Expose client-side rate limit configuration interface

The client functions to make configuration changes are not publicly available
(require a super user) and they have username, orgname parameters like the
server-sixe functions
This commit is contained in:
Javier Goizueta 2017-03-22 16:31:45 +01:00
parent ef09840525
commit 7101c8d8e8
6 changed files with 108 additions and 59 deletions

View File

@ -421,3 +421,29 @@
params:
- { name: service, type: TEXT }
- { name: input_size, type: NUMERIC }
- name: cdb_service_get_rate_limit
return_type: json
params:
- { name: service, type: "text" }
- name: cdb_service_set_user_rate_limit
private: true
return_type: void
params:
- { name: service, type: "text" }
- { name: rate_limit, type: json }
- name: cdb_service_set_org_rate_limit
private: true
return_type: void
params:
- { name: service, type: "text" }
- { name: rate_limit, type: json }
- name: cdb_service_set_server_rate_limit
private: true
return_type: void
params:
- { name: service, type: "text" }
- { name: rate_limit, type: json }

View File

@ -17,7 +17,7 @@ class SqlTemplateRenderer
end
def render
ERB.new(@template).result(binding)
ERB.new(@template, nil, '-').result(binding)
end
def name
@ -44,16 +44,29 @@ class SqlTemplateRenderer
@function_signature['geocoder_config_key']
end
def params
@function_signature['params'].reject(&:empty?).map { |p| "#{p['name']}"}
def parameters_info(with_credentials)
parameters = []
if with_credentials
parameters << { 'name' => 'username', 'type' => 'text' }
parameters << { 'name' => 'orgname', 'type' => 'text' }
end
parameters + @function_signature['params'].reject(&:empty?)
end
def params_with_type
@function_signature['params'].reject(&:empty?).map { |p| "#{p['name']} #{p['type']}" }
def credentials_declaration()
"username text;\n orgname text;" if public_function?
end
def params_with_type_and_default
parameters = @function_signature['params'].reject(&:empty?).map do |p|
def params(with_credentials = !public_function?)
parameters_info(with_credentials).map { |p| p['name'].to_s }
end
def params_with_type(with_credentials = !public_function?)
parameters_info(with_credentials).map { |p| "#{p['name']} #{p['type']}" }
end
def params_with_type_and_default(with_credentials = !public_function?)
parameters = parameters_info(with_credentials).map do |p|
if not p['default'].nil?
"#{p['name']} #{p['type']} DEFAULT #{p['default']}"
else
@ -62,6 +75,49 @@ class SqlTemplateRenderer
end
return parameters
end
def public_function?
!@function_signature['private']
end
def void_return_type?
return_type.downcase == 'void'
end
def return_declaration
"ret #{return_type};" unless void_return_type? || multi_row
end
def return_statement(&block)
if block
erbout = block.binding.eval('_erbout')
if multi_row
erbout << 'RETURN QUERY SELECT * FROM '
elsif multi_field
erbout << 'SELECT * FROM '
elsif void_return_type?
erbout << 'PERFORM '
else
erbout << 'SELECT '
end
yield
if multi_row || void_return_type?
erbout << ';'
else
erbout << ' INTO ret;'
end
if !multi_row && !void_return_type?
erbout << ' RETURN ret;'
end
else
if !multi_row && !void_return_type?
' RETURN ret;'
end
end
end
end

View File

@ -7,9 +7,8 @@
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %> (<%= params_with_type_and_default.join(' ,') %>)
RETURNS <%= return_type %> AS $$
DECLARE
<% if not multi_row %>ret <%= return_type %>;<% end %>
username text;
orgname text;
<%= return_declaration if not multi_row %>
<%= credentials_declaration %>
BEGIN
IF session_user = 'publicuser' OR session_user ~ 'cartodb_publicuser_*' THEN
RAISE EXCEPTION 'The api_key must be provided';
@ -19,15 +18,7 @@ BEGIN
IF username IS NULL OR username = '' OR username = '""' THEN
RAISE EXCEPTION 'Username is a mandatory argument, check it out';
END IF;
<% if multi_row %>
RETURN QUERY
SELECT * FROM <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>);
<% elsif multi_field %>
SELECT * FROM <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>) INTO ret;
RETURN ret;
<% else %>
SELECT <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>) INTO ret;
RETURN ret;
<% end %>
<% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(true).join(', ') %>)<% end %>
END;
$$ LANGUAGE 'plpgsql' SECURITY DEFINER;

