Release 2.18.0

Merge pull request #342 from CartoDB/upgrade-mapnik
Upgrade mapnik
2015-11-02 10:38:50 +01:00 · 2015-11-02 10:31:49 +01:00 · 2015-10-29 18:31:15 +01:00 · 2015-10-29 18:30:02 +01:00 · 2015-10-28 19:27:53 +01:00 · 2015-10-28 19:27:03 +01:00
196 changed files with 28481 additions and 7771 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ logs/
 pids/
 redis.pid
 test.log
+npm-debug.log
+coverage/
--- a/.jshintignore
+++ b/.jshintignore
@@ -0,0 +1,4 @@
+test/results/
+test/monkey/
+test/benchmark.js
+test/support/
--- a/.jshintrc
+++ b/.jshintrc
@@ -0,0 +1,94 @@
+{
+//    // JSHint Default Configuration File (as on JSHint website)
+//    // See http://jshint.com/docs/ for more details
+//
+//    "maxerr"        : 50,       // {int} Maximum error before stopping
+//
+//    // Enforcing
+//    "bitwise"       : true,     // true: Prohibit bitwise operators (&, |, ^, etc.)
+//    "camelcase"     : false,    // true: Identifiers must be in camelCase
+    "curly"         : true,     // true: Require {} for every new block or scope
+    "eqeqeq"        : true,     // true: Require triple equals (===) for comparison
+    "forin"         : true,     // true: Require filtering for..in loops with obj.hasOwnProperty()
+    "freeze"        : true,     // true: prohibits overwriting prototypes of native objects such as Array, Date etc.
+    "immed"         : true,    // true: Require immediate invocations to be wrapped in parens e.g. `(function () { } ());`
+//    "indent"        : 4,        // {int} Number of spaces to use for indentation
+//    "latedef"       : false,    // true: Require variables/functions to be defined before being used
+    "newcap"        : true,    // true: Require capitalization of all constructor functions e.g. `new F()`
+    "noarg"         : true,     // true: Prohibit use of `arguments.caller` and `arguments.callee`
+//    "noempty"       : true,     // true: Prohibit use of empty blocks
+    "nonbsp"        : true,     // true: Prohibit "non-breaking whitespace" characters.
+    "nonew"         : true,    // true: Prohibit use of constructors for side-effects (without assignment)
+//    "plusplus"      : false,    // true: Prohibit use of `++` & `--`
+//    "quotmark"      : false,    // Quotation mark consistency:
+//    //   false    : do nothing (default)
+//    //   true     : ensure whatever is used is consistent
+//    //   "single" : require single quotes
+//    //   "double" : require double quotes
+    "undef"         : true,     // true: Require all non-global variables to be declared (prevents global leaks)
+    "unused"        : true,     // true: Require all defined variables be used
+//    "strict"        : true,     // true: Requires all functions run in ES5 Strict Mode
+//    "maxparams"     : false,    // {int} Max number of formal params allowed per function
+//    "maxdepth"      : false,    // {int} Max depth of nested blocks (within functions)
+//    "maxstatements" : false,    // {int} Max number statements per function
+    "maxcomplexity" : 6,    // {int} Max cyclomatic complexity per function
+    "maxlen"        : 120,    // {int} Max number of characters per line
+//
+//    // Relaxing
+//    "asi"           : false,     // true: Tolerate Automatic Semicolon Insertion (no semicolons)
+//    "boss"          : false,     // true: Tolerate assignments where comparisons would be expected
+    "debug"         : false,     // true: Allow debugger statements e.g. browser breakpoints.
+//    "eqnull"        : false,     // true: Tolerate use of `== null`
+//    "es5"           : false,     // true: Allow ES5 syntax (ex: getters and setters)
+//    "esnext"        : false,     // true: Allow ES.next (ES6) syntax (ex: `const`)
+//    "moz"           : false,     // true: Allow Mozilla specific syntax (extends and overrides esnext features)
+//    // (ex: `for each`, multiple try/catch, function expression…)
+//    "evil"          : false,     // true: Tolerate use of `eval` and `new Function()`
+//    "expr"          : false,     // true: Tolerate `ExpressionStatement` as Programs
+//    "funcscope"     : false,     // true: Tolerate defining variables inside control statements
+//    "globalstrict"  : false,     // true: Allow global "use strict" (also enables 'strict')
+//    "iterator"      : false,     // true: Tolerate using the `__iterator__` property
+//    "lastsemic"     : false,     // true: Tolerate omitting a semicolon for the last statement of a 1-line block
+//    "laxbreak"      : false,     // true: Tolerate possibly unsafe line breakings
+//    "laxcomma"      : false,     // true: Tolerate comma-first style coding
+//    "loopfunc"      : false,     // true: Tolerate functions being defined in loops
+//    "multistr"      : false,     // true: Tolerate multi-line strings
+//    "noyield"       : false,     // true: Tolerate generator functions with no yield statement in them.
+//    "notypeof"      : false,     // true: Tolerate invalid typeof operator values
+//    "proto"         : false,     // true: Tolerate using the `__proto__` property
+//    "scripturl"     : false,     // true: Tolerate script-targeted URLs
+//    "shadow"        : false,     // true: Allows re-define variables later in code e.g. `var x=1; x=2;`
+//    "sub"           : false,     // true: Tolerate using `[]` notation when it can still be expressed in dot notation
+//    "supernew"      : false,     // true: Tolerate `new function () { ... };` and `new Object;`
+//    "validthis"     : false,     // true: Tolerate using this in a non-constructor function
+//
+//    // Environments
+//    "browser"       : true,     // Web Browser (window, document, etc)
+//    "browserify"    : false,    // Browserify (node.js code in the browser)
+//    "couch"         : false,    // CouchDB
+//    "devel"         : true,     // Development/debugging (alert, confirm, etc)
+//    "dojo"          : false,    // Dojo Toolkit
+//    "jasmine"       : false,    // Jasmine
+//    "jquery"        : false,    // jQuery
+//    "mocha"         : true,     // Mocha
+//    "mootools"      : false,    // MooTools
+    "node"          : true,    // Node.js
+//    "nonstandard"   : false,    // Widely adopted globals (escape, unescape, etc)
+//    "prototypejs"   : false,    // Prototype and Scriptaculous
+//    "qunit"         : false,    // QUnit
+//    "rhino"         : false,    // Rhino
+//    "shelljs"       : false,    // ShellJS
+//    "worker"        : false,    // Web Workers
+//    "wsh"           : false,    // Windows Scripting Host
+//    "yui"           : false,    // Yahoo User Interface
+
+    // Custom Globals
+    "globals"       : { // additional predefined global variables
+        "describe": true,
+        "before": true,
+        "after": true,
+        "beforeEach": true,
+        "afterEach": true,
+        "it": true
+    }
+}
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,33 +1,18 @@
+addons:
+  postgresql: "9.3"
+
 before_install:
-  - sudo mv /etc/apt/sources.list.d/pgdg-source.list* /tmp
-  - sudo apt-get -qq purge postgis* postgresql*
-  - sudo apt-add-repository --yes ppa:cartodb/postgresql-9.3
-  - sudo apt-add-repository --yes ppa:cartodb/gis
-  - sudo rm -Rf /var/lib/postgresql /etc/postgresql
-  - sudo apt-add-repository --yes ppa:mapnik/nightly-2.3
  - sudo apt-get update
-  - sudo apt-get install -y postgresql-9.3-postgis-2.1
-  - sudo apt-get install -y postgresql-contrib-9.3
-  - sudo apt-get install -q libprotobuf-dev protobuf-compiler
-  - sudo apt-get install -q libmapnik-dev
-  - sudo apt-get install -q mapnik-input-plugin-gdal mapnik-input-plugin-ogr mapnik-input-plugin-postgis
-  - sudo apt-get install -y gdal-bin
-  - echo -e "local\tall\tall\ttrust\nhost\tall\tall\t127.0.0.1/32\ttrust\nhost\tall\tall\t::1/128\ttrust" |sudo tee /etc/postgresql/9.3/main/pg_hba.conf
-  - sudo service postgresql restart
+  - sudo apt-get install -y pkg-config libcairo2-dev libjpeg8-dev libgif-dev
+  - sudo apt-get install postgresql-plpython-9.3
  - createdb template_postgis
  - psql -c "CREATE EXTENSION postgis" template_postgis

-before_script:
-  # Tell npm to use known registrars:
-  # see http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more
-  - npm config set ca ""
-
 env:
  - NPROCS=1 JOBS=1 PGUSER=postgres

 language: node_js
 node_js:
-  - "0.8"
  - "0.10"

 notifications:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,11 @@
+Contributing
+---
+
+The issue tracker is at [github.com/CartoDB/Windshaft-cartodb](https://github.com/CartoDB/Windshaft-cartodb).
+
+We love pull requests from everyone, see [Contributing to Open Source on GitHub](https://guides.github.com/activities/contributing-to-open-source/#contributing).
+
+
+## Submitting Contributions
+
+* You will need to sign a Contributor License Agreement (CLA) before making a submission. [Learn more here](https://cartodb.com/contributing).
--- a/11
+++ b/11
@@ -1,12 +1,11 @@
 1. Test (make clean all check), fix if broken before proceeding
 2. Ensure proper version in package.json 
 3. Ensure NEWS section exists for the new version, review it, add release date
-4. Drop npm-shrinkwrap.json
-5. Run npm shrinkwrap to recreate npm-shrinkwrap.json
-6. Commit package.json, npm-shrinwrap.json, NEWS
-7. git tag -a Major.Minor.Patch # use NEWS section as content
-8. Announce on cartodb@googlegroups.com
-9. Stub NEWS/package for next version
+4. Recreate npm-shrinkwrap.json with: `npm install --no-shrinkwrap && npm shrinkwrap`
+5. Commit package.json, npm-shrinwrap.json, NEWS
+6. git tag -a Major.Minor.Patch # use NEWS section as content
+7. Announce on cartodb@googlegroups.com
+8. Stub NEWS/package for next version

 Versions:

--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-Copyright (c) 2014, Vizzuality
+Copyright (c) 2015, CartoDB
 All rights reserved.

