Windshaft-cartodb/lib/cartodb/controllers/named_maps_admin.js

var step = require('step');
var assert = require('assert');
var templateName = require('../backends/template_maps').templateName;

var util = require('util');
var BaseController = require('./base');

var cors = require('../middleware/cors');
var userMiddleware = require('../middleware/user');


/**
 * @param {AuthApi} authApi
 * @param {PgConnection} pgConnection
 * @param {TemplateMaps} templateMaps
 * @constructor
 */
function NamedMapsAdminController(authApi, templateMaps) {
    BaseController.call(this);

    this.authApi = authApi;
    this.templateMaps = templateMaps;
}

util.inherits(NamedMapsAdminController, BaseController);

module.exports = NamedMapsAdminController;

NamedMapsAdminController.prototype.register = function (router) {
    router.options('/:template_id', cors('Content-Type'));

    router.use(
        cors(),
        userMiddleware
    );

    router.post('/', this.create.bind(this));
    router.put('/:template_id', this.update.bind(this));
    router.get('/:template_id', this.retrieve.bind(this));
    router.delete('/:template_id', this.destroy.bind(this));
    router.get('/', this.list.bind(this));
};

NamedMapsAdminController.prototype.create = function(req, res, next) {
    var self = this;

    var cdbuser = req.context.user;

    step(
        function checkPerms(){
            self.authApi.authorizedByAPIKey(cdbuser, req, this);
        },
        function addTemplate(err, authenticated) {
            assert.ifError(err);
            ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');
            ifInvalidContentType(req, 'template POST data must be of type application/json');
            var cfg = req.body;
            self.templateMaps.addTemplate(cdbuser, cfg, this);
        },
        function prepareResponse(err, tpl_id){
            assert.ifError(err);
            return { template_id: tpl_id };
        },
        finishFn(self, req, res, 'POST TEMPLATE', null, next)
    );
};

NamedMapsAdminController.prototype.update = function(req, res, next) {
    var self = this;

    var cdbuser = req.context.user;
    var template;
    var tpl_id;

    step(
        function checkPerms(){
            self.authApi.authorizedByAPIKey(cdbuser, req, this);
        },
        function updateTemplate(err, authenticated) {
            assert.ifError(err);
            ifUnauthenticated(authenticated, 'Only authenticated user can update templated maps');
            ifInvalidContentType(req, 'template PUT data must be of type application/json');

            template = req.body;
            tpl_id = templateName(req.params.template_id);
            self.templateMaps.updTemplate(cdbuser, tpl_id, template, this);
        },
        function prepareResponse(err){
            assert.ifError(err);

            return { template_id: tpl_id };
        },
        finishFn(self, req, res, 'PUT TEMPLATE', null, next)
    );
};

NamedMapsAdminController.prototype.retrieve = function(req, res, next) {
    var self = this;

    req.profiler.start('windshaft-cartodb.get_template');

    var cdbuser = req.context.user;
    var tpl_id;
    step(
        function checkPerms(){
            self.authApi.authorizedByAPIKey(cdbuser, req, this);
        },
        function getTemplate(err, authenticated) {
            assert.ifError(err);
            ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');

            tpl_id = templateName(req.params.template_id);
            self.templateMaps.getTemplate(cdbuser, tpl_id, this);
        },
        function prepareResponse(err, tpl_val) {
            assert.ifError(err);
            if ( ! tpl_val ) {
                err = new Error("Cannot find template '" + tpl_id + "' of user '" + cdbuser + "'");
                err.http_status = 404;
                throw err;
            }
            // auth_id was added by ourselves,
            // so we remove it before returning to the user
            delete tpl_val.auth_id;
            return { template: tpl_val };
        },
        finishFn(self, req, res, 'GET TEMPLATE', null, next)
    );
};

NamedMapsAdminController.prototype.destroy = function(req, res, next) {
    var self = this;

    req.profiler.start('windshaft-cartodb.delete_template');

    var cdbuser = req.context.user;
    var tpl_id;
    step(
        function checkPerms(){
            self.authApi.authorizedByAPIKey(cdbuser, req, this);
        },
        function deleteTemplate(err, authenticated) {
            assert.ifError(err);
            ifUnauthenticated(authenticated, 'Only authenticated users can delete template maps');

            tpl_id = templateName(req.params.template_id);
            self.templateMaps.delTemplate(cdbuser, tpl_id, this);
        },
        function prepareResponse(err/*, tpl_val*/){
            assert.ifError(err);
            return '';
        },
        finishFn(self, req, res, 'DELETE TEMPLATE', 204, next)
    );
};

