cartodb4/Windshaft-cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,465 Commits 1 Branch 311 Tags 39 MiB
b74a6624e3
Commit Graph

212 Commits

Author SHA1 Message Date
Raul Ochoa
c17af23a40 A non empty datasource from MapConfigNamedLayersAdapter.getLayers 
means the affected tables can have private tables involved.
That implies QueryTablesApi will need the proper user to use
CDB_QueryTables. So we store it in a request context to use it in
the afterLayergroupCreate call.

Tiles for these layergroups will fail to add a X-Cache-Channel
header because it won't be possible to use the proper user within
those tiles. Ok, they will fail if they are not requested through
the same tiler instance because if they are they most likely will
reuse the in memory cache.

See https://github.com/CartoDB/Windshaft-cartodb/issues/253
 2015-02-04 19:31:20 +01:00
Raul Ochoa
2c7bc6adde Datasource to give per-layer authentication in named layers 
Make beforeLayergroupCreate to return a datasource with different
 authentication for the different layers.
 - Named layers will get access to private tables in case it's needed

Changes in MapConfigNamedLayersAdapter:
  - It will retrieve the dbAuth params only if named layers are present so
  there is no extra overhead for normal layers
  - Rename queue function signature from `callback` to `done` so it is easier
  to follow the code

Add several tests to validate `named` layers authentication
 2015-02-04 11:30:36 +01:00
Raul Ochoa
d0ef87b0cf Add a before layergroup creation action to allow first level named 
maps layer type to be extended as other layers
 2015-01-30 15:31:49 +01:00
Raul Ochoa
e28fe1fdc0 Initialize template maps in server options 2015-01-30 15:30:13 +01:00
Raul Ochoa
aecb07b008 Create redis pool in server options when not supplied 2015-01-30 15:28:55 +01:00
Raul Ochoa
6e70518146 Split between old cache_enabled and new purge_enabled configuration 2015-01-23 17:46:16 +01:00
Raul Ochoa
885accdadf Adds varnish http port to the default configurations 2015-01-23 16:36:45 +01:00
Raul Ochoa
20eb92a3b1 Remove signedmaps and locks functionality as it is no longer needed 2015-01-22 19:28:59 +01:00
Raul Ochoa
e8ab3a48c6 Removes TemplateMaps dependency on SignedMaps 
- Token validation is done against the template
 - Template is always extended with default values for auth and placeholders
 - MapConfig is extended, in order to validate auth_toknes, with template info:
    - template name
    - template auth
 - No more locks to create, update or delete templates
    - Trusting in redis' hash semantics
    - Some tradeoffs:
        * A client having more templates than allowed by a race condition
        between limit (HLEN) check and creation (HSET)
        * Updating a template could happen while the deleting it, resulting in
        in a new template
        * Templates already instantiated will be accessible thrught their
        layergroup so it is possible to continue requesting tiles/grids/etc.
 - Authorization is now handled by template maps
 2015-01-22 15:40:40 +01:00
Raul Ochoa
caa05e779a Add scale_factor param as valid one 2015-01-14 18:11:13 +01:00
Raul Ochoa
48d60821a7 Exposes http renderer config 2014-12-01 18:43:40 +01:00
Raul Ochoa
c88330f5f2 Allow a different cache-control max-age for layergroup responses 2014-10-24 16:05:41 +02:00
Raul Ochoa
cf5e34eae6 Upgrades Windshaft to start reporting redis/renderers/mapnik pool metrics 2014-10-15 16:45:49 +02:00