 Redistribution and use in source and binary forms, with or without 
--- a/50
+++ b/50
@@ -1,7 +1,10 @@
-srcdir=$(shell pwd)
+SHELL=/bin/bash
+
+pre-install:
+	@$(SHELL) ./scripts/check-node-canvas.sh

 all:
-	npm install
+	@$(SHELL) ./scripts/install.sh

 clean:
 	rm -rf node_modules/*
@@ -15,21 +18,36 @@ config.status--test:
 config/environments/test.js: config.status--test
 	./config.status--test 

-check-local: config/environments/test.js
-	./run_tests.sh ${RUNTESTFLAGS} \
-    test/unit/cartodb/*.js \
-    test/acceptance/*.js 
+TEST_SUITE := $(shell find test/{acceptance,integration,unit} -name "*.js")
+TEST_SUITE_UNIT := $(shell find test/unit -name "*.js")
+TEST_SUITE_INTEGRATION := $(shell find test/integration -name "*.js")
+TEST_SUITE_ACCEPTANCE := $(shell find test/acceptance -name "*.js")

-check-submodules:
-	PATH="$$PATH:$(srcdir)/node_modules/.bin/"; \
-	for sub in windshaft grainstore node-varnish mapnik; do \
-	  if test -e node_modules/$${sub}; then \
-	      echo "Testing submodule $${sub}"; \
-	      make -C node_modules/$${sub} check || exit 1; \
-	  fi; \
-	done
+test: config/environments/test.js
+	@echo "***tests***"
+	@$(SHELL) ./run_tests.sh ${RUNTESTFLAGS} $(TEST_SUITE)

-check-full: check-local check-submodules
+test-unit: config/environments/test.js
+	@echo "***tests***"
+	@$(SHELL) ./run_tests.sh ${RUNTESTFLAGS} $(TEST_SUITE_UNIT)

-check: check-local
+test-integration: config/environments/test.js
+	@echo "***tests***"
+	@$(SHELL) ./run_tests.sh ${RUNTESTFLAGS} $(TEST_SUITE_INTEGRATION)

+test-acceptance: config/environments/test.js
+	@echo "***tests***"
+	@$(SHELL) ./run_tests.sh ${RUNTESTFLAGS} $(TEST_SUITE_ACCEPTANCE)
+
+jshint:
+	@echo "***jshint***"
+	@./node_modules/.bin/jshint lib/ test/ app.js
+
+test-all: jshint test
+
+coverage:
+	@RUNTESTFLAGS=--with-coverage make test
+
+check: test
+
+.PHONY: pre-install test jshint coverage
--- a/NEWS.md
+++ b/NEWS.md
--- a/README.md
+++ b/README.md
@@ -1,39 +1,35 @@
 Windshaft-CartoDB
 ==================

-[![Build Status](http://travis-ci.org/CartoDB/Windshaft-cartodb.png)]
-(http://travis-ci.org/CartoDB/Windshaft-cartodb)
+[![Build Status](https://travis-ci.org/CartoDB/Windshaft-cartodb.svg?branch=master)](https://travis-ci.org/CartoDB/Windshaft-cartodb)

-This is the CartoDB map tiler. It extends Windshaft with some extra
-functionality and custom filters for authentication
+This is the [CartoDB Maps API](http://docs.cartodb.com/cartodb-platform/maps-api.html) tiler. It extends
+[Windshaft](https://github.com/CartoDB/Windshaft) with some extra functionality and custom filters for authentication.

 * reads dbname from subdomain and cartodb redis for pretty tile urls
-* configures windshaft to publish ``cartodb_id`` as the interactivity layer
+* configures windshaft to publish `cartodb_id` as the interactivity layer
 * gets the default geometry type from the cartodb redis store
 * allows tiles to be styled individually
 * provides a link to varnish high speed cache
-* provides a ``infowindow`` endpoint for windshaft (DEPRECATED)
-* provides a ``map_metadata`` endpoint for windshaft (DEPRECATED)
-* provides signed template maps API
-  (http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps)
+* provides a [template maps API](https://github.com/CartoDB/Windshaft-cartodb/blob/master/docs/Template-maps.md)

 Requirements
 ------------
+ - Core
+   - Node.js >=0.8
+   - npm >=1.2.1
+   - PostgreSQL >8.3.x, PostGIS >1.5.x
+   - Redis >2.4.0 (http://www.redis.io)
+   - Mapnik 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0. See Installing Mapnik.
+   - Windshaft: check [Windshaft dependencies and installation notes](https://github.com/CartoDB/Windshaft#dependencies)
+   - libcairo2-dev, libpango1.0-dev, libjpeg8-dev and libgif-dev for server side canvas support

- [core]
- - node-0.8.x+
- - PostgreSQL-8.3+
- - PostGIS-1.5.0+
- - Redis 2.4.0+ (http://www.redis.io)
- - Mapnik 2.0 or 2.1 
+- For cache control (optional)
+   - CartoDB 0.9.5+ (for `CDB_QueryTables`)
+   - Varnish (http://www.varnish-cache.org)

- [for cache control]
- - CartoDB-SQL-API 1.0.0+
- - CartoDB 0.9.5+ (for ``CDB_QueryTables``)
- - Varnish (http://www.varnish-cache.org)
-
- [for running the testsuite]
- - Imagemagick (http://www.imagemagick.org)
+- For running the testsuite
+   - ImageMagick (http://www.imagemagick.org)

