Windshaft-cartodb/lib/api/map/dataview-layergroup-controller.js

'use strict';

const tag = require('../middlewares/tag');
const layergroupToken = require('../middlewares/layergroup-token');
const cleanUpQueryParams = require('../middlewares/clean-up-query-params');
const credentials = require('../middlewares/credentials');
const dbConnSetup = require('../middlewares/db-conn-setup');
const authorize = require('../middlewares/authorize');
const rateLimit = require('../middlewares/rate-limit');
const { RATE_LIMIT_ENDPOINTS_GROUPS } = rateLimit;
const createMapStoreMapConfigProvider = require('../middlewares/map-store-map-config-provider');
const cacheControlHeader = require('../middlewares/cache-control-header');
const cacheChannelHeader = require('../middlewares/cache-channel-header');
const surrogateKeyHeader = require('../middlewares/surrogate-key-header');
const lastModifiedHeader = require('../middlewares/last-modified-header');

const ALLOWED_DATAVIEW_QUERY_PARAMS = [
    'filters', // json
    'own_filter', // 0, 1
    'no_filters', // 0, 1
    'bbox', // w,s,e,n
    'circle', // json
    'polygon', // json
    'start', // number
    'end', // number
    'column_type', // string
    'bins', // number
    'aggregation', // string
    'offset', // number
    'q', // widgets search
    'categories' // number
];

module.exports = class DataviewLayergroupController {
    constructor (
        dataviewBackend,
        pgConnection,
        mapStore,
        userLimitsBackend,
        layergroupAffectedTablesCache,
        authBackend,
        surrogateKeysCache
    ) {
        this.dataviewBackend = dataviewBackend;
        this.pgConnection = pgConnection;
        this.mapStore = mapStore;
        this.userLimitsBackend = userLimitsBackend;
        this.layergroupAffectedTablesCache = layergroupAffectedTablesCache;
        this.authBackend = authBackend;
        this.surrogateKeysCache = surrogateKeysCache;
    }

    route (mapRouter) {
        // Undocumented/non-supported API endpoint methods.
        // Use at your own peril.

        mapRouter.get('/:token/dataview/:dataviewName', this.middlewares({
            action: 'get',
            rateLimitGroup: RATE_LIMIT_ENDPOINTS_GROUPS.DATAVIEW
        }));

        mapRouter.get('/:token/:layer/widget/:dataviewName', this.middlewares({
            action: 'get',
            rateLimitGroup: RATE_LIMIT_ENDPOINTS_GROUPS.DATAVIEW
        }));

        mapRouter.get('/:token/dataview/:dataviewName/search', this.middlewares({
            action: 'search',
            rateLimitGroup: RATE_LIMIT_ENDPOINTS_GROUPS.DATAVIEW_SEARCH
        }));

        mapRouter.get('/:token/:layer/widget/:dataviewName/search', this.middlewares({
            action: 'search',
            rateLimitGroup: RATE_LIMIT_ENDPOINTS_GROUPS.DATAVIEW_SEARCH
        }));
    }

    middlewares ({ action, rateLimitGroup }) {
        return [
            tag({ tags: ['dataview', action] }),
            layergroupToken(),
            credentials(),
            authorize(this.authBackend),
            dbConnSetup(this.pgConnection),
            rateLimit(this.userLimitsBackend, rateLimitGroup),
            cleanUpQueryParams(ALLOWED_DATAVIEW_QUERY_PARAMS),
            createMapStoreMapConfigProvider(
                this.mapStore,
                this.userLimitsBackend,
                this.pgConnection,
                this.layergroupAffectedTablesCache
            ),
            action === 'search' ? dataviewSearch(this.dataviewBackend) : getDataview(this.dataviewBackend),
            cacheControlHeader(),
            cacheChannelHeader(),
            surrogateKeyHeader({ surrogateKeysCache: this.surrogateKeysCache }),
            lastModifiedHeader()
        ];
    }
};

function getDataview (dataviewBackend) {
    return function getDataviewMiddleware (req, res, next) {
        const { user, mapConfigProvider } = res.locals;
        const { dataviewName } = req.params;
        const { dbuser, dbname, dbpassword, dbhost, dbport } = res.locals;

        const params = Object.assign({ dataviewName, dbuser, dbname, dbpassword, dbhost, dbport }, req.query);

        dataviewBackend.getDataview(mapConfigProvider, user, params, (err, dataview, stats = {}) => {
            req.profiler.add(stats);

            if (err) {
                err.label = 'GET DATAVIEW';
                return next(err);
            }

            res.statusCode = 200;
            res.body = dataview;

            next();
        });
    };
}

function dataviewSearch (dataviewBackend) {
    return function dataviewSearchMiddleware (req, res, next) {
        const { user, mapConfigProvider } = res.locals;
        const { dataviewName } = req.params;
        const { dbuser, dbname, dbpassword, dbhost, dbport } = res.locals;

        const params = Object.assign({ dbuser, dbname, dbpassword, dbhost, dbport }, req.query);

        dataviewBackend.search(mapConfigProvider, user, dataviewName, params, (err, searchResult, stats = {}) => {
            req.profiler.add(stats);

            if (err) {
                err.label = 'GET DATAVIEW SEARCH';
                return next(err);
            }

            res.statusCode = 200;
            res.body = searchResult;

            next();
        });
    };
}