cartodb4
/
Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add middleware for apikeyToken

Browse Source
remotes/origin/project-auth-api
Eneko Lakasta 7 years ago
parent 963737d3fb
commit 5db0e9c8d8
9 changed files with 54 additions and 13 deletions
Show Stats Download Patch File Download Diff File

17
lib/cartodb/api/auth_api.js
Unescape View File

@ -54,21 +54,18 @@ function isValidApiKey(apikey) {
// Check if a request is authorized by api_key
//
// @param user
// @param req express request object
// @param res express response object
// @param callback function(err, authorized)
// NOTE: authorized is expected to be 0 or 1 (integer)
//
AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
var givenKey = req.query.api_key || req.query.map_key;
if ( ! givenKey && req.body ) {
// check also in request body
givenKey = req.body.api_key || req.body.map_key;
}
if ( ! givenKey ) {
AuthApi.prototype.authorizedByAPIKey = function(user, res, callback) {
const apikeyToken = res.locals.apikeyToken;
if ( ! apikeyToken ) {
return callback(null, false); // no api key, no authorization...
}
this.metadataBackend.getApikey(user, givenKey, (err, apikey) => {
this.metadataBackend.getApikey(user, apikeyToken, (err, apikey) => {
if (err) {
return callback(err);
}
@ -104,7 +101,7 @@ AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
AuthApi.prototype.authorize = function(req, res, callback) {
var user = res.locals.user;
this.authorizedByAPIKey(user, req, (err, isAuthorizedByApikey) => {
this.authorizedByAPIKey(user, res, (err, isAuthorizedByApikey) => {
if (err) {
return callback(err);
}

2
lib/cartodb/backends/pg_connection.js
Unescape View File

@ -31,7 +31,7 @@ PgConnection.prototype.setDBAuth = function(username, params, apikeyType, callba
return callback();
});
} else if (apikeyType === 'regular') {
this.metadataBackend.getApikey(username, params.api_key || params.map_key, (err, apikey) => {
this.metadataBackend.getApikey(username, params.apikeyToken, (err, apikey) => {
if (err) {
return callback(err);
}

2
lib/cartodb/controllers/named_maps_admin.js
Unescape View File

@ -70,7 +70,7 @@ NamedMapsAdminController.prototype.authorizedByAPIKey = function (action, label)
return function authorizedByAPIKeyMiddleware (req, res, next) {
const { user } = res.locals;
this.authApi.authorizedByAPIKey(user, req, (err, authenticated) => {
this.authApi.authorizedByAPIKey(user, res, (err, authenticated) => {
if (err) {
return next(err);
}

9
lib/cartodb/middleware/context/apikey-token.js
Unescape View File

@ -0,0 +1,9 @@
'use strict';
const getApikeyTokenFromRequest = require('../lib/get_api_key_token_from_request');
module.exports = () => function apikeyTokenMiddleware(req, res, next) {
res.locals.apikeyToken = getApikeyTokenFromRequest(req);
return next();
};

2
lib/cartodb/middleware/context/index.js
Unescape View File

@ -1,6 +1,7 @@
const locals = require('./locals');
const cleanUpQueryParams = require('./clean-up-query-params');
const layergroupToken = require('./layergroup-token');
const apikeyToken = require('./apikey-token');
const authorize = require('./authorize');
const dbConnSetup = require('./db-conn-setup');
@ -9,6 +10,7 @@ module.exports = function prepareContextMiddleware(authApi, pgConnection) {
locals,
cleanUpQueryParams(),
layergroupToken,
apikeyToken(),
authorize(authApi),
dbConnSetup(pgConnection)
];

2
lib/cartodb/api/get_api_key_token_from_request.js → lib/cartodb/middleware/lib/get_api_key_token_from_request.js
Unescape View File

@ -6,7 +6,7 @@ module.exports = function getApiKeyTokenFromRequest(req) {
let apiKeyToken = null;
for (var getter of apiKeyGetters) {
(apiKeyToken = getter(req));
apiKeyToken = getter(req);
if (apiKeyTokenFound(apiKeyToken)) {
break;
}

1
package.json
Unescape View File

@ -24,6 +24,7 @@
"Simon Martin <simon@carto.com>"
],
"dependencies": {
"basic-auth": "^2.0.0",
"body-parser": "^1.18.2",
"camshaft": "0.61.2",
"cartodb-psql": "0.10.2",

26
test/unit/cartodb/prepare-context.test.js
Unescape View File

@ -10,6 +10,7 @@ var TemplateMaps = require('../../../lib/cartodb/backends/template_maps');
const cleanUpQueryParamsMiddleware = require('../../../lib/cartodb/middleware/context/clean-up-query-params');
const authorizeMiddleware = require('../../../lib/cartodb/middleware/context/authorize');
const dbConnSetupMiddleware = require('../../../lib/cartodb/middleware/context/db-conn-setup');
const apikeyTokenMiddleware = require('../../../lib/cartodb/middleware/context/apikey-token');
const localsMiddleware = require('../../../lib/cartodb/middleware/context/locals');
var windshaft = require('windshaft');
@ -23,6 +24,7 @@ describe('prepare-context', function() {
let cleanUpQueryParams;
let dbConnSetup;
let authorize;
let setApikeyToken;
before(function() {
var redisPool = new RedisPool(global.environment.redis);
@ -35,6 +37,7 @@ describe('prepare-context', function() {
cleanUpQueryParams = cleanUpQueryParamsMiddleware();
authorize = authorizeMiddleware(authApi);
dbConnSetup = dbConnSetupMiddleware(pgConnection);
setApikeyToken = apikeyTokenMiddleware();
});
@ -180,4 +183,27 @@ describe('prepare-context', function() {
});
});
describe.only('Set apikey token', function(){
it('from query param', function (done) {
var req = {
headers: {
host: 'localhost'
},
query: {
api_quey: '1234',
}
};
var res = {};
setApikeyToken(prepareRequest(req), prepareResponse(res), function (err) {
if (err) {
return done(err);
}
var query = res.locals;
console.log(query);
assert.equal('1234', query.apikeyToken);
done();
});
});
});
});

6
yarn.lock
Unescape View File

@ -143,6 +143,12 @@ balanced-match@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
basic-auth@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.0.tgz#015db3f353e02e56377755f962742e8981e7bbba"
dependencies:
safe-buffer "5.1.1"
bcrypt-pbkdf@^1.0.0:
version "1.0.1"
resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz#63bc5dcb61331b92bc05fd528953c33462a06f8d"

Write Preview
Loading…
Cancel
Save