cartodb4/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract token param to a middleware

Browse Source
This commit is contained in:
Daniel García Aubert 2017-09-22 18:49:21 +02:00
parent f7b9287c93
commit 0e8fb68794
1 changed files with 43 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/cartodb/middleware/prepare-context.js
View File

@ -36,38 +36,52 @@ module.exports = function prepareContextMiddleware (authApi, pgConnection) {
next(); next();
}, },
function prepareContext (req, res, next) { function parseTokenParam (req, res, next) {
if (!req.params.token) {
return next();
}
var user = req.context.user; var user = req.context.user;
if ( req.params.token ) {
// Token might match the following patterns: // Token might match the following patterns:
// - {user}@{tpl_id}@{token}:{cache_buster} // - {user}@{tpl_id}@{token}:{cache_buster}
var tksplit = req.params.token.split(':'); var tksplit = req.params.token.split(':');
req.params.token = tksplit[0]; req.params.token = tksplit[0];
if ( tksplit.length > 1 ) { if ( tksplit.length > 1 ) {
req.params.cache_buster= tksplit[1]; req.params.cache_buster= tksplit[1];
} }
tksplit = req.params.token.split('@'); tksplit = req.params.token.split('@');
if ( tksplit.length > 1 ) { if ( tksplit.length > 1 ) {
req.params.signer = tksplit.shift(); req.params.signer = tksplit.shift();
if ( ! req.params.signer ) { if ( ! req.params.signer ) {
req.params.signer = user; req.params.signer = user;
} } else if ( req.params.signer !== user ) {
else if ( req.params.signer !== user ) {
var err = new Error( var err = new Error(
'Cannot use map signature of user "' + req.params.signer + '" on db of user "' + user + '"' `Cannot use map signature of user "${req.params.signer}" on db of user "${user}"`
); );
err.http_status = 403; err.http_status = 403;
req.profiler.done('req2params'); req.profiler.done('req2params');
next(err);
return; return next(err);
} }
if ( tksplit.length > 1 ) {
/*var template_hash = */tksplit.shift(); // unused // skip template hash
if (tksplit.length > 1) {
tksplit.shift();
} }
req.params.token = tksplit.shift(); req.params.token = tksplit.shift();
} }
}
next();
},
function prepareContext (req, res, next) {
var user = req.context.user;
// bring all query values onto req.params object // bring all query values onto req.params object
_.extend(req.params, req.query); _.extend(req.params, req.query);