Windshaft-cartodb/lib/cartodb/controllers/named_maps_admin.js

var templateName = require('../backends/template_maps').templateName;

var cors = require('../middleware/cors');
var userMiddleware = require('../middleware/user');

/**
 * @param {AuthApi} authApi
 * @param {PgConnection} pgConnection
 * @param {TemplateMaps} templateMaps
 * @constructor
 */
function NamedMapsAdminController(authApi, templateMaps) {
    this.authApi = authApi;
    this.templateMaps = templateMaps;
}

module.exports = NamedMapsAdminController;

NamedMapsAdminController.prototype.register = function (app) {
    app.post(
        app.base_url_templated + '/',
        cors(),
        userMiddleware,
        this.checkContentType('POST', 'POST TEMPLATE'),
        this.authorizedByAPIKey('create', 'POST TEMPLATE'),
        this.create.bind(this)
    );

    app.put(
        app.base_url_templated + '/:template_id',
        cors(),
        userMiddleware,
        this.checkContentType('PUT', 'PUT TEMPLATE'),
        this.authorizedByAPIKey('update', 'PUT TEMPLATE'),
        this.update.bind(this)
    );

    app.get(
        app.base_url_templated + '/:template_id',
        cors(),
        userMiddleware,
        this.authorizedByAPIKey('get', 'GET TEMPLATE'),
        this.retrieve.bind(this)
    );

    app.delete(
        app.base_url_templated + '/:template_id',
        cors(),
        userMiddleware,
        this.authorizedByAPIKey('delete', 'DELETE TEMPLATE'),
        this.destroy.bind(this)
    );

    app.get(
        app.base_url_templated + '/',
        cors(),
        userMiddleware,
        this.authorizedByAPIKey('list', 'GET TEMPLATE LIST'),
        this.list.bind(this)
    );

    app.options(
        app.base_url_templated + '/:template_id',
        cors('Content-Type')
    );
};

NamedMapsAdminController.prototype.authorizedByAPIKey = function (action, label) {
    return function authorizedByAPIKeyMiddleware (req, res, next) {
        const { user } = res.locals;

        this.authApi.authorizedByAPIKey(user, req, (err, authenticated) => {
            if (err) {
                return next(err);
            }

            if (!authenticated) {
                const error = new Error(`Only authenticated user can ${action} templated maps`);
                error.http_status = 403;
                error.label = label;
                return next(error);
            }

            next();
        });
    }.bind(this);
};

NamedMapsAdminController.prototype.checkContentType = function (action, label) {
    return function checkContentTypeMiddleware (req, res, next) {
        if (!req.is('application/json')) {
            const error = new Error(`template ${action} data must be of type application/json`);
            error.label = label;
            return next(error);
        }
        next();
    };
};

NamedMapsAdminController.prototype.create = function(req, res, next) {
    const cdbuser = res.locals.user;
    const cfg = req.body;

    this.templateMaps.addTemplate(cdbuser, cfg, (err, tpl_id) => {
        if (err) {
            return next(err);
        }

        res.status(200);

        const method = req.query.callback ? 'jsonp' : 'json';
        res[method]({ template_id: tpl_id });
    });
};

NamedMapsAdminController.prototype.update = function(req, res, next) {
    const cdbuser = res.locals.user;
    const template = req.body;
    const tpl_id = templateName(req.params.template_id);

    this.templateMaps.updTemplate(cdbuser, tpl_id, template, (err) => {
        if (err) {
            return next(err);
        }

        res.status(200);

        const method = req.query.callback ? 'jsonp' : 'json';
        res[method]({ template_id: tpl_id });
    });
};

NamedMapsAdminController.prototype.retrieve = function(req, res, next) {
    req.profiler.start('windshaft-cartodb.get_template');

    const cdbuser = res.locals.user;
    const tpl_id = templateName(req.params.template_id);

    this.templateMaps.getTemplate(cdbuser, tpl_id, (err, tpl_val) => {
        if (err) {
            return next(err);
        }

        if (!tpl_val) {
            const error = new Error(`Cannot find template '${tpl_id}' of user '${cdbuser}'`);
            error.http_status = 404;
            return next(error);
        }
        // auth_id was added by ourselves,
        // so we remove it before returning to the user
        delete tpl_val.auth_id;

        res.status(200);

        const method = req.query.callback ? 'jsonp' : 'json';
        res[method]({ template: tpl_val });
    });
};

