before_filter :authorize
after_filter :compress_output
+ # The maximum area you're allowed to request, in square degrees
+ MAX_REQUEST_AREA = 0.25
+
def map
response.headers["Content-Type"] = 'application/xml'
# Figure out the bbox
bbox = params['bbox']
unless bbox and bbox.count(',') == 3
- render :nothing => true, :status => 400
+ report_error("The parameter bbox is required, and must be of the form min_lon,min_lat,max_lon,max_lat")
return
end
max_lon = bbox[2].to_f
max_lat = bbox[3].to_f
+ # check the bbox is sane
+ unless min_lon <= max_lon
+ report_error("The minimum longitude must be less than the maximum longitude, but it wasn't")
+ return
+ end
+ unless min_lat <= max_lat
+ report_error("The minimum latitude must be less than the maximum latitude, but it wasn't")
+ return
+ end
+ unless min_lon >= -180 && min_lat >= -90 && max_lon <= 180 && max_lat <= 90
+ report_error("The latitudes must be between -90 and 90, and longitudes between -180 and 180")
+ return
+ end
+
+ # check the bbox isn't too large
+ requested_area = (max_lat-min_lat)*(max_lon-min_lon)
+ if requested_area > MAX_REQUEST_AREA
+ report_error("The maximum bbox size is " + MAX_REQUEST_AREA.to_s + ", and your request was too large. Either request a smaller area, or use planet.osm")
+ return
+ end
+
# get all the nodes
nodes = Node.find(:all, :conditions => ['latitude > ? AND longitude > ? AND latitude < ? AND longitude < ? AND visible = 1', min_lat, min_lon, max_lat, max_lon])
node_ids = nodes.collect {|node| node.id }
+
+ # (in the future, we may wish to abort here if we found too many nodes)
+
+ # grab the segments
segments = Array.new
if node_ids.length > 0
node_ids_sql = "(#{node_ids.join(',')})"
# get the referenced segments
segments = Segment.find_by_sql "select * from current_segments where visible = 1 and (node_a in #{node_ids_sql} or node_b in #{node_ids_sql})"
end
- # see if we have nay missing nodes
+ # see if we have any missing nodes
segments_nodes = segments.collect {|segment| segment.node_a }
segments_nodes += segments.collect {|segment| segment.node_b }
end
end
+ # Report and error to the user
+ # (If anyone ever fixes Rails so it can set a http status "reason phrase",
+ # rather than only a status code and having the web engine make up a
+ # phrase from that, we can also put the error message into the status
+ # message. For now, rails won't let us)
+ def report_error(message)
+ render :nothing => true, :status => 400
+ # Todo: some sort of escaping of problem characters in the message
+ response.headers['Error'] = message
+ end
+
# extract authorisation credentials from headers, returns user = nil if none\r
private
def get_auth_data
projects / rails.git / commitdiff