 Configure
 ---------
@@ -60,6 +56,14 @@ happen to have startup errors you may need to force rebuilding those
 modules. At any time just wipe out the node_modules/ directory and run
 ```npm install``` again.

+Upgrading
+---------
+
+Checkout your commit/branch. If you need to reinstall dependencies (you can check [NEWS](NEWS.md)) do the following:
+
+```
+rm -rf node_modules; npm install
+```

 Run
 ---
@@ -75,59 +79,22 @@ there may be out-of-sync records in there.
 Take a look: http://redis.io/commands


-URLs
----
+Documentation
+-------------

-**TILES**
-
-[GET] subdomain.cartodb.com/tiles/:table_name/:z/:x/:y.[png|png8|grid.json]
-
-Args:
-
-* sql - plain SQL arguments
-* interactivity - specify the column to use in UTFGrid
-* cache_buster - Specify an identifier for the internal tile cache.
-                 Requesting tiles with the same cache_buster value may
-                 result in being served a cached version of the tile
-                 (even when requesting a tile for the first time, as tiles
-                 can be prepared in advance)
-* cache_policy - Set to "persist" to have the server send an Cache-Control
-                 header requesting caching devices to keep the response
-                 cached as much as possible. This is best used with a
-                 timestamp value in cache_buster for manual control of
-                 updates.
-* geom_type - override the cartodb default
-* style - override the default map style with Carto
+The [docs directory](https://github.com/CartoDB/Windshaft-cartodb/tree/master/docs) contains different documentation
+resources, from higher level to more detailed ones:
+The [Maps API](https://github.com/CartoDB/Windshaft-cartodb/blob/master/docs/Map-API.md) defined the endpoints and their
+expected parameters and outputs.


-**STYLE**
+Examples
+--------

-[GET/POST] subdomain.cartodb.com/tiles/:table_name/style
-
-Args:
-
-* style - the style in CartoCSS you want to set
-* style_version - the version of the style for POST
-* style_convert - request conversion to target version (both POST and GET)
+[CartoDB's Map Gallery](http://cartodb.com/gallery/) showcases several examples of visualisations built on top of this.


-**INFOWINDOW**
+Contributing
+---

-[GET] subdomain.cartodb.com/tiles/:table_name/infowindow
-
-Args:
-
-* infowindow - returns contents of infowindow from CartoDB.
-
-
-**MAP METADATA**
-
-[GET] subdomain.cartodb.com/tiles/:table_name/map_metadata
-
-Args:
-
-* infowindow - returns contents of infowindow from CartoDB.
-
-
-All GET requests are wrappable with JSONP using callback argument,
-including the UTFGrid map tile call.
+See [CONTRIBUTING.md](CONTRIBUTING.md).
--- a/app.js
+++ b/app.js
@@ -1,46 +1,58 @@
-/*
- * Windshaft-CartoDB
- * ===============
- *
- * ./app.js [environment]
- *
- * environments: [development, production]
- */
-
-var path = require('path'),
-    fs = require('fs')
-;
-
-
-if ( process.argv[2] ) ENV = process.argv[2];
-else if ( process.env['NODE_ENV'] ) ENV = process.env['NODE_ENV'];
-else ENV = 'development';
-
-process.env['NODE_ENV'] = ENV;
-
-// sanity check
-if (ENV != 'development' && ENV != 'production' && ENV != 'staging' ){
-    console.error("\nnode app.js [environment]");
-    console.error("environments: development, production, staging\n");
-    process.exit(1);
-}
+var http = require('http');
+var https = require('https');
+var path = require('path');
+var fs = require('fs');

 var _ = require('underscore');

-// set environment specific variables
-global.environment  = require(__dirname + '/config/environments/' + ENV);
-global.environment.api_hostname = require('os').hostname().split('.')[0];
+var ENVIRONMENT;
+if ( process.argv[2] ) {
+    ENVIRONMENT = process.argv[2];
+} else if ( process.env.NODE_ENV ) {
+    ENVIRONMENT = process.env.NODE_ENV;
+} else {
+    ENVIRONMENT = 'development';
+}

-global.log4js = require('log4js')
-log4js_config = {
+var availableEnvironments = {
+    production: true,
+    staging: true,
+    development: true
+};
+
+// sanity check
+if (!availableEnvironments[ENVIRONMENT]){
+    console.error('node app.js [environment]');
+    console.error('environments: %s', Object.keys(availableEnvironments).join(', '));
+    process.exit(1);
+}
+
+process.env.NODE_ENV = ENVIRONMENT;
+
+// set environment specific variables
+global.environment = require('./config/environments/' + ENVIRONMENT);
+
+global.log4js = require('log4js');
+var log4js_config = {
  appenders: [],
-  replaceConsole:true
+  replaceConsole: true
 };

 if (global.environment.uv_threadpool_size) {
    process.env.UV_THREADPOOL_SIZE = global.environment.uv_threadpool_size;
 }

+// set global HTTP and HTTPS agent default configurations
+// ref https://nodejs.org/api/http.html#http_new_agent_options
+var agentOptions = _.defaults(global.environment.httpAgent || {}, {
+    keepAlive: false,
+    keepAliveMsecs: 1000,
+    maxSockets: Infinity,
+    maxFreeSockets: 256
+});
+http.globalAgent = new http.Agent(agentOptions);
+https.globalAgent = new https.Agent(agentOptions);
+
 if ( global.environment.log_filename ) {
  var logdir = path.dirname(global.environment.log_filename);
  // See cwd inlog4js.configure call below
@@ -59,54 +71,50 @@ if ( global.environment.log_filename ) {
  );
 }

-if ( global.environment.rollbar ) {
-  log4js_config.appenders.push({
-    type: __dirname + "/lib/cartodb/log4js_rollbar.js",
-    options: global.environment.rollbar
-  });
-}
+global.log4js.configure(log4js_config, { cwd: __dirname });
+global.logger = global.log4js.getLogger();

-log4js.configure(log4js_config, { cwd: __dirname });
-global.logger = log4js.getLogger();
+global.environment.api_hostname = require('os').hostname().split('.')[0];

 // Include cartodb_windshaft only _after_ the "global" variable is set
 // See https://github.com/Vizzuality/Windshaft-cartodb/issues/28
-var CartodbWindshaft = require('./lib/cartodb/cartodb_windshaft');
-var serverOptions = require('./lib/cartodb/server_options')();
+var cartodbWindshaft = require('./lib/cartodb/server');
+var serverOptions = require('./lib/cartodb/server_options');

-ws = CartodbWindshaft(serverOptions);
+var server = cartodbWindshaft(serverOptions);

 // Maximum number of connections for one process
 // 128 is a good number if you have up to 1024 filedescriptors
 // 4 is good if you have max 32 filedescriptors
 // 1 is good if you have max 16 filedescriptors
-ws.maxConnections = global.environment.maxConnections || 128;
+var backlog = global.environment.maxConnections || 128;

-ws.listen(global.environment.port, global.environment.host);
+var listener = server.listen(serverOptions.bind.port, serverOptions.bind.host, backlog);

 var version = require("./package").version;

-ws.on('listening', function() {
-  console.log("Windshaft tileserver " + version + " started on "
-              + global.environment.host + ':' + global.environment.port
-              + " (" + ENV + ")");
+listener.on('listening', function() {
+    console.log(
+        "Windshaft tileserver %s started on %s:%s PID=%d (%s)",
+        version, serverOptions.bind.host, serverOptions.bind.port, process.pid, ENVIRONMENT
+    );
 });

-// DEPRECATED, use SIGUSR2
-process.on('SIGUSR1', function() {
-  console.log('WARNING: handling of SIGUSR1 by Windshaft-CartoDB is deprecated, please send SIGUSR2 instead');
-  ws.dumpCacheStats();
-});
-
-process.on('SIGUSR2', function() {
-  ws.dumpCacheStats();
-});
+setInterval(function() {
+    var memoryUsage = process.memoryUsage();
+    Object.keys(memoryUsage).forEach(function(k) {
+        global.statsClient.gauge('windshaft.memory.' + k, memoryUsage[k]);
+    });
+}, 5000);

 process.on('SIGHUP', function() {
-  log4js.configure(log4js_config);
-  console.log('Log files reloaded');
+    global.log4js.clearAndShutdownAppenders(function() {
+        global.log4js.configure(log4js_config);
+        global.logger = global.log4js.getLogger();
+        console.log('Log files reloaded');
+    });
 });

 process.on('uncaughtException', function(err) {
-  logger.error('Uncaught exception: ' + err.stack); 
+    global.logger.error('Uncaught exception: ' + err.stack);
 });
--- a/assets/default-placeholder.png
+++ b/assets/default-placeholder.png
--- a/assets/default-placeholder@2x.png
+++ b/assets/default-placeholder@2x.png
--- a/assets/render-timeout-fallback.png
+++ b/assets/render-timeout-fallback.png
--- a/assets/render-timeout-fallback@2x.png
+++ b/assets/render-timeout-fallback@2x.png
--- a/config/environments/development.js.example
+++ b/config/environments/development.js.example
@@ -2,6 +2,9 @@ var config = {
     environment: 'development'
    ,port: 8181
    ,host: '127.0.0.1'
+    // Size of the threadpool which can be used to run user code and get notified in the loop thread
+    // Its default size is 4, but it can be changed at startup time (the absolute maximum is 128).
+    // See http://docs.libuv.org/en/latest/threadpool.html
    ,uv_threadpool_size: undefined
    // Regular expression pattern to extract username
    // from hostname. Must have a single grabbing block.
@@ -14,13 +17,11 @@ var config = {
    // Base url for the Templated Maps API
    // "/api/v1/map/named" is the new API,
    // "/tiles/template" is for compatibility with versions up to 1.6.x
-    ,base_url_templated: '(?:/api/v1/map/named|/tiles/template)'
+    ,base_url_templated: '(?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)'
    // Base url for the Detached Maps API
    // "maps" is the the new API,
    // "tiles/layergroup" is for compatibility with versions up to 1.6.x
-    ,base_url_detached: '(?:/api/v1/map|/tiles/layergroup)'
-    // Base url for the Inline Maps and Table Maps API
-    ,base_url_legacy: '/tiles/:table'
+    ,base_url_detached: '(?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)'

