-
- before_filter :check_api_readable, :except => [:capabilities]
- after_filter :compress_output
- around_filter :api_call_handle_error, :api_call_timeout
-
- # Help methods for checking boundary sanity and area size
- include MapBoundary
-
- # Get an XML response containing a list of tracepoints that have been uploaded
- # within the specified bounding box, and in the specified page.
- def trackpoints
- #retrieve the page number
- page = params['page'].to_s.to_i
-
- unless page >= 0
- report_error("Page number must be greater than or equal to 0")
- return
- end
-
- offset = page * TRACEPOINTS_PER_PAGE
-
- # Figure out the bbox
- bbox = params['bbox']
- unless bbox and bbox.count(',') == 3
- report_error("The parameter bbox is required, and must be of the form min_lon,min_lat,max_lon,max_lat")
- return
- end
-
- bbox = bbox.split(',')
- min_lon, min_lat, max_lon, max_lat = sanitise_boundaries(bbox)
- # check boundary is sane and area within defined
- # see /config/application.yml
- begin
- check_boundaries(min_lon, min_lat, max_lon, max_lat)
- rescue Exception => err
- report_error(err.message)
- return
- end
-
- # get all the points
- points = Tracepoint.bbox(min_lat, min_lon, max_lat, max_lon).offset(offset).limit(TRACEPOINTS_PER_PAGE).order("gpx_id DESC, trackid ASC, timestamp ASC")
-
- doc = XML::Document.new
- doc.encoding = XML::Encoding::UTF_8
- root = XML::Node.new 'gpx'
- root['version'] = '1.0'
- root['creator'] = 'OpenStreetMap.org'
- root['xmlns'] = "http://www.topografix.com/GPX/1/0"
-
- doc.root = root
-
- # initialise these variables outside of the loop so that they
- # stay in scope and don't get free'd up by the GC during the
- # loop.
- gpx_id = -1
- trackid = -1
- track = nil
- trkseg = nil
- anon_track = nil
- anon_trkseg = nil
- gpx_file = nil
- timestamps = false
-
- points.each do |point|
- if gpx_id != point.gpx_id
- gpx_id = point.gpx_id
- trackid = -1
- gpx_file = Trace.find(gpx_id)
-
- if gpx_file.trackable?
- track = XML::Node.new 'trk'
- doc.root << track
- timestamps = true
-
- if gpx_file.identifiable?
- track << (XML::Node.new("name") << gpx_file.name)
- track << (XML::Node.new("desc") << gpx_file.description)
- track << (XML::Node.new("url") << url_for(:controller => 'trace', :action => 'view', :id => gpx_file.id))
- end
- else
- # use the anonymous track segment if the user hasn't allowed
- # their GPX points to be tracked.
- timestamps = false
- if anon_track.nil?
- anon_track = XML::Node.new 'trk'
- doc.root << anon_track
- end
- track = anon_track
- end
- end
-
- if trackid != point.trackid
- if gpx_file.trackable?
- trkseg = XML::Node.new 'trkseg'
- track << trkseg
- trackid = point.trackid
- else
- if anon_trkseg.nil?
- anon_trkseg = XML::Node.new 'trkseg'
- anon_track << anon_trkseg
+ skip_before_action :verify_authenticity_token
+
+ private
+
+ ##
+ # Set allowed request formats if no explicit format has been
+ # requested via a URL suffix. Allowed formats are taken from
+ # any HTTP Accept header with XML as the default.
+ def set_request_formats
+ unless params[:format]
+ accept_header = request.headers["HTTP_ACCEPT"]
+
+ if accept_header
+ # Some clients (such asJOSM) send Accept headers which cannot be
+ # parse by Rails, for example:
+ #
+ # Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
+ #
+ # where both "*" and ".2" as a quality do not adhere to the syntax
+ # described in RFC 7231, section 5.3.1, etc.
+ #
+ # As a workaround, and for back compatibility, default to XML format.
+ mimetypes = begin
+ Mime::Type.parse(accept_header)
+ rescue Mime::Type::InvalidMimeType
+ Array(Mime[:xml])
+ end
+
+ # Allow XML and JSON formats, and treat an all formats wildcard
+ # as XML for backwards compatibility - all other formats are discarded
+ # which will result in a 406 Not Acceptable response being sent
+ formats = mimetypes.map do |mime|
+ if mime.symbol == :xml then :xml
+ elsif mime.symbol == :json then :json
+ elsif mime == "*/*" then :xml