize = authorizeMiddleware(authBackend);
        dbConnSetup = dbConnSetupMiddleware(pgConnection);
        setCredentials = credentialsMiddleware();
    });

    it('can be found in server-options', function () {
        assert.ok(_.isFunction(authorize));
        assert.ok(_.isFunction(dbConnSetup));
        assert.ok(_.isFunction(cleanUpQueryParams));
    });

    function prepareRequest (req) {
        req.profiler = {
            done: function () {}
        };

        return req;
    }

    function prepareResponse (res) {
        if (!res.locals) {
            res.locals = {};
        }
        res.locals.user = 'localhost';

        res.set = function () {};

        return res;
    }

    it('cleans up request', function (done) {
        var req = { headers: { host: 'localhost' }, query: { dbuser: 'hacker', dbname: 'secret' } };
        var res = {};

        cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function (err) {
            if (err) { done(err); return; }
            assert.ok(_.isObject(req.query), 'request has query');
            assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');
            assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');
            assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'response locals do not have interactivity');
            done();
        });
    });

    it('sets dbname from redis metadata', function (done) {
        var req = { headers: { host: 'localhost' }, query: {} };
        var res = { set: function () {} };

        dbConnSetup(prepareRequest(req), prepareResponse(res), function (err) {
            if (err) { done(err); return; }
            assert.ok(_.isObject(req.query), 'request has query');
            assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');
            assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');
            assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'response locals do not have interactivity');
            assert.strictEqual(res.locals.dbname, testDatabase);
            assert.ok(res.locals.dbuser === testPubuser, 'could inject dbuser (' + res.locals.dbuser + ')');
            done();
        });
    });

    it('sets also dbuser for authenticated requests', function (done) {
        var req = {
            headers: {
                host: 'localhost'
            },
            query: {
                api_key: '1234'
            }
        };
        var res = {
            set: function () {},
            locals: {
                api_key: '1234'
            }
        };

        // FIXME: review authorize-pgconnsetup workflow, It might we are doing authorization twice.
        authorize(prepareRequest(req), prepareResponse(res), function (err) {
            if (err) { done(err); return; }
            dbConnSetup(req, res, function (err) {
                if (err) { done(err); return; }
                assert.ok(_.isObject(req.query), 'request has query');
                assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');
                assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');
                assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'request params do not have interactivity');
                assert.strictEqual(res.locals.dbname, testDatabase);
                assert.strictEqual(res.locals.dbuser, testUser);

                req = {
                    headers: {
                        host: 'localhost'
                    },
                    query: {
                        map_key: '1235'
                    }
                };

                res = { set: function () {} };

                dbConnSetup(prepareRequest(req), prepareResponse(res), function () {
                    // wrong key resets params to no user
                    assert.ok(res.locals.dbuser === testPubuser, 'could inject dbuser (' + res.locals.dbuser + ')');
                    done();
                });
            });
        });
    });

    it('it should remove invalid params', function (done) {
        var config = {
            version: '1.3.0'
        };
        var req = {
            headers: {
                host: 'localhost'
            },
            query: {
                non_included: 'toberemoved',
                api_key: 'test',
                style: 'override',
                config: config
            }
        };
        var res = {};

        cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function (err) {
            if (err) {
                return done(err);
            }

            assert.deepStrictEqual(config, req.query.config);
            assert.strictEqual('test', req.query.api_key);
            assert.strictEqual(undefined, req.query.non_included);
            done();
        });
    });

    describe('Set apikey token', function () {
        it('from query param', function (done) {
            var req = {
                headers: {
                    host: 'localhost'
                },
                query: {
                    api_key: '1234'
                }
            };
            var res = {};
            setCredentials(prepareRequest(req), prepareResponse(res), function (err) {
                if (err) {
                    return done(err);
                }
                var query = res.locals;

                assert.strictEqual('1234', query.api_key);
                done();
            });
        });

        it('from body param', function (done) {
            var req = {
                headers: {
                    host: 'localhost'
                },
                body: {
                    api_key: '1234'
                }
            };
            var res = {};
            setCredentials(prepareRequest(req), prepareResponse(res), function (err) {
                if (err) {
                    return done(err);
                }
                var query = res.locals;

                assert.strictEqual('1234', query.api_key);
                done();
            });
        });

        it('from http header', function (done) {
            var req = {
                headers: {
                    host: 'localhost',
                    authorization: 'Basic bG9jYWxob3N0OjEyMzQ=' // user: localhost, password: 1234
                }
            };
            var res = {};
            setCredentials(prepareRequest(req), prepareResponse(res), function (err) {
                if (err) {
                    return done(err);
                }
                var query = res.locals;

                assert.strictEqual('1234', query.api_key);
                done();
            });
        });
    });
});
Ise strict mode for moduler under test folder 2018-10-24 00:39:02 +08:00			`'use strict';`