Raul Ochoa
9f5faf7cf8 Server options to instantiate cartodb-redis with redis configuration if pool is not provided 2014-10-14 21:19:44 +02:00
Raul Ochoa
7009eb20f8 Check style fixes 2014-09-24 11:42:53 +02:00
Raul Ochoa
24cbd192aa Share one redis-mpool across the application 2014-09-24 11:42:36 +02:00
Raul Ochoa
9496d83d1c Adds poolSize configuration for mapnik 2014-09-18 19:06:45 +02:00
Raul Ochoa
2b2020b43b Removes getTableGeometryType metric 2014-08-25 19:09:54 +02:00
Raul Ochoa
a3a5964926 Upgrades dependencies 2014-08-14 19:54:45 +02:00
Raul Ochoa
6a8cff6fcd Merge branch 'remove-mapnik-dependency' 
Conflicts:
	NEWS.md
 2014-08-14 19:26:52 +02:00
Raul Ochoa
23a7684208 Removes mapnik dependency as it now relies on Windshaft to check mapnik version 2014-08-14 18:27:54 +02:00
Raul Ochoa
e7ab71c606 Merge branch 'master' into CDB-3686 2014-08-11 12:19:11 +02:00
Raul Ochoa
2ed656ca0d Upgrades windshaft (and grainstore) to be able to specify the tile 
format, see: https://github.com/mapnik/mapnik/wiki/OutputFormats
 2014-08-07 01:57:21 +02:00
Raul Ochoa
5cf79c82bb Configurable QueryTablesAPI to call directly postgresql using cartodb-psql 
or to keep using a request to the SQL API
 2014-08-06 21:48:08 +02:00
Raul Ochoa
3af45e1a32 Moves calls to SQL API to its own entity. 
Groups affected tables and last updated time for affected tables into one request.
 2014-07-30 13:46:46 +02:00
Raul Ochoa
75088c89d3 Style fixes 2014-07-30 13:45:53 +02:00
Raul Ochoa
f756b9d77f Removes search_path param 2014-07-04 12:18:35 +02:00
Raul Ochoa
bfdcee3772 Retrieving db public user from redis. It uses a new multiget method from cartodb-redis 2014-07-03 21:39:47 +02:00
Raul Ochoa
470aea22d9 Sets full search_path 2014-07-03 10:24:37 +02:00
javi
3806ad8843 Merge remote-tracking branch 'origin/CDB-2891-search_path' into multiuser 2014-06-27 09:10:39 +02:00
Raul Ochoa
037ce2dc12 CDB-2891 Exposes username as search_path in params 2014-06-27 00:48:48 +01:00
javi
338c0bcdbe use regclass instead table name to look for last_updated in CDB_tablemetadata 2014-06-26 15:00:55 +02:00
Raul Ochoa
5e73b12cf5 CDB-3256 adds headers based on affected tables when creating a layergroup via HTTP GET 2014-06-24 12:16:30 +02:00
Sandro Santilli
882ec65ba0 Use signer's map_key when contacting sql-api 
Includes testcase.
Fixes #188
 2014-04-08 09:44:49 +02:00
javi
5bfc360856 added serverMetadata option for layer group, close #182 CDB-1940 2014-03-06 15:19:12 +01:00
Sandro Santilli
ffda103d61 Do not UNWATCH on every redis client release 
Closes #161
 2014-03-04 15:36:08 +01:00
Sandro Santilli
ecc9ea1226 Use 403 for forbidden, not 401 
Includes upgrade of windshaft to 0.19.3
Includes upgrade of redis-mpool to 0.0.4
 2014-03-04 15:32:31 +01:00
Sandro Santilli
30eb939dc7 Fix error message on missing requested signature 
We don't really distinguish between missing or non-authorizing
signature. And that's fine. See #170
 2014-03-03 18:14:17 +01:00
Sandro Santilli
40a254922a Raise 403 forbidden on missing requested signature 
Closes #170
Includes testcase
 2014-03-03 18:06:39 +01:00
Sandro Santilli
ddd2628c19 Fix database connection settings on template instanciation 
Closes #174
Enhances testsuite to ensure test.js settings are read
 2014-02-28 15:56:31 +01:00
Sandro Santilli
f46dc90035 Forbid using map signatures of foreign users 
Closes #173
Includes testcase
