Move setDBAuth and setDBConn to PgConnection entity
- It uses cartodb-redis to retrieve datasource configuration
Start using it in ServerOptions, TemplateMaps and QueryTablesApi
QueryTablesApi don't receive anymore the connection/credentials
- It will always use an authenticated query to retrieve last update
- That will allow to query affected private tables last update
means the affected tables can have private tables involved.
That implies QueryTablesApi will need the proper user to use
CDB_QueryTables. So we store it in a request context to use it in
the afterLayergroupCreate call.
Tiles for these layergroups will fail to add a X-Cache-Channel
header because it won't be possible to use the proper user within
those tiles. Ok, they will fail if they are not requested through
the same tiler instance because if they are they most likely will
reuse the in memory cache.
See https://github.com/CartoDB/Windshaft-cartodb/issues/253
Make beforeLayergroupCreate to return a datasource with different
authentication for the different layers.
- Named layers will get access to private tables in case it's needed
Changes in MapConfigNamedLayersAdapter:
- It will retrieve the dbAuth params only if named layers are present so
there is no extra overhead for normal layers
- Rename queue function signature from `callback` to `done` so it is easier
to follow the code
Add several tests to validate `named` layers authentication
- Token validation is done against the template
- Template is always extended with default values for auth and placeholders
- MapConfig is extended, in order to validate auth_toknes, with template info:
- template name
- template auth
- No more locks to create, update or delete templates
- Trusting in redis' hash semantics
- Some tradeoffs:
* A client having more templates than allowed by a race condition
between limit (HLEN) check and creation (HSET)
* Updating a template could happen while the deleting it, resulting in
in a new template
* Templates already instantiated will be accessible thrught their
layergroup so it is possible to continue requesting tiles/grids/etc.
- Authorization is now handled by template maps