Remove some old accepted query params 2015-03-24 00:54:37 +08:00			`var assert = require('assert');`
			`var _ = require('underscore');`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00			`var RedisPool = require('redis-mpool');`
			`var cartodbRedis = require('cartodb-redis');`
Remove cartodb folder in unit test 2019-10-07 17:29:07 +08:00			`var PgConnection = require('../../lib/backends/pg-connection');`
			`var AuthBackend = require('../../lib/backends/auth');`
			`var TemplateMaps = require('../../lib/backends/template-maps');`
- Rename NamedMapProviderReporter by NamedMapProviderCacheReporter - Extract getOnTileErrorStrategy to a module - Stop using MapStore from windshaft while testing and create a custom one instead 2020-04-04 23:46:08 +08:00			`const MapStore = require('../support/map-store');`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00
Remove cartodb folder in unit test 2019-10-07 17:29:07 +08:00			`const cleanUpQueryParamsMiddleware = require('../../lib/api/middlewares/clean-up-query-params');`
			`const authorizeMiddleware = require('../../lib/api/middlewares/authorize');`
			`const dbConnSetupMiddleware = require('../../lib/api/middlewares/db-conn-setup');`
			`const credentialsMiddleware = require('../../lib/api/middlewares/credentials');`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`describe('prepare-context', function () {`
Camel case 2019-11-06 23:44:17 +08:00			`var testUser = _.template(global.environment.postgres_auth_user, { user_id: 1 });`
			`var testPubuser = global.environment.postgres.user;`
			`var testDatabase = testUser + '_db';`
Change example test user and database names This is to avoid a clash with cartodb test databases 2014-02-21 01:03:43 +08:00
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`let cleanUpQueryParams;`
			`let dbConnSetup;`
			`let authorize;`
merge master 2018-03-12 18:52:38 +08:00			`let setCredentials;`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`before(function () {`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00			`var redisPool = new RedisPool(global.environment.redis);`
- Rename NamedMapProviderReporter by NamedMapProviderCacheReporter - Extract getOnTileErrorStrategy to a module - Stop using MapStore from windshaft while testing and create a custom one instead 2020-04-04 23:46:08 +08:00			`var mapStore = new MapStore(redisPool);`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`var metadataBackend = cartodbRedis({ pool: redisPool });`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00			`var pgConnection = new PgConnection(metadataBackend);`
			`var templateMaps = new TemplateMaps(redisPool);`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`var authBackend = new AuthBackend(pgConnection, metadataBackend, mapStore, templateMaps);`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`cleanUpQueryParams = cleanUpQueryParamsMiddleware();`
Rename AuthAppi by AuthBackend 2018-04-10 00:08:56 +08:00			`authorize = authorizeMiddleware(authBackend);`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`dbConnSetup = dbConnSetupMiddleware(pgConnection);`
merge master 2018-03-12 18:52:38 +08:00			`setCredentials = credentialsMiddleware();`
Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00			`});`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`it('can be found in server-options', function () {`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`assert.ok(_.isFunction(authorize));`
			`assert.ok(_.isFunction(dbConnSetup));`
			`assert.ok(_.isFunction(cleanUpQueryParams));`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00			`});`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`function prepareRequest (req) {`
Move req.profiler call to req2params itself 2015-09-16 00:16:50 +08:00			`req.profiler = {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`done: function () {}`
Move req.profiler call to req2params itself 2015-09-16 00:16:50 +08:00			`};`
from req.context to res.locals 2017-10-03 23:47:57 +08:00
prepareRequest and prepareResponse in prepare-context.test 2017-10-03 23:58:16 +08:00			`return req;`
			`}`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`function prepareResponse (res) {`
			`if (!res.locals) {`
from req.context to res.locals 2017-10-03 23:47:57 +08:00			`res.locals = {};`
			`}`
			`res.locals.user = 'localhost';`
updating preprare-context test to allow the new res.locals usage 2017-10-02 18:09:19 +08:00
fix tests 2018-03-06 22:26:35 +08:00			`res.set = function () {};`

prepareRequest and prepareResponse in prepare-context.test 2017-10-03 23:58:16 +08:00			`return res;`
Context with user 2015-07-08 21:34:46 +08:00			`}`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`it('cleans up request', function (done) {`
			`var req = { headers: { host: 'localhost' }, query: { dbuser: 'hacker', dbname: 'secret' } };`
			`var res = {};`