 2014-02-28 13:24:38 +01:00
Sandro Santilli
55f333c0b7 Call userByReq() only once in req2params 2014-02-27 16:40:59 +01:00
Sandro Santilli
f24e4f8a0a Really skip CDB_TableMetadata lookup for sql affected by no tables 
Closes #169
 2014-02-27 15:34:09 +01:00
Sandro Santilli
36632c762e Do not query CDB_TableMetadata for queries affected by no tables 
Closes #16
 2014-02-27 12:32:34 +01:00
Sandro Santilli
f284362988 Reduce sql-api communication timeout, and allow overriding it 
Introduces new sqlapi.timeout directive, defaults to 100 ms
Includes testcase.
Closes #167
 2014-02-27 10:33:32 +01:00
Sandro Santilli
09ea924eb2 Allow using GET with sql-api for queries shorter than configured len 
Introduces new sqlapi.max_get_sql_length directive, defaults to 2048.
Closes #155
Includes testcases.
 2014-02-20 10:17:48 +01:00
Sandro Santilli
c8a042abdd Expand "addCacheChannel" stats 2014-02-19 18:10:33 +01:00
Sandro Santilli
6c6f3d02f6 Always generate X-Cache-Channel for token-based tile responses 
Closes #152
 2014-02-19 10:09:54 +01:00
Sandro Santilli
36a135f02b Refactor addCacheChannel using Step 2014-02-19 07:19:41 +01:00
Sandro Santilli
1c3734fde7 Make server_option a callable function, to reduce globals 
Updates acceptance test for #152 to not mess wit internals
 2014-02-19 06:45:29 +01:00
Sandro Santilli
3c09be64ce Add pending test for X-Cache-Channel on tiler restart (#152) 2014-02-18 18:33:00 +01:00
Sandro Santilli
c14378ca5d Avoid checking for table privacy when not using table maps 
See #147
 2014-02-17 18:20:18 +01:00
Sandro Santilli
26b9c8123d Set maxSocket to allow more than 5 concurrent connections to sql-api 2014-02-17 18:03:11 +01:00
Sandro Santilli
1f2e4edd35 Comments cleanup 2014-02-17 11:10:08 +01:00
Sandro Santilli
def474c611 Skip getting geometry type if request has no table 2014-02-14 12:26:34 +01:00
Sandro Santilli
c1b2d16119 rename tablePrivacy_getUserDBName profile label 2014-02-14 11:47:43 +01:00
Sandro Santilli
678d653ee9 Allow configuring TTL of mapConfigs via "mapConfigTTL" 2014-02-13 15:44:54 +01:00
Sandro Santilli
b673cb2a1f Add more detailed profile info about the "authorize" step 
Closes #142
 2014-02-13 10:25:28 +01:00
Sandro Santilli
e88e49001a Do not retrive user's api key if no api key was provided 
Reduces redis interaction, see #142
 2014-02-13 10:16:11 +01:00
Sandro Santilli
bf45bbea56 Do not send multiple equal commands to Varnish on connect 
Closes #135
Also accept varnish "secret" in config
 2014-02-12 16:14:27 +01:00
javi
01feeae6f4 include state configuration for windshaft fixes #139 2014-02-12 15:27:42 +01:00
Sandro Santilli
a948038ff4 Disable debug logging unless "debug" config param evaluates to true 
Closes #137
 2014-02-11 16:34:43 +01:00
Sandro Santilli
8c013ed2d1 Rename Step function in setDBConn 2014-02-11 13:42:44 +01:00
Sandro Santilli
7a749631e8 Fix profiler labels 2014-02-11 13:40:17 +01:00
Sandro Santilli
747f4803ba Include hash of template in the maptoken returned from instanciation 
Doing so basically removes the need to include the template identifier
in the surrogate keys of the responses for resources fetched via
the instance whenever template is updated. See #105
 2014-02-10 15:30:35 +01:00
Sandro Santilli
fe6e915c0d Always set database access parameters from req2params 
Fixes privileged database access from unauthorized users while
fetching torque tiles or feature attributes (unreleased feature).
Closes #132.

