Merge pull request #384 from diox/anonymize-ALL-the-things

Make search / featured / categories endpoint calls anonymously (bug 975413)
mozilla · Mar 6, 2014 · 6778c8a · 6778c8a
2 parents 6aebe99 + 843a4ad
commit 6778c8a
Show file tree

Hide file tree

Showing 10 changed files with 51 additions and 18 deletions.
diff --git a/hearth/media/js/cat-dropdown.js b/hearth/media/js/cat-dropdown.js
@@ -23,7 +23,7 @@ define('cat-dropdown',
 
     // Do the request out here so it happens immediately when the app loads.
     var categoryReq = consumer_info.promise.then(function() {
-        return requests.get(urls.api.url('categories'));
+        return requests.get(urls.api.unsigned.url('categories'));
     });
     // Store the categories in models.
     categoryReq.done(function(data) {

diff --git a/hearth/media/js/helpers.js b/hearth/media/js/helpers.js
@@ -118,6 +118,7 @@ define('helpers',
     var helpers = {
         api: require('urls').api.url,
         apiParams: require('urls').api.params,
+        anonApiParams: require('urls').api.unsigned.params,
         url: require('urls').reverse,
         media: require('urls').media,
 

diff --git a/hearth/media/js/marketplace.js b/hearth/media/js/marketplace.js
@@ -160,7 +160,7 @@ function(_) {
     }).trigger('reload_chrome');
 
     z.page.on('before_login before_logout', function() {
-        var cat_url = require('urls').api.url('categories');
+        var cat_url = require('urls').api.unsigned.url('categories');
         require('cache').purge(function(key) {return key != cat_url;});
     });
 

diff --git a/hearth/media/js/rewriters.js b/hearth/media/js/rewriters.js
@@ -42,12 +42,12 @@ define('rewriters',
 
     return [
         // Search pagination rewriter
-        pagination(urls.api.unsigned.url('search')),
+        pagination(urls.api.base.url('search')),
 
         // Category pagination rewriter
-        pagination(urls.api.unsigned.url('category')),
+        pagination(urls.api.base.url('category')),
 
         // My Apps pagination rewriter
-        pagination(urls.api.unsigned.url('installed'))
+        pagination(urls.api.base.url('installed'))
     ];
 });
diff --git a/hearth/media/js/urls.js b/hearth/media/js/urls.js
@@ -43,16 +43,29 @@ define('urls',
             if (user.logged_in()) {
                 args._user = user.get_token();
             }
-            var blacklist = settings.api_param_blacklist || [];
-            for (var key in args) {
-                if (!args[key] || blacklist.indexOf(key) !== -1) {
-                    delete args[key];
-                }
-            }
+            _removeBlacklistedParams(args);
+            return require('utils').urlparams(out, args);
+        };
+    }
+
+    function _anonymousArgs(func) {
+        return function() {
+            var out = func.apply(this, arguments);
+            var args = api_args();
+            _removeBlacklistedParams(args);
             return require('utils').urlparams(out, args);
         };
     }
 
+    function _removeBlacklistedParams(args) {
+        var blacklist = settings.api_param_blacklist || [];
+        for (var key in args) {
+            if (!args[key] || blacklist.indexOf(key) !== -1) {
+                delete args[key];
+            }
+        }
+    }
+
     function api(endpoint, args, params) {
         if (!(endpoint in api_endpoints)) {
             console.error('Invalid API endpoint: ' + endpoint);
@@ -86,7 +99,12 @@ define('urls',
             url: _userArgs(api),
             params: _userArgs(apiParams),
             sign: _userArgs(function(url) {return url;}),
+            unsign: _anonymousArgs(function(url) {return url;}),
             unsigned: {
+                url: _anonymousArgs(api),
+                params: _anonymousArgs(apiParams)
+            },
+            base: {
                 url: api,
                 params: apiParams
             }

diff --git a/hearth/media/js/views/category.js b/hearth/media/js/views/category.js
@@ -26,7 +26,7 @@ define('views/category',
 
         builder.start('category/main.html', {
             category: category,
-            endpoint: urls.api.url('category', [category], params),
+            endpoint: urls.api.unsigned.url('category', [category], params),
             sort: params.sort,
             app_cast: app_models.cast
         }).done(function() {

diff --git a/hearth/media/js/views/featured.js b/hearth/media/js/views/featured.js
@@ -16,7 +16,7 @@ define('views/featured', ['urls', 'z'], function(urls, z) {
 
         builder.start('featured.html', {
             category: category,
-            endpoint: urls.api.url('category', [category])
+            endpoint: urls.api.unsigned.url('category', [category])
         });
     };
 

diff --git a/hearth/media/js/views/homepage.js b/hearth/media/js/views/homepage.js
@@ -28,7 +28,7 @@ define('views/homepage',
         }
 
         builder.start('category/main.html', {
-            endpoint: urls.api.url('category', [''], params),
+            endpoint: urls.api.unsigned.url('category', [''], params),
             sort: params.sort,
             app_cast: app_models.cast
         }).done(function() {

diff --git a/hearth/templates/search/main.html b/hearth/templates/search/main.html
@@ -2,7 +2,7 @@
 {% include '_macros/more_button.html' %}
 
 <section id="search-results" class="main full c">
-  {% set api_url = apiParams('search', params) %}
+  {% set api_url = anonApiParams('search', params) %}
   {% if params.region %}
     {# If the user entered PotatoSearch™ `:region=<region>` then update `region`. #}
     {% set api_url = api_url|urlparams(region=params.region) %}

diff --git a/hearth/tests/urls.js b/hearth/tests/urls.js
@@ -94,11 +94,25 @@ test('api url signage', function(done, fail) {
         {
             capabilities: {firefoxOS: true, widescreen: function() { return false; }, touch: 'foo'},
             routes_api: {'homepage': '/foo/homepage'},
-            settings: {api_url: 'api:'}
+            settings: {api_url: 'api:'},
+            user: {
+                logged_in: function() { return true; },
+                get_setting: function(x) {},
+                get_token: function() { return 'mytoken';}
+            }
         }, function(urls) {
-            var homepage_url = urls.api.unsigned.url('homepage');
+            var homepage_url, homepage_base_url = urls.api.base.url('homepage');
+
+            homepage_url = homepage_base_url;
             eq_(homepage_url, 'api:/foo/homepage');
-            eq_(urls.api.sign(homepage_url), urls.api.url('homepage'));
+
+            homepage_url = urls.api.url('homepage');
+            eq_(homepage_url, urls.api.sign(homepage_base_url));
+            contains(homepage_url, '_user=mytoken');
+
+            homepage_url = urls.api.unsigned.url('homepage');
+            eq_(homepage_url, urls.api.unsign(homepage_base_url));
+            disincludes(homepage_url, '_user=mytoken');
             done();
         },
         fail