View File

@ -5,9 +5,8 @@
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>_exception_safe (<%= params_with_type_and_default.join(' ,') %>)
RETURNS <%= return_type %> AS $$
DECLARE
<% if not multi_row %>ret <%= return_type %>;<% end %>
username text;
orgname text;
<%= return_declaration %>
<%= credentials_declaration %>
_returned_sqlstate TEXT;
_message_text TEXT;
_pg_exception_context TEXT;
@ -21,41 +20,16 @@ BEGIN
RAISE EXCEPTION 'Username is a mandatory argument, check it out';
END IF;
<% if multi_row %>
BEGIN
RETURN QUERY
SELECT * FROM <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>);
<% return_statement do %><%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= params(true).join(', ') %>)<% end %>
EXCEPTION
WHEN OTHERS THEN
GET STACKED DIAGNOSTICS _returned_sqlstate = RETURNED_SQLSTATE,
_message_text = MESSAGE_TEXT,
_pg_exception_context = PG_EXCEPTION_CONTEXT;
RAISE WARNING USING ERRCODE = _returned_sqlstate, MESSAGE = _message_text, DETAIL = _pg_exception_context;
<%= return_statement %>
END;
<% elsif multi_field %>
BEGIN
SELECT * FROM <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>) INTO ret;
RETURN ret;
EXCEPTION
WHEN OTHERS THEN
GET STACKED DIAGNOSTICS _returned_sqlstate = RETURNED_SQLSTATE,
_message_text = MESSAGE_TEXT,
_pg_exception_context = PG_EXCEPTION_CONTEXT;
RAISE WARNING USING ERRCODE = _returned_sqlstate, MESSAGE = _message_text, DETAIL = _pg_exception_context;
RETURN ret;
END;
<% else %>
BEGIN
SELECT <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>(<%= ['username', 'orgname'].concat(params).join(', ') %>) INTO ret;
RETURN ret;
EXCEPTION
WHEN OTHERS THEN
GET STACKED DIAGNOSTICS _returned_sqlstate = RETURNED_SQLSTATE,
_message_text = MESSAGE_TEXT,
_pg_exception_context = PG_EXCEPTION_CONTEXT;
RAISE WARNING USING ERRCODE = _returned_sqlstate, MESSAGE = _message_text, DETAIL = _pg_exception_context;
RETURN ret;
END;
<% end %>
END;
$$ LANGUAGE 'plpgsql' SECURITY DEFINER;

View File

@ -1,9 +1,9 @@
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %> (<%= ['username text', 'organization_name text'].concat(params_with_type_and_default).join(', ') %>)
CREATE OR REPLACE FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %> (<%= params_with_type_and_default(true).join(', ') %>)
RETURNS <%= return_type %> AS $$
CONNECT <%= DATASERVICES_CLIENT_SCHEMA %>._server_conn_str();
<% if multi_field %>
SELECT * FROM <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= ['username', 'organization_name'].concat(params).join(', ') %>);
SELECT * FROM <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(true).join(', ') %>);
<% else %>
SELECT <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= ['username', 'organization_name'].concat(params).join(', ') %>);
SELECT <%= DATASERVICES_SERVER_SCHEMA %>.<%= name %> (<%= params(true).join(', ') %>);
<% end %>
$$ LANGUAGE plproxy;

View File

@ -1,2 +1,4 @@
<% if public_function? %>
GRANT EXECUTE ON FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>.<%= name %>(<%= params_with_type.join(', ') %>) TO publicuser;
GRANT EXECUTE ON FUNCTION <%= DATASERVICES_CLIENT_SCHEMA %>._<%= name %>_exception_safe(<%= params_with_type.join(', ') %> ) TO publicuser;
<% end %>