Includes testcase, which closes #119
 2014-02-07 18:08:41 +01:00
Sandro Santilli
9018e39762 Make endpoints configurable 
Closes #127
Uses /api/v1/maps* in the production and staging example configs,
keeps /maps* for development and test (they are examples...)
 2014-02-05 15:14:47 +01:00
Sandro Santilli
a964ed5fe6 Implement Unified Map API 
Closes #126
 2014-02-04 19:04:59 +01:00
Sandro Santilli
b862904506 Be explicit about the map output srid configuration 2014-02-04 16:26:26 +01:00
Sandro Santilli
978ea9cd04 Fix sqlapi request header to be "Host", not "Hostname" 
Closes (better) #117 -- automated test included
 2014-01-30 16:46:26 +01:00
Sandro Santilli
ca4f3d2025 Re-introduce sqlapi.host directive, allowing DNS lookups drop 
For backward compatibility, sqlapi.host is only used if domain
is also defined and has a different value (empty string allowed).

Closes #117
 2014-01-30 16:12:37 +01:00
Sandro Santilli
1f0faba71c Stop processing XML on renderer creation 
Not needed anymore since 1.6.1 introduced on-demand XML generation.
 2014-01-30 11:14:52 +01:00
javi
92ca447c06 fixed #91 2014-01-28 12:05:01 +01:00
Sandro Santilli
5772c81590 Fix support for long (>64k chars) queries in layergroup creation 
Closes #111. Includes testcase.
 2014-01-16 17:20:30 +01:00
Sandro Santilli
4ee4492490 Yet another username extraction fix. Thanks again @demimismo. 
Closes #100 (yet again)
 2014-01-09 16:46:47 +01:00
Sandro Santilli
fcd17692ee Fix username extraction in another two places. Thanks @demimismo. 
Closes #100 (again)
 2014-01-09 15:36:16 +01:00
Sandro Santilli
50a902a90b Fix english of error message for sql-api connection problems 2013-12-18 12:59:26 +01:00
Sandro Santilli
0f90d687c7 Implement signed teplate maps 
Closes #98

Raises minimum required redis version to 2.4.0+ (Debian stable has 2.4.14)
 2013-12-17 17:39:21 +01:00
Sandro Santilli
84b7d78ea4 Add an utility authorizedByAPIKey method for reuse 2013-12-17 17:17:17 +01:00
Sandro Santilli
73a065c1cc Make sure user from domain is always computed locally 
Involved upgrade of cartodb-redis to 0.3.0
Really closes #100
 2013-12-17 17:17:17 +01:00
Sandro Santilli
1f693c6c78 Add 'user_from_host' directive to generalize username extraction 
Closes #100
Default extractor is backward compatible
 2013-12-17 17:17:17 +01:00
Sandro Santilli
e9db535dd8 Drop the idea that we can distinguish a "dbowner" from the domain 
We only recognize "users"
 2013-12-17 17:17:17 +01:00
Sandro Santilli
7b7408dab7 Revert "Drop /map_metadata API entry point" 
This reverts commit b37b07a06a1dd3cf05d60f4aa613ab5c48b90700.

This was too light of a decision...
 2013-12-17 17:17:17 +01:00
Sandro Santilli
9c897a91a9 Drop /map_metadata API entry point 
Closes #101
 2013-12-17 17:17:17 +01:00
Sandro Santilli
38342a7f5f Refactor req2params to make setting db credential easier 2013-12-17 17:17:16 +01:00
Sandro Santilli
276422f4be Set grainstore's GC run probability, for documentation purpose 
It sets it to the current grainstore default, so nothing changes.
 2013-12-17 17:17:16 +01:00
Sandro Santilli
385022de80 Revert "fixed #91" -- the fix was for an unconfirmed bug 
This reverts commit 9155724082.
See #38 for further action
 2013-12-17 17:17:16 +01:00
javi
a378fc4e68 fixed #91 2013-12-17 17:17:16 +01:00
javi
01de288c35 fixed #96 2013-12-17 17:17:15 +01:00
Sandro Santilli
cc09a8b66f Update to cartodb-redis 0.1.0 2013-12-17 17:17:15 +01:00
Sandro Santilli
a60a3adc12 CartoDB redis interaction delegated to "cartodb-redis" module 2013-12-17 17:17:14 +01:00
Sandro Santilli
12f0826d32 Do not force ending dot in SQL-API hostname, for easier testing 2013-12-17 17:17:14 +01:00
Sandro Santilli
07cb36ebc7 Read user's database_host from redis, when available (#88) 
Still lacks a testcase
 2013-12-17 17:17:14 +01:00
Sandro Santilli
d7c82e7a51 Indent fixes 2013-12-17 17:17:14 +01:00
Sandro Santilli
eb51d18012 Add support for specifying database connection passwords 2013-12-17 17:17:13 +01:00
Sandro Santilli
a27cf1b41c Do not let anonymous requests use authorized renderer caches 
Puts dbuser in params, for correct use by Windshaft renderer cache.
Before this fix, and after commit 1c9f63c9, the renderer cache key
did not contain the db user.
 2013-12-17 17:17:12 +01:00
Sandro Santilli
f5c24cf252 Add more profile slots 2013-12-17 17:17:11 +01:00
Sandro Santilli
dbf6bb5fca Only use sqlapi configuration "host" if "domain" is undefined 
We'll consider an empty string domain as valid (it's actually used
for testsuite).
 2013-12-17 17:17:11 +01:00
Javier Arce
d4d5272bf2 Sets the sqlapi domain. Fixes #82 2013-12-17 17:17:11 +01:00
Sandro Santilli
633e8d164b Rename sqlapi.host configuration to sqlapi.domain. Closes #79. 
Support for "host" is retained for backward compatibility.
 2013-08-21 10:11:30 +02:00