Rework API key into token per query

lib/blazer/sharing.rb

@@ -19,9 +19,9 @@ def enabled?
       enabled
     end
 
-    def share_path(query_id, format: nil)
+    def share_path(query_id, format: nil, token: nil)
       query = Query.find(query_id)
-      "#{path}/#{query.secret_token}/#{query_id}#{".#{format}" if format}"
+      "#{path}/#{token}/#{query_id}#{".#{format}" if format}"
     end
 
     def url_for(query_id, current_url, format: 'csv')

test/internal/config/blazer.yml

@@ -161,3 +161,7 @@ uploads:
   url: postgres://localhost/blazer_test
   schema: uploads
   data_source: main
+
+sharing:
+  path: /blazer_share
+  enabled: true

test/internal/config/routes.rb

@@ -1,3 +1,5 @@
 Rails.application.routes.draw do
   mount Blazer::Engine, at: "/"
+
+  get Blazer.sharing.route_path, to: Blazer.sharing.to_controller, as: :share_query if Blazer.sharing.enabled?
 end

test/queries_test.rb

@@ -78,11 +78,18 @@ def test_variables_time_range
 
   def test_correct_token
     query = create_query(statement: "SELECT 1")
-    get blazer.query_path(query, token: query.secret_token)
+    get share_query_path(query.id, token: query.secret_token, format: 'csv')
+
     assert_response :success
+    assert_equal "text/csv", response.content_type
+  end
 
-    get blazer.query_path(query, token: "x")
-    assert_response :redirect
+  def test_incorrect_token
+    query = create_query(statement: "SELECT 1")
+    get share_query_path(query.id, token: "x")
+
+    assert_response :forbidden
+    assert_match "Access denied", response.body
   end
 
   def test_variable_defaults
@@ -123,7 +130,6 @@ def test_share
     get blazer.query_share_path(query_id: query.id, token: query.secret_token, format: 'csv')
 
     assert_response :success
-    assert_match query.name, response.body
   end
 
   def test_url