- Token validation is done against the template
- Template is always extended with default values for auth and placeholders
- MapConfig is extended, in order to validate auth_toknes, with template info:
- template name
- template auth
- No more locks to create, update or delete templates
- Trusting in redis' hash semantics
- Some tradeoffs:
* A client having more templates than allowed by a race condition
between limit (HLEN) check and creation (HSET)
* Updating a template could happen while the deleting it, resulting in
in a new template
* Templates already instantiated will be accessible thrught their
layergroup so it is possible to continue requesting tiles/grids/etc.
- Authorization is now handled by template maps
Fixes privileged database access from unauthorized users while
fetching torque tiles or feature attributes (unreleased feature).
Closes#132.
Includes testcase, which closes#119
Puts dbuser in params, for correct use by Windshaft renderer cache.
Before this fix, and after commit 1c9f63c9, the renderer cache key
did not contain the db user.
If the request is authenticated (with map_key) then we log as the
database owner, otherwise we log as the default user.
The default user is now "publicuser" by default.
Raises dependency on Windshaft to 0.4.9+, to get the grainstore
version allowing override of database username.
Add test for req2params function, particularly authentication,
Add test for authenticated / unauthenticated access
