Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

when serving styles, look in a whitelisted set of urls to also see when we can add the key parameter to the url. also allow configuration of the parameter name.

Browse source
This commit is contained in:
Joseph Canero 2017-10-03 15:30:37 -04:00
parent 82f179b07c
commit 9b673638e3
2 changed files with 146 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
src/serve_style.js
View file

@ -1,7 +1,9 @@
'use strict'; 'use strict';
var path = require('path'), var path = require('path'),
fs = require('fs'); fs = require('fs'),
nodeUrl = require('url'),
querystring = require('querystring');
var clone = require('clone'), var clone = require('clone'),
express = require('express'); express = require('express');
@ -62,24 +64,53 @@ module.exports = function(options, repo, params, id, reportTiles, reportFont) {
repo[id] = styleJSON; repo[id] = styleJSON;
var isWhitelistedUrl = function (url) {
if (!options.auth || !Array.isArray(options.auth.keyDomains) || options.auth.keyDomains.length === 0) {
return false;
}
for (var i = 0; i < options.auth.keyDomains.length; i++) {
var keyDomain = options.auth.keyDomains[i];
if (!keyDomain || (typeof keyDomain !== 'string') || keyDomain.length === 0) {
continue;
}
if (url.indexOf(keyDomain) === 0) {
return true;
}
}
return false;
}
app.get('/' + id + '/style.json', function (req, res, next) { app.get('/' + id + '/style.json', function (req, res, next) {
var fixUrl = function (url, opt_nokey, opt_nostyle) { var fixUrl = function (url, opt_nokey, opt_nostyle) {
if (!url || (typeof url !== 'string') || url.indexOf('local://') !== 0) { if (!url || (typeof url !== 'string') || (url.indexOf('local://') !== 0 && !isWhitelistedUrl(url))) {
return url; return url;
} }
var queryParams = [];
var queryParams = {};
if (!opt_nostyle && global.addStyleParam) { if (!opt_nostyle && global.addStyleParam) {
queryParams.push('style=' + id); queryParams.style = id;
} }
if (!opt_nokey && req.query.key) { if (!opt_nokey && req.query[options.auth.keyName]) {
queryParams.unshift('key=' + req.query.key); queryParams[options.auth.keyName] = req.query[options.auth.keyName];
} }
var query = '';
if (queryParams.length) { if (url.indexOf('local://') === 0) {
query = '?' + queryParams.join('&'); var query = querystring.stringify(queryParams);
if (query.length) {
query = '?' + query;
} }
return url.replace( return url.replace(
'local://', req.protocol + '://' + req.headers.host + '/') + query; 'local://', req.protocol + '://' + req.headers.host + '/') + query;
} else { // whitelisted url. might have existing parameters
var parsedUrl = nodeUrl.parse(url);
var parsedQS = querystring.parse(url.query);
var newParams = Object.assign(parsedQS, queryParams);
parsedUrl.search = querystring.stringify(parsedQS);
return url.format(parsedUrl);
}
}; };
var styleJSON_ = clone(styleJSON); var styleJSON_ = clone(styleJSON);

5
src/server.js
View file

@ -66,6 +66,11 @@ function start(opts) {
} }
var options = config.options || {}; var options = config.options || {};
options.auth = options.auth || {};
options.auth.keyName = options.auth.keyName || 'key';
options.auth.keyDomains = options.auth.keyDomains || [];
var paths = options.paths || {}; var paths = options.paths || {};
options.paths = paths; options.paths = paths;
paths.root = path.resolve( paths.root = path.resolve(