NamedMapsAdminController.prototype.destroy = function(req, res, next) {
    req.profiler.start('windshaft-cartodb.delete_template');

    const cdbuser = res.locals.user;
    const tpl_id = templateName(req.params.template_id);

    this.templateMaps.delTemplate(cdbuser, tpl_id, (err/*, tpl_val*/) => {
        if (err) {
            return next(err);
        }

        res.status(204);

        const method = req.query.callback ? 'jsonp' : 'json';
        res[method]('');
    });
};

NamedMapsAdminController.prototype.list = function(req, res, next) {
    req.profiler.start('windshaft-cartodb.get_template_list');

    const cdbuser = res.locals.user;

    this.templateMaps.listTemplates(cdbuser, (err, tpl_ids) => {
        if (err) {
            return next(err);
        }

        res.status(200);

        const method = req.query.callback ? 'jsonp' : 'json';
        res[method]({ template_ids: tpl_ids });
    });
};
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var templateName = require('../backends/template_maps').templateName;`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00
Manage cors with a middleware 2015-07-08 19:27:56 +08:00			`var cors = require('../middleware/cors');`
User extraction from request middleware Used only where potentially a user is required. It doesn't make sense to extract a user for request that don't need a user in the context. 2015-09-30 23:17:01 +08:00			`var userMiddleware = require('../middleware/user');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`/**`
			`* @param {AuthApi} authApi`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00			`* @param {PgConnection} pgConnection`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`* @param {TemplateMaps} templateMaps`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`* @constructor`
			`*/`
Inject prepare context middleware to controllers 2017-09-26 01:40:27 +08:00			`function NamedMapsAdminController(authApi, templateMaps) {`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`this.authApi = authApi;`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`this.templateMaps = templateMaps;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`}`

			`module.exports = NamedMapsAdminController;`

Back to use just one router 2017-10-05 18:12:21 +08:00			`NamedMapsAdminController.prototype.register = function (app) {`
			`app.post(`
			`app.base_url_templated + '/',`
			`cors(),`
			`userMiddleware,`
keep error label 2017-12-29 20:05:01 +08:00			`this.checkContentType('POST', 'POST TEMPLATE'),`
			`this.authorizedByAPIKey('create', 'POST TEMPLATE'),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`this.create.bind(this)`
			`);`

			`app.put(`
			`app.base_url_templated + '/:template_id',`
			`cors(),`
			`userMiddleware,`
keep error label 2017-12-29 20:05:01 +08:00			`this.checkContentType('PUT', 'PUT TEMPLATE'),`
			`this.authorizedByAPIKey('update', 'PUT TEMPLATE'),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`this.update.bind(this)`
			`);`

			`app.get(`
			`app.base_url_templated + '/:template_id',`
			`cors(),`
			`userMiddleware,`
keep error label 2017-12-29 20:05:01 +08:00			`this.authorizedByAPIKey('get', 'GET TEMPLATE'),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`this.retrieve.bind(this)`
			`);`

			`app.delete(`
			`app.base_url_templated + '/:template_id',`
			`cors(),`
			`userMiddleware,`
keep error label 2017-12-29 20:05:01 +08:00			`this.authorizedByAPIKey('delete', 'DELETE TEMPLATE'),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`this.destroy.bind(this)`
			`);`
Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00
Back to use just one router 2017-10-05 18:12:21 +08:00			`app.get(`
			`app.base_url_templated + '/',`
Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00			`cors(),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`userMiddleware,`
keep error label 2017-12-29 20:05:01 +08:00			`this.authorizedByAPIKey('list', 'GET TEMPLATE LIST'),`
Back to use just one router 2017-10-05 18:12:21 +08:00			`this.list.bind(this)`
Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00			`);`