    // Maximum number of connections for one process
    // 128 is a good value with a limit of 1024 open file descriptors
@@ -40,7 +41,7 @@ var config = {
    // If log_filename is given logs will be written
    // there, in append mode. Otherwise stdout is used (default).
    // Log file will be re-opened on receiving the HUP signal
-    ,log_filename: 'logs/node-windshaft.log'
+    ,log_filename: undefined
    // Templated database username for authorized user
    // Supported labels: 'user_id' (read from redis)
    ,postgres_auth_user: 'development_cartodb_user_<%= user_id %>'
@@ -63,6 +64,7 @@ var config = {
        */
        row_limit: 65535,
        simplify_geometries: true,
+        use_overviews: true, // use overviews to retrieve raster
        /*
         * Set persist_connection to false if you want
         * database connections to be closed on renderer
@@ -85,8 +87,92 @@ var config = {
    ,renderer: {
      // Milliseconds since last access before renderer cache item expires
      cache_ttl: 60000,
-      metatile: 4,
-      bufferSize: 64
+      statsInterval: 5000, // milliseconds between each report to statsd about number of renderers and mapnik pool status
+      mapnik: {
+          // The size of the pool of internal mapnik backend
+          // This pool size is per mapnik renderer created in Windshaft's RendererFactory
+          // See https://github.com/CartoDB/Windshaft/blob/master/lib/windshaft/renderers/renderer_factory.js
+          // Important: check the configuration of uv_threadpool_size to use suitable value
+          poolSize: 8,
+
+          // Metatile is the number of tiles-per-side that are going
+          // to be rendered at once. If all of them will be requested
+          // we'd have saved time. If only one will be used, we'd have
+          // wasted time.
+          metatile: 2,
+
+          // tilelive-mapnik uses an internal cache to store tiles/grids
+          // generated when using metatile. This options allow to tune
+          // the behaviour for that internal cache.
+          metatileCache: {
+              // Time an object must stay in the cache until is removed
+              ttl: 0,
+              // Whether an object must be removed after the first hit
+              // Usually you want to use `true` here when ttl>0.
+              deleteOnHit: false
+          },
+
+          // Override metatile behaviour depending on the format
+          formatMetatile: {
+              png: 2,
+              'grid.json': 1
+          },
+
+          // Buffer size is the tickness in pixel of a buffer
+          // around the rendered (meta?)tile.
+          //
+          // This is important for labels and other marker that overlap tile boundaries.
+          // Setting to 128 ensures no render artifacts.
+          // 64 may have artifacts but is faster.
+          // Less important if we can turn metatiling on.
+          bufferSize: 64,
+
+          // SQL queries will be wrapped with ST_SnapToGrid
+          // Snapping all points of the  geometry to a regular grid
+          snapToGrid: false,
+
+          // SQL queries will be wrapped with ST_ClipByBox2D
+          // Returning the portion of a geometry falling within a rectangle
+          // It will only work if snapToGrid is enabled
+          clipByBox2d: false, // this requires postgis >=2.2 and geos >=3.5
+
+          limits: {
+              // Time in milliseconds a render request can take before it fails, some notes:
+              //  - 0 means no render limit
+              //  - it considers metatiling, naive implementation: (render timeout) * (number of tiles in metatile)
+              render: 0,
+              // As the render request will finish even if timed out, whether it should be placed in the internal
+              // cache or it should be fully discarded. When placed in the internal cache another attempt to retrieve
+              // the same tile will result in an immediate response, however that will use a lot of more application
+              // memory. If we want to enforce this behaviour we have to implement a cache eviction policy for the
+              // internal cache.
+              cacheOnTimeout: true
+          }
+      },
+      http: {
+          timeout: 2000, // the timeout in ms for a http tile request
+          proxy: undefined, // the url for a proxy server
+          whitelist: [ // the whitelist of urlTemplates that can be used
+              '.*', // will enable any URL
+              'http://{s}.example.com/{z}/{x}/{y}.png'
+          ],
+          // image to use as placeholder when urlTemplate is not in the whitelist
+          // if provided the http renderer will use it instead of throw an error
+          fallbackImage: {
+              type: 'fs', // 'fs' and 'url' supported
+              src: __dirname + '/../../assets/default-placeholder.png'
+          }
+      },
+      torque: {
+          dbPoolParams: {
+              // maximum number of resources to create at any given time
+              size: 16,
+              // max milliseconds a resource can go unused before it should be destroyed
+              idleTimeout: 3000,
+              // frequency to check for idle resources
+              reapInterval: 1000
+          }
+      }
    }
    ,millstone: {
        // Needs to be writable by server user
@@ -103,43 +189,69 @@ var config = {
        // by 2 to know how many possible connections will be
        // kept open by the server. The default is 50.
        max: 50,
+        returnToHead: true, // defines the behaviour of the pool: false => queue, true => stack
        idleTimeoutMillis: 1, // idle time before dropping connection
        reapIntervalMillis: 1, // time between cleanups
+        slowQueries: {
+            log: true,
+            elapsedThreshold: 200
+        },
        slowPool: {
            log: true, // whether a slow acquire must be logged or not
            elapsedThreshold: 25 // the threshold to determine an slow acquire must be reported or not
-        }
+        },
+        emitter: {
+            statusInterval: 5000 // time, in ms, between each status report is emitted from the pool, status is sent to statsd
+        },
+        unwatchOnRelease: false, // Send unwatch on release, see http://github.com/CartoDB/Windshaft-cartodb/issues/161
+        noReadyCheck: true // Check `no_ready_check` at https://github.com/mranney/node_redis/tree/v0.12.1#overloading
    }
-    ,sqlapi: {
-        protocol: 'http',
-        // If "host" is given, it will be used
-        // to connect to the SQL-API without a
-        // DNS lookup
-        host: '127.0.0.1',
-        port: 8080,
-        // The "domain" part will be appended to 
-        // the cartodb username and passed to
-        // SQL-API requests in the Host HTTP header
-        domain: 'localhost.lan',
-        version: 'v1',
-        // Maximum lenght of SQL query for GET
-        // requests. Longer queries will be sent
-        // using POST. Defaults to 2048
-        max_get_sql_length: 2048,
-        // Maximum time to wait for a response,
-        // in milliseconds. Defaults to 100.
-        timeout: 100
+    // For more details about this options check https://nodejs.org/api/http.html#http_new_agent_options
+    ,httpAgent: {
+        keepAlive: true,
+        keepAliveMsecs: 1000,
+        maxSockets: 25,
+        maxFreeSockets: 256
    }
    ,varnish: {
        host: 'localhost',
-        port: 6082,
+        port: 6082, // the por for the telnet interface where varnish is listening to
+        http_port: 6081, // the port for the HTTP interface where varnish is listening to
+        purge_enabled: false, // whether the purge/invalidation mechanism is enabled in varnish or not
        secret: 'xxx',
-        ttl: 86400
+        ttl: 86400,
+        layergroupTtl: 86400 // the max-age for cache-control header in layergroup responses
+    }
+    // this [OPTIONAL] configuration enables invalidating by surrogate key in fastly
+    ,fastly: {
+        // whether the invalidation is enabled or not
+        enabled: false,
+        // the fastly api key
+        apiKey: 'wadus_api_key',
+        // the service that will get surrogate key invalidation
+        serviceId: 'wadus_service_id'
    }
    // If useProfiler is true every response will be served with an
    // X-Tiler-Profile header containing elapsed timing for various 
    // steps taken for producing the response.
    ,useProfiler:true
+    // Settings for the health check available at /health
+    ,health: {
+      enabled: false,
+      username: 'localhost',
+      z: 0,
+      x: 0,
+      y: 0
+    }
+    ,disabled_file: 'pids/disabled'
+
+    // Use this as a feature flags enabling/disabling mechanism
+    ,enabledFeatures: {
+        // whether it should intercept tile render errors an act based on them, enabled by default.
+        onTileErrorStrategy: true,
+        // whether the affected tables for a given SQL must query directly postgresql or use the SQL API
+        cdbQueryTablesFromPostgres: true
+    }
 };

 module.exports = config;
--- a/config/environments/production.js.example
+++ b/config/environments/production.js.example
@@ -2,6 +2,9 @@ var config = {
    environment: 'production'
    ,port: 8181
    ,host: '127.0.0.1'
+    // Size of the threadpool which can be used to run user code and get notified in the loop thread
+    // Its default size is 4, but it can be changed at startup time (the absolute maximum is 128).
+    // See http://docs.libuv.org/en/latest/threadpool.html
    ,uv_threadpool_size: undefined
    // Regular expression pattern to extract username
    // from hostname. Must have a single grabbing block.
@@ -14,13 +17,11 @@ var config = {
    // Base url for the Templated Maps API
    // "/api/v1/map/named" is the new API,