NamedMapsAdminController.prototype.list = function(req, res, next) {
    var self = this;
    req.profiler.start('windshaft-cartodb.get_template_list');

    var cdbuser = req.context.user;

    step(
        function checkPerms(){
            self.authApi.authorizedByAPIKey(cdbuser, req, this);
        },
        function listTemplates(err, authenticated) {
            assert.ifError(err);
            ifUnauthenticated(authenticated, 'Only authenticated user can list templated maps');

            self.templateMaps.listTemplates(cdbuser, this);
        },
        function prepareResponse(err, tpl_ids){
            assert.ifError(err);
            return { template_ids: tpl_ids };
        },
        finishFn(self, req, res, 'GET TEMPLATE LIST', null, next)
    );
};

function finishFn(controller, req, res, description, status, next) {
    return function finish(err, response){
        if (err) {
            err.label = description;
            next(err);
        } else {
            controller.send(req, res, response, status || 200);
        }
    };
}

function ifUnauthenticated(authenticated, description) {
    if (!authenticated) {
        var err = new Error(description);
        err.http_status = 403;
        throw err;
    }
}

function ifInvalidContentType(req, description) {
    if (!req.is('application/json')) {
        throw new Error(description);
    }
}
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var step = require('step');`
			`var assert = require('assert');`
			`var templateName = require('../backends/template_maps').templateName;`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00
			`var util = require('util');`
			`var BaseController = require('./base');`

Manage cors with a middleware 2015-07-08 19:27:56 +08:00			`var cors = require('../middleware/cors');`
User extraction from request middleware Used only where potentially a user is required. It doesn't make sense to extract a user for request that don't need a user in the context. 2015-09-30 23:17:01 +08:00			`var userMiddleware = require('../middleware/user');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00

Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`/**`
			`* @param {AuthApi} authApi`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00			`* @param {PgConnection} pgConnection`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`* @param {TemplateMaps} templateMaps`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`* @constructor`
			`*/`
Inject prepare context middleware to controllers 2017-09-26 01:40:27 +08:00			`function NamedMapsAdminController(authApi, templateMaps) {`
			`BaseController.call(this);`
BaseController to encapsulate req2params method All controllers now extending BaseController - Most of the acceptance ported tests will be broken 2015-09-16 22:18:26 +08:00
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`this.authApi = authApi;`
Remove app dependency from controllers 2015-10-01 00:00:54 +08:00			`this.templateMaps = templateMaps;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`}`

Fix all ported tests related to req2params 2015-09-17 00:09:39 +08:00			`util.inherits(NamedMapsAdminController, BaseController);`

Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`module.exports = NamedMapsAdminController;`

Use express router to group controllers' enpoints and reuse common middleware for named maps admin controller 2017-09-22 22:45:34 +08:00			`NamedMapsAdminController.prototype.register = function (router) {`
			`router.options('/:template_id', cors('Content-Type'));`

			`router.use(`
			`cors(),`
			`userMiddleware`
			`);`

			`router.post('/', this.create.bind(this));`
			`router.put('/:template_id', this.update.bind(this));`
			`router.get('/:template_id', this.retrieve.bind(this));`
			`router.delete('/:template_id', this.destroy.bind(this));`
			`router.get('/', this.list.bind(this));`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.create = function(req, res, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var self = this;`

Context with user 2015-07-08 21:34:46 +08:00			`var cdbuser = req.context.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
			`step(`
			`function checkPerms(){`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`self.authApi.authorizedByAPIKey(cdbuser, req, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
Moved turbo-cartocss integration from named maps admin to named map provider 2016-03-12 01:28:14 +08:00			`function addTemplate(err, authenticated) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`assert.ifError(err);`
			`ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');`
			`ifInvalidContentType(req, 'template POST data must be of type application/json');`
			`var cfg = req.body;`
			`self.templateMaps.addTemplate(cdbuser, cfg, this);`
			`},`
			`function prepareResponse(err, tpl_id){`
			`assert.ifError(err);`
			`return { template_id: tpl_id };`
			`},`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`finishFn(self, req, res, 'POST TEMPLATE', null, next)`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`);`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.update = function(req, res, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var self = this;`

Context with user 2015-07-08 21:34:46 +08:00			`var cdbuser = req.context.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var template;`
			`var tpl_id;`
Now turbo-cartocss is also parsed in template modification. 2016-03-11 18:06:51 +08:00
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`step(`
			`function checkPerms(){`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`self.authApi.authorizedByAPIKey(cdbuser, req, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
Moved turbo-cartocss integration from named maps admin to named map provider 2016-03-12 01:28:14 +08:00			`function updateTemplate(err, authenticated) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`assert.ifError(err);`
Fixed typo 2016-03-14 18:18:32 +08:00			`ifUnauthenticated(authenticated, 'Only authenticated user can update templated maps');`
			`ifInvalidContentType(req, 'template PUT data must be of type application/json');`
Now turbo-cartocss is also parsed in template modification. 2016-03-11 18:06:51 +08:00
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`template = req.body;`
			`tpl_id = templateName(req.params.template_id);`
Moved turbo-cartocss integration from named maps admin to named map provider 2016-03-12 01:28:14 +08:00			`self.templateMaps.updTemplate(cdbuser, tpl_id, template, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
			`function prepareResponse(err){`
			`assert.ifError(err);`