Back to use just one router 2017-10-05 18:12:21 +08:00			`app.options(`
			`app.base_url_templated + '/:template_id',`
			`cors('Content-Type')`
			`);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Move to up intermediate middlewares 2017-12-29 22:19:52 +08:00			`NamedMapsAdminController.prototype.authorizedByAPIKey = function (action, label) {`
			`return function authorizedByAPIKeyMiddleware (req, res, next) {`
			`const { user } = res.locals;`

			`this.authApi.authorizedByAPIKey(user, req, (err, authenticated) => {`
			`if (err) {`
			`return next(err);`
			`}`

			`if (!authenticated) {`
			const error = new Error(`Only authenticated user can ${action} templated maps`);
			`error.http_status = 403;`
			`error.label = label;`
			`return next(error);`
			`}`

			`next();`
			`});`
			`}.bind(this);`
			`};`

			`NamedMapsAdminController.prototype.checkContentType = function (action, label) {`
			`return function checkContentTypeMiddleware (req, res, next) {`
			`if (!req.is('application/json')) {`
			const error = new Error(`template ${action} data must be of type application/json`);
			`error.label = label;`
			`return next(error);`
			`}`
			`next();`
			`};`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.create = function(req, res, next) {`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const cdbuser = res.locals.user;`
			`const cfg = req.body;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`this.templateMaps.addTemplate(cdbuser, cfg, (err, tpl_id) => {`
			`if (err) {`
			`return next(err);`
			`}`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`res.status(200);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const method = req.query.callback ? 'jsonp' : 'json';`
			`res[method]({ template_id: tpl_id });`
			`});`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.update = function(req, res, next) {`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const cdbuser = res.locals.user;`
			`const template = req.body;`
			`const tpl_id = templateName(req.params.template_id);`
Now turbo-cartocss is also parsed in template modification. 2016-03-11 18:06:51 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`this.templateMaps.updTemplate(cdbuser, tpl_id, template, (err) => {`
			`if (err) {`
			`return next(err);`
			`}`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`res.status(200);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const method = req.query.callback ? 'jsonp' : 'json';`
			`res[method]({ template_id: tpl_id });`
			`});`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.retrieve = function(req, res, next) {`
Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.get_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const cdbuser = res.locals.user;`
			`const tpl_id = templateName(req.params.template_id);`

			`this.templateMaps.getTemplate(cdbuser, tpl_id, (err, tpl_val) => {`
			`if (err) {`
			`return next(err);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00			`}`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
			`if (!tpl_val) {`
			const error = new Error(`Cannot find template '${tpl_id}' of user '${cdbuser}'`);
			`error.http_status = 404;`
			`return next(error);`
			`}`
			`// auth_id was added by ourselves,`
			`// so we remove it before returning to the user`
			`delete tpl_val.auth_id;`

			`res.status(200);`

			`const method = req.query.callback ? 'jsonp' : 'json';`
			`res[method]({ template: tpl_val });`
			`});`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.destroy = function(req, res, next) {`
Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.delete_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const cdbuser = res.locals.user;`
			`const tpl_id = templateName(req.params.template_id);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`this.templateMaps.delTemplate(cdbuser, tpl_id, (err/, tpl_val/) => {`
			`if (err) {`
			`return next(err);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00			`}`
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00
			`res.status(204);`

			`const method = req.query.callback ? 'jsonp' : 'json';`
			`res[method]('');`
			`});`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.list = function(req, res, next) {`
Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.get_template_list');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const cdbuser = res.locals.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`this.templateMaps.listTemplates(cdbuser, (err, tpl_ids) => {`
			`if (err) {`
			`return next(err);`
			`}`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`res.status(200);`
Remove finish function and respond in the main middleware 2017-12-29 22:04:44 +08:00
Remove step and assert dependencies 2017-12-29 22:17:29 +08:00			`const method = req.query.callback ? 'jsonp' : 'json';`
			`res[method]({ template_ids: tpl_ids });`
			`});`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`