    // "/tiles/template" is for compatibility with versions up to 1.6.x
-    ,base_url_templated: '(?:/api/v1/map/named|/tiles/template)'
+    ,base_url_templated: '(?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)'
    // Base url for the Detached Maps API
    // "maps" is the the new API,
    // "tiles/layergroup" is for compatibility with versions up to 1.6.x
-    ,base_url_detached: '(?:/api/v1/map|/tiles/layergroup)'
-    // Base url for the Inline Maps and Table Maps API
-    ,base_url_legacy: '/tiles/:table'
+    ,base_url_detached: '(?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)'

    // Maximum number of connections for one process
    // 128 is a good value with a limit of 1024 open file descriptors
@@ -65,6 +66,7 @@ var config = {
         */
        persist_connection: false,
        simplify_geometries: true,
+        use_overviews: true, // use overviews to retrieve raster
        max_size: 500
    }
    ,mapnik_version: undefined
@@ -79,8 +81,92 @@ var config = {
    ,renderer: {
      // Milliseconds since last access before renderer cache item expires
      cache_ttl: 60000,
-      metatile: 4,
-      bufferSize: 64
+      statsInterval: 5000, // milliseconds between each report to statsd about number of renderers and mapnik pool status
+      mapnik: {
+          // The size of the pool of internal mapnik backend
+          // This pool size is per mapnik renderer created in Windshaft's RendererFactory
+          // See https://github.com/CartoDB/Windshaft/blob/master/lib/windshaft/renderers/renderer_factory.js
+          // Important: check the configuration of uv_threadpool_size to use suitable value
+          poolSize: 8,
+
+          // Metatile is the number of tiles-per-side that are going
+          // to be rendered at once. If all of them will be requested
+          // we'd have saved time. If only one will be used, we'd have
+          // wasted time.
+          metatile: 2,
+
+          // tilelive-mapnik uses an internal cache to store tiles/grids
+          // generated when using metatile. This options allow to tune
+          // the behaviour for that internal cache.
+          metatileCache: {
+              // Time an object must stay in the cache until is removed
+              ttl: 0,
+              // Whether an object must be removed after the first hit
+              // Usually you want to use `true` here when ttl>0.
+              deleteOnHit: false
+          },
+
+          // Override metatile behaviour depending on the format
+          formatMetatile: {
+              png: 2,
+              'grid.json': 1
+          },
+
+          // Buffer size is the tickness in pixel of a buffer
+          // around the rendered (meta?)tile.
+          //
+          // This is important for labels and other marker that overlap tile boundaries.
+          // Setting to 128 ensures no render artifacts.
+          // 64 may have artifacts but is faster.
+          // Less important if we can turn metatiling on.
+          bufferSize: 64,
+
+          // SQL queries will be wrapped with ST_SnapToGrid
+          // Snapping all points of the  geometry to a regular grid
+          snapToGrid: false,
+
+          // SQL queries will be wrapped with ST_ClipByBox2D
+          // Returning the portion of a geometry falling within a rectangle
+          // It will only work if snapToGrid is enabled
+          clipByBox2d: false, // this requires postgis >=2.2 and geos >=3.5
+
+          limits: {
+              // Time in milliseconds a render request can take before it fails, some notes:
+              //  - 0 means no render limit
+              //  - it considers metatiling, naive implementation: (render timeout) * (number of tiles in metatile)
+              render: 0,
+              // As the render request will finish even if timed out, whether it should be placed in the internal
+              // cache or it should be fully discarded. When placed in the internal cache another attempt to retrieve
+              // the same tile will result in an immediate response, however that will use a lot of more application
+              // memory. If we want to enforce this behaviour we have to implement a cache eviction policy for the
+              // internal cache.
+              cacheOnTimeout: true
+          }
+      },
+      http: {
+          timeout: 2000, // the timeout in ms for a http tile request
+          proxy: undefined, // the url for a proxy server
+          whitelist: [ // the whitelist of urlTemplates that can be used
+              '.*', // will enable any URL
+              'http://{s}.example.com/{z}/{x}/{y}.png'
+          ],
+          // image to use as placeholder when urlTemplate is not in the whitelist
+          // if provided the http renderer will use it instead of throw an error
+          fallbackImage: {
+              type: 'fs', // 'fs' and 'url' supported
+              src: __dirname + '/../../assets/default-placeholder.png'
+          }
+      },
+      torque: {
+          dbPoolParams: {
+              // maximum number of resources to create at any given time
+              size: 16,
+              // max milliseconds a resource can go unused before it should be destroyed
+              idleTimeout: 3000,
+              // frequency to check for idle resources
+              reapInterval: 1000
+          }
+      }
    }
    ,millstone: {
        // Needs to be writable by server user
@@ -97,38 +183,47 @@ var config = {
        // by 2 to know how many possible connections will be
        // kept open by the server. The default is 50.
        max: 50,
+        returnToHead: true, // defines the behaviour of the pool: false => queue, true => stack
        idleTimeoutMillis: 30000, // idle time before dropping connection
        reapIntervalMillis: 1000, // time between cleanups
+        slowQueries: {
+            log: true,
+            elapsedThreshold: 200
+        },
        slowPool: {
            log: true, // whether a slow acquire must be logged or not
            elapsedThreshold: 25 // the threshold to determine an slow acquire must be reported or not
-        }
+        },
+        emitter: {
+            statusInterval: 5000 // time, in ms, between each status report is emitted from the pool, status is sent to statsd
+        },
+        unwatchOnRelease: false, // Send unwatch on release, see http://github.com/CartoDB/Windshaft-cartodb/issues/161
+        noReadyCheck: true // Check `no_ready_check` at https://github.com/mranney/node_redis/tree/v0.12.1#overloading
    }
-    ,sqlapi: {
-        protocol: 'https',
-        // If "host" is given, it will be used
-        // to connect to the SQL-API without a
-        // DNS lookup
-        //host: '127.0.0.1',
-        port: 8080,
-        // The "domain" part will be appended to 
-        // the cartodb username and passed to
-        // SQL-API requests in the Host HTTP header
-        domain: 'cartodb.com',
-        version: 'v2',
-        // Maximum lenght of SQL query for GET
-        // requests. Longer queries will be sent
-        // using POST. Defaults to 2048
-        max_get_sql_length: 2048,
-        // Maximum time to wait for a response,
-        // in milliseconds. Defaults to 100.
-        timeout: 100
+    // For more details about this options check https://nodejs.org/api/http.html#http_new_agent_options
+    ,httpAgent: {
+        keepAlive: true,
+        keepAliveMsecs: 1000,
+        maxSockets: 25,
+        maxFreeSockets: 256
    }
    ,varnish: {
        host: 'localhost',
-        port: 6082,
+        port: 6082, // the por for the telnet interface where varnish is listening to
+        http_port: 6081, // the port for the HTTP interface where varnish is listening to
+        purge_enabled: false, // whether the purge/invalidation mechanism is enabled in varnish or not
        secret: 'xxx',
-        ttl: 86400
+        ttl: 86400,
+        layergroupTtl: 86400 // the max-age for cache-control header in layergroup responses
+    }
+    // this [OPTIONAL] configuration enables invalidating by surrogate key in fastly
+    ,fastly: {
+        // whether the invalidation is enabled or not
+        enabled: false,
+        // the fastly api key
+        apiKey: 'wadus_api_key',
+        // the service that will get surrogate key invalidation
+        serviceId: 'wadus_service_id'
    }
    // If useProfiler is true every response will be served with an
    // X-Tiler-Profile header containing elapsed timing for various 
@@ -140,14 +235,22 @@ var config = {
        https: 'cartocdn.global.ssl.fastly.net'
      }
    }
-    // Optional rollbar support
-    ,rollbar: {
-      token: 'secret',
-      // See http://github.com/rollbar/node_rollbar#configuration-reference
-      options: {
-        endpoint: 'https://api.rollbar.com/api/1/',
-        handler: 'inline'
-      }
+    // Settings for the health check available at /health
+    ,health: {
+      enabled: true,
+      username: 'localhost',
+      z: 0,
+      x: 0,
+      y: 0
+    }
+    ,disabled_file: 'pids/disabled'
+
+    // Use this as a feature flags enabling/disabling mechanism
+    ,enabledFeatures: {
+        // whether it should intercept tile render errors an act based on them, enabled by default.
+        onTileErrorStrategy: true,
+        // whether the affected tables for a given SQL must query directly postgresql or use the SQL API
+        cdbQueryTablesFromPostgres: true
    }
 };

--- a/config/environments/staging.js.example
+++ b/config/environments/staging.js.example
@@ -2,6 +2,9 @@ var config = {
    environment: 'production'
    ,port: 8181
    ,host: '127.0.0.1'
+    // Size of the threadpool which can be used to run user code and get notified in the loop thread