			`cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function (err) {`
			`if (err) { done(err); return; }`
			`assert.ok(_.isObject(req.query), 'request has query');`
Avoid calling Object.prototype methods directly on object instances 2019-10-22 05:33:27 +08:00			`assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');`
			`assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');`
			`assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'response locals do not have interactivity');`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`done();`
			`});`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00			`});`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`it('sets dbname from redis metadata', function (done) {`
			`var req = { headers: { host: 'localhost' }, query: {} };`
			`var res = { set: function () {} };`

			`dbConnSetup(prepareRequest(req), prepareResponse(res), function (err) {`
			`if (err) { done(err); return; }`
			`assert.ok(_.isObject(req.query), 'request has query');`
Avoid calling Object.prototype methods directly on object instances 2019-10-22 05:33:27 +08:00			`assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');`
			`assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');`
			`assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'response locals do not have interactivity');`
Camel case 2019-11-06 23:44:17 +08:00			`assert.strictEqual(res.locals.dbname, testDatabase);`
			`assert.ok(res.locals.dbuser === testPubuser, 'could inject dbuser (' + res.locals.dbuser + ')');`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`done();`
			`});`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00			`});`

Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`it('sets also dbuser for authenticated requests', function (done) {`
merge master 2018-03-12 18:52:38 +08:00			`var req = {`
			`headers: {`
			`host: 'localhost'`
			`},`
fix unit test 2018-02-08 00:14:46 +08:00			`query: {`
			`api_key: '1234'`
			`}`
			`};`
merge master 2018-03-12 18:52:38 +08:00			`var res = {`
fix unit test 2018-02-08 00:14:46 +08:00			`set: function () {},`
			`locals: {`
merge master 2018-03-12 18:52:38 +08:00			`api_key: '1234'`
fix unit test 2018-02-08 00:14:46 +08:00			`}`
			`};`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00
			`// FIXME: review authorize-pgconnsetup workflow, It might we are doing authorization twice.`
prepareRequest and prepareResponse in prepare-context.test 2017-10-03 23:58:16 +08:00			`authorize(prepareRequest(req), prepareResponse(res), function (err) {`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`if (err) { done(err); return; }`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`dbConnSetup(req, res, function (err) {`
			`if (err) { done(err); return; }`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`assert.ok(_.isObject(req.query), 'request has query');`
Avoid calling Object.prototype methods directly on object instances 2019-10-22 05:33:27 +08:00			`assert.ok(!Object.prototype.hasOwnProperty.call(req.query, 'dbuser'), 'dbuser was removed from query');`
			`assert.ok(Object.prototype.hasOwnProperty.call(res, 'locals'), 'response has locals');`
			`assert.ok(!Object.prototype.hasOwnProperty.call(res.locals, 'interactivity'), 'request params do not have interactivity');`
Camel case 2019-11-06 23:44:17 +08:00			`assert.strictEqual(res.locals.dbname, testDatabase);`
			`assert.strictEqual(res.locals.dbuser, testUser);`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00
			`req = {`
			`headers: {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`host: 'localhost'`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`},`
			`query: {`
			`map_key: '1235'`
going green 2017-10-02 18:28:29 +08:00			`}`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`};`

