Skip to content

Commit 4b29bcb

Browse files
abuismanabuisman
committed
Rework API key into token per query
1 parent fd9f4d6 commit 4b29bcb

File tree

4 files changed

+18
-6
lines changed

4 files changed

+18
-6
lines changed

lib/blazer/sharing.rb

+2-2
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,9 @@ def enabled?
1919
enabled
2020
end
2121

22-
def share_path(query_id, format: nil)
22+
def share_path(query_id, format: nil, token: nil)
2323
query = Query.find(query_id)
24-
"#{path}/#{query.secret_token}/#{query_id}#{".#{format}" if format}"
24+
"#{path}/#{token}/#{query_id}#{".#{format}" if format}"
2525
end
2626

2727
def url_for(query_id, current_url, format: 'csv')

test/internal/config/blazer.yml

+4
Original file line numberDiff line numberDiff line change
@@ -161,3 +161,7 @@ uploads:
161161
url: postgres://localhost/blazer_test
162162
schema: uploads
163163
data_source: main
164+
165+
sharing:
166+
path: /blazer_share
167+
enabled: true

test/internal/config/routes.rb

+2
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
11
Rails.application.routes.draw do
22
mount Blazer::Engine, at: "/"
3+
4+
get Blazer.sharing.route_path, to: Blazer.sharing.to_controller, as: :share_query if Blazer.sharing.enabled?
35
end

test/queries_test.rb

+10-4
Original file line numberDiff line numberDiff line change
@@ -78,11 +78,18 @@ def test_variables_time_range
7878

7979
def test_correct_token
8080
query = create_query(statement: "SELECT 1")
81-
get blazer.query_path(query, token: query.secret_token)
81+
get share_query_path(query.id, token: query.secret_token, format: 'csv')
82+
8283
assert_response :success
84+
assert_equal "text/csv", response.content_type
85+
end
8386

84-
get blazer.query_path(query, token: "x")
85-
assert_response :redirect
87+
def test_incorrect_token
88+
query = create_query(statement: "SELECT 1")
89+
get share_query_path(query.id, token: "x")
90+
91+
assert_response :forbidden
92+
assert_match "Access denied", response.body
8693
end
8794

8895
def test_variable_defaults
@@ -123,7 +130,6 @@ def test_share
123130
get blazer.query_share_path(query_id: query.id, token: query.secret_token, format: 'csv')
124131

125132
assert_response :success
126-
assert_match query.name, response.body
127133
end
128134

129135
def test_url

0 commit comments

Comments
 (0)