+    // Its default size is 4, but it can be changed at startup time (the absolute maximum is 128).
+    // See http://docs.libuv.org/en/latest/threadpool.html
    ,uv_threadpool_size: undefined
    // Regular expression pattern to extract username
    // from hostname. Must have a single grabbing block.
@@ -14,13 +17,11 @@ var config = {
    // Base url for the Templated Maps API
    // "/api/v1/maps/named" is the new API,
    // "/tiles/template" is for compatibility with versions up to 1.6.x
-    ,base_url_templated: '(?:/api/v1/maps/named|/tiles/template)'
+    ,base_url_templated: '(?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)'
    // Base url for the Detached Maps API
    // "/api/v1/maps" is the the new API,
    // "/tiles/layergroup" is for compatibility with versions up to 1.6.x
-    ,base_url_detached: '(?:/api/v1/maps|/tiles/layergroup)'
-    // Base url for the Inline Maps and Table Maps API
-    ,base_url_legacy: '/tiles/:table'
+    ,base_url_detached: '(?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)'

    // Maximum number of connections for one process
    // 128 is a good value with a limit of 1024 open file descriptors
@@ -57,6 +58,7 @@ var config = {
        extent: "-20037508.3,-20037508.3,20037508.3,20037508.3",
        row_limit: 65535,
        simplify_geometries: true,
+        use_overviews: true, // use overviews to retrieve raster
        /*
         * Set persist_connection to false if you want
         * database connections to be closed on renderer
@@ -79,8 +81,92 @@ var config = {
    ,renderer: {
      // Milliseconds since last access before renderer cache item expires
      cache_ttl: 60000,
-      metatile: 4,
-      bufferSize: 64
+      statsInterval: 5000, // milliseconds between each report to statsd about number of renderers and mapnik pool status
+      mapnik: {
+          // The size of the pool of internal mapnik backend
+          // This pool size is per mapnik renderer created in Windshaft's RendererFactory
+          // See https://github.com/CartoDB/Windshaft/blob/master/lib/windshaft/renderers/renderer_factory.js
+          // Important: check the configuration of uv_threadpool_size to use suitable value
+          poolSize: 8,
+
+          // Metatile is the number of tiles-per-side that are going
+          // to be rendered at once. If all of them will be requested
+          // we'd have saved time. If only one will be used, we'd have
+          // wasted time.
+          metatile: 2,
+
+          // tilelive-mapnik uses an internal cache to store tiles/grids
+          // generated when using metatile. This options allow to tune
+          // the behaviour for that internal cache.
+          metatileCache: {
+              // Time an object must stay in the cache until is removed
+              ttl: 0,
+              // Whether an object must be removed after the first hit
+              // Usually you want to use `true` here when ttl>0.
+              deleteOnHit: false
+          },
+
+          // Override metatile behaviour depending on the format
+          formatMetatile: {
+              png: 2,
+              'grid.json': 1
+          },
+
+          // Buffer size is the tickness in pixel of a buffer
+          // around the rendered (meta?)tile.
+          //
+          // This is important for labels and other marker that overlap tile boundaries.
+          // Setting to 128 ensures no render artifacts.
+          // 64 may have artifacts but is faster.
+          // Less important if we can turn metatiling on.
+          bufferSize: 64,
+
+          // SQL queries will be wrapped with ST_SnapToGrid
+          // Snapping all points of the  geometry to a regular grid
+          snapToGrid: false,
+
+          // SQL queries will be wrapped with ST_ClipByBox2D
+          // Returning the portion of a geometry falling within a rectangle
+          // It will only work if snapToGrid is enabled
+          clipByBox2d: false, // this requires postgis >=2.2 and geos >=3.5
+
+          limits: {
+              // Time in milliseconds a render request can take before it fails, some notes:
+              //  - 0 means no render limit
+              //  - it considers metatiling, naive implementation: (render timeout) * (number of tiles in metatile)
+              render: 0,
+              // As the render request will finish even if timed out, whether it should be placed in the internal
+              // cache or it should be fully discarded. When placed in the internal cache another attempt to retrieve
+              // the same tile will result in an immediate response, however that will use a lot of more application
+              // memory. If we want to enforce this behaviour we have to implement a cache eviction policy for the
+              // internal cache.
+              cacheOnTimeout: true
+          }
+      },
+      http: {
+          timeout: 2000, // the timeout in ms for a http tile request
+          proxy: undefined, // the url for a proxy server
+          whitelist: [ // the whitelist of urlTemplates that can be used
+              '.*', // will enable any URL
+              'http://{s}.example.com/{z}/{x}/{y}.png'
+          ],
+          // image to use as placeholder when urlTemplate is not in the whitelist
+          // if provided the http renderer will use it instead of throw an error
+          fallbackImage: {
+              type: 'fs', // 'fs' and 'url' supported
+              src: __dirname + '/../../assets/default-placeholder.png'
+          }
+      },
+      torque: {
+          dbPoolParams: {
+              // maximum number of resources to create at any given time
+              size: 16,
+              // max milliseconds a resource can go unused before it should be destroyed
+              idleTimeout: 3000,
+              // frequency to check for idle resources
+              reapInterval: 1000
+          }
+      }
    }
    ,millstone: {
        // Needs to be writable by server user
@@ -97,38 +183,47 @@ var config = {
        // by 2 to know how many possible connections will be
        // kept open by the server. The default is 50.
        max: 50,
+        returnToHead: true, // defines the behaviour of the pool: false => queue, true => stack
        idleTimeoutMillis: 30000, // idle time before dropping connection
        reapIntervalMillis: 1000, // time between cleanups
+        slowQueries: {
+            log: true,
+            elapsedThreshold: 200
+        },
        slowPool: {
            log: true, // whether a slow acquire must be logged or not
            elapsedThreshold: 25 // the threshold to determine an slow acquire must be reported or not
-        }
+        },
+        emitter: {
+            statusInterval: 5000 // time, in ms, between each status report is emitted from the pool, status is sent to statsd
+        },
+        unwatchOnRelease: false, // Send unwatch on release, see http://github.com/CartoDB/Windshaft-cartodb/issues/161
+        noReadyCheck: true // Check `no_ready_check` at https://github.com/mranney/node_redis/tree/v0.12.1#overloading
    }
-    ,sqlapi: {
-        protocol: 'https',
-        // If "host" is given, it will be used
-        // to connect to the SQL-API without a
-        // DNS lookup
-        //host: '127.0.0.1',
-        port: 8080,
-        // The "domain" part will be appended to 
-        // the cartodb username and passed to
-        // SQL-API requests in the Host HTTP header
-        domain: 'cartodb.com',
-        version: 'v2',
-        // Maximum lenght of SQL query for GET
-        // requests. Longer queries will be sent
-        // using POST. Defaults to 2048
-        max_get_sql_length: 2048,
-        // Maximum time to wait for a response,
-        // in milliseconds. Defaults to 100.
-        timeout: 100
+    // For more details about this options check https://nodejs.org/api/http.html#http_new_agent_options
+    ,httpAgent: {
+        keepAlive: true,
+        keepAliveMsecs: 1000,
+        maxSockets: 25,
+        maxFreeSockets: 256
    }
    ,varnish: {
        host: 'localhost',
-        port: 6082,
+        port: 6082, // the por for the telnet interface where varnish is listening to
+        http_port: 6081, // the port for the HTTP interface where varnish is listening to
+        purge_enabled: false, // whether the purge/invalidation mechanism is enabled in varnish or not
        secret: 'xxx',
-        ttl: 86400
+        ttl: 86400,
+        layergroupTtl: 86400 // the max-age for cache-control header in layergroup responses
+    }
+    // this [OPTIONAL] configuration enables invalidating by surrogate key in fastly
+    ,fastly: {
+        // whether the invalidation is enabled or not
+        enabled: false,
+        // the fastly api key
+        apiKey: 'wadus_api_key',
+        // the service that will get surrogate key invalidation
+        serviceId: 'wadus_service_id'
    }
    // If useProfiler is true every response will be served with an
    // X-Tiler-Profile header containing elapsed timing for various 
@@ -140,14 +235,22 @@ var config = {
        https: 'cartocdn.global.ssl.fastly.net'
      }
    }
-    // Optional rollbar support
-    ,rollbar: {
-      token: 'secret',
-      // See http://github.com/rollbar/node_rollbar#configuration-reference
-      options: {
-        endpoint: 'https://api.rollbar.com/api/1/',
-        handler: 'inline'
-      }
+    // Settings for the health check available at /health
+    ,health: {
+      enabled: false,
+      username: 'localhost',
+      z: 0,
+      x: 0,
+      y: 0
+    }
+    ,disabled_file: 'pids/disabled'
+
+    // Use this as a feature flags enabling/disabling mechanism
+    ,enabledFeatures: {
+        // whether it should intercept tile render errors an act based on them, enabled by default.
+        onTileErrorStrategy: true,