doing changes after merge with middlewarify 2017-10-09 18:27:58 +08:00			`res = { set: function () {} };`
from req.context to res.locals 2017-10-03 23:47:57 +08:00
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`dbConnSetup(prepareRequest(req), prepareResponse(res), function () {`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`// wrong key resets params to no user`
Camel case 2019-11-06 23:44:17 +08:00			`assert.ok(res.locals.dbuser === testPubuser, 'could inject dbuser (' + res.locals.dbuser + ')');`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00			`done();`
			`});`
			`});`
			`});`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00			`});`
fixed lzma decoding to fix browser requirements 2013-04-24 21:10:58 +08:00
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`it('it should remove invalid params', function (done) {`
Implement LZMA query param inflating as middleware The req2params method is doing too many things, this is an initial step to do fewer things in that method. 2017-08-04 23:30:46 +08:00			`var config = {`
			`version: '1.3.0'`
			`};`
			`var req = {`
			`headers: {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`host: 'localhost'`
Implement LZMA query param inflating as middleware The req2params method is doing too many things, this is an initial step to do fewer things in that method. 2017-08-04 23:30:46 +08:00			`},`
			`query: {`
			`non_included: 'toberemoved',`
			`api_key: 'test',`
			`style: 'override',`
			`config: config`
updating preprare-context test to allow the new res.locals usage 2017-10-02 18:09:19 +08:00			`}`
Remove some old accepted query params 2015-03-24 00:54:37 +08:00			`};`
finishing integration of lzma middleware 2017-09-22 22:46:39 +08:00			`var res = {};`
merge master 2018-03-12 18:52:38 +08:00
prepareRequest and prepareResponse in prepare-context.test 2017-10-03 23:58:16 +08:00			`cleanUpQueryParams(prepareRequest(req), prepareResponse(res), function (err) {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`if (err) {`
finishing integration of lzma middleware 2017-09-22 22:46:39 +08:00			`return done(err);`
			`}`
Split prepare context middleware and fix unit test 2017-09-25 19:40:22 +08:00
Replace assert.deepEqual() by assert.deepStrictEqual() 2019-10-22 01:52:51 +08:00			`assert.deepStrictEqual(config, req.query.config);`
Replace assert.equal() by assert.strictEqual() 2019-10-22 01:41:03 +08:00			`assert.strictEqual('test', req.query.api_key);`
			`assert.strictEqual(undefined, req.query.non_included);`
finishing integration of lzma middleware 2017-09-22 22:46:39 +08:00			`done();`
fixed lzma decoding to fix browser requirements 2013-04-24 21:10:58 +08:00			`});`
			`});`
Remove some old accepted query params 2015-03-24 00:54:37 +08:00
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`describe('Set apikey token', function () {`
add middleware for apikeyToken 2018-02-15 19:50:42 +08:00			`it('from query param', function (done) {`
			`var req = {`
			`headers: {`
			`host: 'localhost'`
			`},`
			`query: {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`api_key: '1234'`
add middleware for apikeyToken 2018-02-15 19:50:42 +08:00			`}`
			`};`
			`var res = {};`
merge master 2018-03-12 18:52:38 +08:00			`setCredentials(prepareRequest(req), prepareResponse(res), function (err) {`
add middleware for apikeyToken 2018-02-15 19:50:42 +08:00			`if (err) {`
			`return done(err);`
			`}`
			`var query = res.locals;`
merge master 2018-03-12 18:52:38 +08:00
Replace assert.equal() by assert.strictEqual() 2019-10-22 01:41:03 +08:00			`assert.strictEqual('1234', query.api_key);`
add tests for getting api key token from requests 2018-02-15 22:27:41 +08:00			`done();`
			`});`
			`});`

			`it('from body param', function (done) {`
			`var req = {`
			`headers: {`
			`host: 'localhost'`
			`},`
			`body: {`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`api_key: '1234'`
add tests for getting api key token from requests 2018-02-15 22:27:41 +08:00			`}`
			`};`
			`var res = {};`
merge master 2018-03-12 18:52:38 +08:00			`setCredentials(prepareRequest(req), prepareResponse(res), function (err) {`
add tests for getting api key token from requests 2018-02-15 22:27:41 +08:00			`if (err) {`
			`return done(err);`
			`}`
			`var query = res.locals;`

Replace assert.equal() by assert.strictEqual() 2019-10-22 01:41:03 +08:00			`assert.strictEqual('1234', query.api_key);`
add tests for getting api key token from requests 2018-02-15 22:27:41 +08:00			`done();`
			`});`
			`});`

			`it('from http header', function (done) {`
			`var req = {`
			`headers: {`
			`host: 'localhost',`
Apply automatic eslint fixes 2019-10-22 01:07:24 +08:00			`authorization: 'Basic bG9jYWxob3N0OjEyMzQ=' // user: localhost, password: 1234`
add tests for getting api key token from requests 2018-02-15 22:27:41 +08:00			`}`
			`};`
			`var res = {};`
merge master 2018-03-12 18:52:38 +08:00			`setCredentials(prepareRequest(req), prepareResponse(res), function (err) {`
get and check api key credentials from api key: username and token 2018-02-16 00:49:47 +08:00			`if (err) {`
			`return done(err);`
			`}`
			`var query = res.locals;`

Replace assert.equal() by assert.strictEqual() 2019-10-22 01:41:03 +08:00			`assert.strictEqual('1234', query.api_key);`
get and check api key credentials from api key: username and token 2018-02-16 00:49:47 +08:00			`done();`
			`});`
			`});`
add middleware for apikeyToken 2018-02-15 19:50:42 +08:00			`});`
Delegate user permission to PostgreSQL (closes #18) If the request is authenticated (with map_key) then we log as the database owner, otherwise we log as the default user. The default user is now "publicuser" by default. Raises dependency on Windshaft to 0.4.9+, to get the grainstore version allowing override of database username. Add test for req2params function, particularly authentication, Add test for authenticated / unauthenticated access 2012-07-18 17:00:24 +08:00			`});`