			`return { template_id: tpl_id };`
			`},`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`finishFn(self, req, res, 'PUT TEMPLATE', null, next)`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`);`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.retrieve = function(req, res, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var self = this;`

Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.get_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Context with user 2015-07-08 21:34:46 +08:00			`var cdbuser = req.context.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var tpl_id;`
			`step(`
			`function checkPerms(){`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`self.authApi.authorizedByAPIKey(cdbuser, req, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
			`function getTemplate(err, authenticated) {`
			`assert.ifError(err);`
			`ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');`

			`tpl_id = templateName(req.params.template_id);`
			`self.templateMaps.getTemplate(cdbuser, tpl_id, this);`
			`},`
			`function prepareResponse(err, tpl_val) {`
More strict jshint 2015-07-15 21:03:28 +08:00			`assert.ifError(err);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`if ( ! tpl_val ) {`
			`err = new Error("Cannot find template '" + tpl_id + "' of user '" + cdbuser + "'");`
			`err.http_status = 404;`
			`throw err;`
			`}`
			`// auth_id was added by ourselves,`
			`// so we remove it before returning to the user`
			`delete tpl_val.auth_id;`
			`return { template: tpl_val };`
			`},`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`finishFn(self, req, res, 'GET TEMPLATE', null, next)`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`);`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.destroy = function(req, res, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var self = this;`

Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.delete_template');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Context with user 2015-07-08 21:34:46 +08:00			`var cdbuser = req.context.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var tpl_id;`
			`step(`
			`function checkPerms(){`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`self.authApi.authorizedByAPIKey(cdbuser, req, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
			`function deleteTemplate(err, authenticated) {`
			`assert.ifError(err);`
			`ifUnauthenticated(authenticated, 'Only authenticated users can delete template maps');`

			`tpl_id = templateName(req.params.template_id);`
			`self.templateMaps.delTemplate(cdbuser, tpl_id, this);`
			`},`
			`function prepareResponse(err/, tpl_val/){`
More strict jshint 2015-07-15 21:03:28 +08:00			`assert.ifError(err);`
Call send with correct params 2015-09-17 08:05:25 +08:00			`return '';`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`finishFn(self, req, res, 'DELETE TEMPLATE', 204, next)`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`);`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`NamedMapsAdminController.prototype.list = function(req, res, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`var self = this;`
Remove all conditional branches to call req.profiler req.profiler is created in a middleware for all requests. 2017-03-31 02:31:53 +08:00			`req.profiler.start('windshaft-cartodb.get_template_list');`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
Context with user 2015-07-08 21:34:46 +08:00			`var cdbuser = req.context.user;`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00
			`step(`
			`function checkPerms(){`
Authentication/Authorization moves to its own entity 2015-07-13 21:05:03 +08:00			`self.authApi.authorizedByAPIKey(cdbuser, req, this);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`},`
			`function listTemplates(err, authenticated) {`
			`assert.ifError(err);`
			`ifUnauthenticated(authenticated, 'Only authenticated user can list templated maps');`

			`self.templateMaps.listTemplates(cdbuser, this);`
			`},`
			`function prepareResponse(err, tpl_ids){`
			`assert.ifError(err);`
			`return { template_ids: tpl_ids };`
			`},`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`finishFn(self, req, res, 'GET TEMPLATE LIST', null, next)`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`);`
			`};`

Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`function finishFn(controller, req, res, description, status, next) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`return function finish(err, response){`
			`if (err) {`
Implement error-middleware to handle errors at top level 2017-09-21 17:46:31 +08:00			`err.label = description;`
			`next(err);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`} else {`
Call send with correct params 2015-09-17 08:05:25 +08:00			`controller.send(req, res, response, status \|\| 200);`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`}`
			`};`
			`}`

			`function ifUnauthenticated(authenticated, description) {`
			`if (!authenticated) {`
			`var err = new Error(description);`
			`err.http_status = 403;`
			`throw err;`
			`}`
			`}`

			`function ifInvalidContentType(req, description) {`
better style 2015-07-10 07:31:06 +08:00			`if (!req.is('application/json')) {`
Split named maps administration from instantiation/usage 2015-07-08 19:11:57 +08:00			`throw new Error(description);`
			`}`
			`}`