+        // whether the affected tables for a given SQL must query directly postgresql or use the SQL API
+        cdbQueryTablesFromPostgres: true
    }
 };

--- a/config/environments/test.js.example
+++ b/config/environments/test.js.example
@@ -2,6 +2,9 @@ var config = {
     environment: 'test'
    ,port: 8888
    ,host: '127.0.0.1'
+    // Size of the threadpool which can be used to run user code and get notified in the loop thread
+    // Its default size is 4, but it can be changed at startup time (the absolute maximum is 128).
+    // See http://docs.libuv.org/en/latest/threadpool.html
    ,uv_threadpool_size: undefined
    // Regular expression pattern to extract username
    // from hostname. Must have a single grabbing block.
@@ -14,13 +17,11 @@ var config = {
    // Base url for the Templated Maps API
    // "/api/v1/map/named" is the new API,
    // "/tiles/template" is for compatibility with versions up to 1.6.x
-    ,base_url_templated: '(?:/api/v1/map/named|/tiles/template)'
+    ,base_url_templated: '(?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)'
    // Base url for the Detached Maps API
    // "maps" is the the new API,
    // "tiles/layergroup" is for compatibility with versions up to 1.6.x
-    ,base_url_detached: '(?:/api/v1/map|/tiles/layergroup)'
-    // Base url for the Inline Maps and Table Maps API
-    ,base_url_legacy: '/tiles/:table'
+    ,base_url_detached: '(?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)'

    // Maximum number of connections for one process
    // 128 is a good value with a limit of 1024 open file descriptors
@@ -50,13 +51,14 @@ var config = {
    ,postgres: {
        // Parameters to pass to datasource plugin of mapnik
        // See http://github.com/mapnik/mapnik/wiki/PostGIS
-        user: "testpublicuser",
+        user: "test_windshaft_publicuser",
        password: "public",
        host: '127.0.0.1',
        port: 5432,
        extent: "-20037508.3,-20037508.3,20037508.3,20037508.3",
        row_limit: 65535,
        simplify_geometries: true,
+        use_overviews: true, // use overviews to retrieve raster
        /*
         * Set persist_connection to false if you want
         * database connections to be closed on renderer
@@ -79,8 +81,94 @@ var config = {
    ,renderer: {
      // Milliseconds since last access before renderer cache item expires
      cache_ttl: 60000,
-      metatile: 4,
-      bufferSize: 64
+      statsInterval: 5000, // milliseconds between each report to statsd about number of renderers and mapnik pool status
+      mapnik: {
+          // The size of the pool of internal mapnik backend
+          // This pool size is per mapnik renderer created in Windshaft's RendererFactory
+          // See https://github.com/CartoDB/Windshaft/blob/master/lib/windshaft/renderers/renderer_factory.js
+          // Important: check the configuration of uv_threadpool_size to use suitable value
+          poolSize: 8,
+
+          // Metatile is the number of tiles-per-side that are going
+          // to be rendered at once. If all of them will be requested
+          // we'd have saved time. If only one will be used, we'd have
+          // wasted time.
+          metatile: 2,
+
+          // tilelive-mapnik uses an internal cache to store tiles/grids
+          // generated when using metatile. This options allow to tune
+          // the behaviour for that internal cache.
+          metatileCache: {
+              // Time an object must stay in the cache until is removed
+              ttl: 0,
+              // Whether an object must be removed after the first hit
+              // Usually you want to use `true` here when ttl>0.
+              deleteOnHit: false
+          },
+
+          // Override metatile behaviour depending on the format
+          formatMetatile: {
+              png: 2,
+              'grid.json': 1
+          },
+
+          // Buffer size is the tickness in pixel of a buffer
+          // around the rendered (meta?)tile.
+          //
+          // This is important for labels and other marker that overlap tile boundaries.
+          // Setting to 128 ensures no render artifacts.
+          // 64 may have artifacts but is faster.
+          // Less important if we can turn metatiling on.
+          bufferSize: 64,
+
+          // SQL queries will be wrapped with ST_SnapToGrid
+          // Snapping all points of the  geometry to a regular grid
+          snapToGrid: false,
+
+          // SQL queries will be wrapped with ST_ClipByBox2D
+          // Returning the portion of a geometry falling within a rectangle
+          // It will only work if snapToGrid is enabled
+          clipByBox2d: false, // this requires postgis >=2.2 and geos >=3.5
+
+          limits: {
+              // Time in milliseconds a render request can take before it fails, some notes:
+              //  - 0 means no render limit
+              //  - it considers metatiling, naive implementation: (render timeout) * (number of tiles in metatile)
+              render: 0,
+              // As the render request will finish even if timed out, whether it should be placed in the internal
+              // cache or it should be fully discarded. When placed in the internal cache another attempt to retrieve
+              // the same tile will result in an immediate response, however that will use a lot of more application
+              // memory. If we want to enforce this behaviour we have to implement a cache eviction policy for the
+              // internal cache.
+              cacheOnTimeout: true
+          }
+      },
+      http: {
+          timeout: 2000, // the timeout in ms for a http tile request
+          proxy: undefined, // the url for a proxy server
+          whitelist: [ // the whitelist of urlTemplates that can be used
+              '.*', // will enable any URL
+              'http://{s}.example.com/{z}/{x}/{y}.png',
+              // for testing purposes
+              'http://{s}.basemaps.cartocdn.com/dark_nolabels/{z}/{x}/{y}.png'
+          ],
+          // image to use as placeholder when urlTemplate is not in the whitelist
+          // if provided the http renderer will use it instead of throw an error
+          fallbackImage: {
+              type: 'fs', // 'fs' and 'url' supported
+              src: __dirname + '/../../assets/default-placeholder.png'
+          }
+      },
+      torque: {
+          dbPoolParams: {
+              // maximum number of resources to create at any given time
+              size: 16,
+              // max milliseconds a resource can go unused before it should be destroyed
+              idleTimeout: 3000,
+              // frequency to check for idle resources
+              reapInterval: 1000
+          }
+      }
    }
    ,millstone: {
        // Needs to be writable by server user
@@ -97,45 +185,69 @@ var config = {
        // by 2 to know how many possible connections will be
        // kept open by the server. The default is 50.
        max: 50,
+        returnToHead: true, // defines the behaviour of the pool: false => queue, true => stack
        idleTimeoutMillis: 1, // idle time before dropping connection
        reapIntervalMillis: 1, // time between cleanups
+        slowQueries: {
+            log: true,
+            elapsedThreshold: 200
+        },
        slowPool: {
            log: true, // whether a slow acquire must be logged or not
            elapsedThreshold: 25 // the threshold to determine an slow acquire must be reported or not
-        }
+        },
+        emitter: {
+            statusInterval: 5000 // time, in ms, between each status report is emitted from the pool, status is sent to statsd
+        },
+        unwatchOnRelease: false, // Send unwatch on release, see http://github.com/CartoDB/Windshaft-cartodb/issues/161
+        noReadyCheck: true // Check `no_ready_check` at https://github.com/mranney/node_redis/tree/v0.12.1#overloading
    }
-    ,sqlapi: {
-        protocol: 'http',
-        // If "host" is given, it will be used
-        // to connect to the SQL-API without a
-        // DNS lookup
-        host: '127.0.0.1',
-        port: 1080,
-        // The "domain" part will be appended to 
-        // the cartodb username and passed to
-        // SQL-API requests in the Host HTTP header
-        domain: 'donot_look_this_up',
-        // This port will be used by "make check" for testing purposes
-        // It must be available
-        version: 'v1',
-        // Maximum lenght of SQL query for GET
-        // requests. Longer queries will be sent
-        // using POST. Defaults to 2048
-        max_get_sql_length: 2048,
-        // Maximum time to wait for a response,
-        // in milliseconds. Defaults to 100.
-        timeout: 100
+    // For more details about this options check https://nodejs.org/api/http.html#http_new_agent_options
+    ,httpAgent: {
+        keepAlive: true,
+        keepAliveMsecs: 1000,
+        maxSockets: 25,
+        maxFreeSockets: 256
    }
    ,varnish: {
        host: '',
-        port: null,
+        port: null, // the por for the telnet interface where varnish is listening to
+        http_port: 6081, // the port for the HTTP interface where varnish is listening to
+        purge_enabled: false, // whether the purge/invalidation mechanism is enabled in varnish or not
        secret: 'xxx',
-        ttl: 86400
+        ttl: 86400,
+        layergroupTtl: 86400 // the max-age for cache-control header in layergroup responses
+    }
+    // this [OPTIONAL] configuration enables invalidating by surrogate key in fastly
+    ,fastly: {
+        // whether the invalidation is enabled or not
+        enabled: false,
+        // the fastly api key
+        apiKey: 'wadus_api_key',
+        // the service that will get surrogate key invalidation
+        serviceId: 'wadus_service_id'
    }
    // If useProfiler is true every response will be served with an
    // X-Tiler-Profile header containing elapsed timing for various 
    // steps taken for producing the response.
    ,useProfiler:true
+    // Settings for the health check available at /health
+    ,health: {
+      enabled: false,
+      username: 'localhost',
+      z: 0,
+      x: 0,
+      y: 0
+    }
+    ,disabled_file: 'pids/disabled'
+
+    // Use this as a feature flags enabling/disabling mechanism
+    ,enabledFeatures: {
+        // whether it should intercept tile render errors an act based on them, enabled by default.
+        onTileErrorStrategy: true,
+        // whether the affected tables for a given SQL must query directly postgresql or use the SQL API
+        cdbQueryTablesFromPostgres: true
+    }
 };

 module.exports = config;
--- a/15
+++ b/15
@@ -20,7 +20,6 @@
 ENVDIR=config/environments

 PGPORT=
-SQLAPI_PORT=
 MAPNIK_VERSION=
 ENVIRONMENT=development

@@ -32,7 +31,6 @@ usage() {
  echo "Configuration:"
  echo "  --help                        display this help and exit"
  echo "  --with-pgport=NUM             access PostgreSQL server on TCP port NUM [$PGPORT]"
-  echo "  --with-sqlapi-port=NUM        access SQL-API server on TCP port NUM [$SQLAPI_PORT]"
  echo "  --with-mapnik-version=STRING  set mapnik version string [$MAPNIK_VERSION]"
  echo "  --environment=STRING          set output environment name [$ENVIRONMENT]"
 }
@@ -46,9 +44,6 @@ while test -n "$1"; do
    --with-pgport=*)
      PGPORT=`echo "$1" | cut -d= -f2`
      ;;
-    --with-sqlapi-port=*)
-      SQLAPI_PORT=`echo "$1" | cut -d= -f2`
-      ;;
    --with-mapnik-version=*)
      MAPNIK_VERSION=`echo "$1" | cut -d= -f2`
      ;;
@@ -56,9 +51,8 @@ while test -n "$1"; do
      ENVIRONMENT=`echo "$1" | cut -d= -f2`
      ;;
    *)
-      echo "Unknown option '$1'" >&2
-      usage >&2
-      exit 1
+      echo "Unused option '$1'" >&2
+      ;;
  esac
  shift
 done
@@ -68,12 +62,8 @@ ENVEX=./${ENVDIR}/${ENVIRONMENT}.js.example
 if [ -z "$PGPORT" ]; then
  PGPORT=`node -e "console.log(require('${ENVEX}').postgres.port)"`
 fi
-if [ -z "$SQLAPI_PORT" ]; then
-  SQLAPI_PORT=`node -e "console.log(require('${ENVEX}').sqlapi.port)"`
-fi

 echo "PGPORT: $PGPORT"
-echo "SQLAPI_PORT: $SQLAPI_PORT"
 echo "MAPNIK_VERSION: $MAPNIK_VERSION"
 echo "ENVIRONMENT: $ENVIRONMENT"

@@ -83,7 +73,6 @@ echo "Writing $o"
 # See http://austinmatzko.com/2008/04/26/sed-multi-line-search-and-replace/
 sed -n "1h;1!H;\${;g;s/\(,postgres: {[^}]*port: *'\?\)[^',]*\('\?,\)/\1$PGPORT\2/;p;}" < "${ENVEX}" \
  | sed "s/mapnik_version:.*/mapnik_version: '$MAPNIK_VERSION'/" \
-  | sed -n "1h;1!H;\${;g;s/\(,sqlapi: {[^}]*port: *'\?\)[^',]*\('\?,\)/\1$SQLAPI_PORT\2/;p;}" \
  > "$o"

 STATUSFILE=config.status--${ENVIRONMENT}
--- a/docs/Map-API-internal.md
+++ b/docs/Map-API-internal.md
@@ -1,111 +0,0 @@
-# Kind of maps
-
-Windshaft-CartoDB supports these kind of maps:
-
- - [Temporary maps](#temporary-maps) (created by anyone)
-   - [Detached maps](#detached-maps)
-   - [Inline maps](#inline-maps) (legacy)
- - [Persistent maps](#peristent-maps) (created by CartDB user)
-   - [Template maps](#template-maps)
-   - [Table maps](#table-maps) (legacy, deprecated) 
-
-## Temporary maps
-
-Temporary maps have no owners and are anonymous in nature.
-There are two kind of temporary maps:
-
- - Detached maps (aka MultiLayer-API)
- - Inline maps 
-
-### Detached maps
-
-Detached maps are maps which are configured with a request
-obtaining a temporary token and then used by referencing
-the obtained token. The token expires automatically when unused.
-
-Anyone can create detached maps, but users will need read access
-to the data source of the map layers.
-
-The configuration format is a [MapConfig]
-(http://github.com/CartoDB/Windshaft/wiki/MapConfig-specification) document.
-
-The HTTP endpoints for creating the map and using it are described [here]
-(http://github.com/CartoDB/Windshaft-cartodb/wiki/MultiLayer-API)
-
-*TODO* cleanup the referenced document
-
-### Inline maps
-
-Inline maps are maps that only exist for a single request,
-being the request for a specific map resource (tile).
-
-Inline maps are always bound to a table, and can only be
-obtained by those having read access to the that table.
-Additionally, users need to have access to any datasource
-specified as part of the configuration.
-
-Inline maps only support PNG and UTF8GRID tiles.
-
-The configuration consist in a set of parameters, to be
-specified in the query string of the tile request:
-
- * sql - the query to run as datasource, can be an array
- * style - the CartoCSS style for the datasource, can be an array
- * style_version - version of the CartoCSS style, can be an array
- * interactivity - only for fetching UTF8GRID, 
-
-If the style is not provided, style of the associated table is
-used; if the sql is not provided, all records of the associated
-table are used as the datasource; the two possibilities result
-in a mix between _inline_ maps and [Table maps][].
-
-*TODO* specify (or link) api endpoints
-
-## Persistent maps
-
-Persistent maps can only be created by a CartoDB user who has full
-responsibility over editing and deleting them. There are two
-kind of persistent maps:
-
- - Template maps 
- - Table maps (legacy, deprecated) 
-
-### Templated maps
-
-Templated maps are templated [MapConfig]
-(http://github.com/CartoDB/Windshaft/wiki/MapConfig-specification) documents
-associated with an authorization certificate.
-
-The authorization certificate determines who can instanciate the
-template and use the resulting map. Authorized users of the instanciated
-maps will have the same database access privilege of the template owner.
-
-The HTTP endpoints for creating and using templated maps are described [here]
-(http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps).
-
-*TODO* cleanup the referenced document
-
-### Table maps
-
-Table maps are maps associated with a table.
-Configuration of such maps is limited to the CartoCSS style.
-
- * style - the CartoCSS style for the datasource, can be an array
- * style_version - version of the CartoCSS style, can be an array
-
-You can only fetch PNG or UTF8GRID tiles from these maps.
-
-Access method is the same as the one for [Inline maps](#inline-maps)
-
-# Endpoints description 
-
- **/api/maps/** (same interface than https://github.com/CartoDB/Windshaft/wiki/Multilayer-API)
- **/api/maps/named** (same interface than https://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps)
-
-
-NOTE: in case Multilayer-API does not contain this info yet, the
-      endpoint for fetching attributes is this:
-
- **/api/maps/:map_id/:layer_index/attributes/:feature_id** 
-   - would return { c: 1, d: 2 }
-
--- a/docs/Map-API.md
+++ b/docs/Map-API.md
--- a/docs/MapConfig-NamedMaps-extension.md
+++ b/docs/MapConfig-NamedMaps-extension.md
@@ -0,0 +1,56 @@
+# 1. Purpose
+
+This specification describes an extension for
+[MapConfig 1.3.0](https://github.com/CartoDB/Windshaft/blob/master/doc/MapConfig-1.3.0.md) version.
+
+
+# 2. Changes over specification
+
+This extension introduces a new layer type so it's possible to use a named map by its name as a layer.
+
+## 2.1 Named layers definition
+
+```javascript
+{
+    // REQUIRED
+    // string, `named` is the only supported value
+    type: "named",
+
+    // REQUIRED
+    // object, set `named` map layers configuration
+    options: {
+
+        // REQUIRED
+        // string, the name for the named map to use
+        name: "world_borders",
+
+        // OPTIONAL
+        // object, the replacement values for the named map's template placeholders
+        // See https://github.com/CartoDB/Windshaft-cartodb/blob/master/docs/Map-API.md#instantiate-1 for more details
+        config: {
+            "color": "#000"
+        },
+
+        // OPTIONAL
+        // string array, the authorized tokens in case the named map has auth method set to `token`
+        // See https://github.com/CartoDB/Windshaft-cartodb/blob/master/docs/Map-API.md#named-maps-1 for more details
+        auth_tokens: [
+            "token1",
+            "token2"
+        ]
+    }
+}
+```
+
+## 2.2 Limitations
+
+1. A Named Map will not allow to have `named` type layers inside their templates layergroup's layers definition.
+2. A `named` layer does not allow Named Maps form other accounts, it's only possible to use Named Maps from the very
+same user account.
+
+
+# History
+
+## 1.0.0
+
+ - Initial version
--- a/docs/MultiLayer-API.md
+++ b/docs/MultiLayer-API.md
@@ -1,4 +1,4 @@
-The Windshaft-CartoDB MultiLayer API extends the [Windshaft MultiLayer API](https://github.com/Vizzuality/Windshaft/wiki/Multilayer-API) in a few ways.
+The Windshaft-CartoDB MultiLayer API extends the [Windshaft MultiLayer API](https://github.com/CartoDB/Windshaft/blob/master/doc/Multilayer-API.md) in a few ways.

 ## Last modification timestamp embedded in the token

@@ -25,4 +25,4 @@ Windshaft-CartoDB adds the following attributes in the response object

 ## Stats tag

-Windshaft-CartoDB adds support for a ``stat_tag`` element in the multilayer configuration to help [stats](Redis-stats-format) gathering.
+Windshaft-CartoDB adds support for a ``stat_tag`` element in the multilayer configuration to help [stats](https://github.com/CartoDB/Windshaft-cartodb/wiki/Redis-stats-format) gathering.
--- a/docs/Routes.md
+++ b/docs/Routes.md
@@ -0,0 +1,104 @@
+This document list all routes available in Windshaft-cartodb Maps API server.
+
+## Routes list
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/:token/:z/:x/:y@:scale_factor?x.:format {:user(f),:token(f),:z(f),:x(f),:y(f),:scale_factor(t),:format(f)} (1)`
+<br/>Notes: Mapnik retina tiles [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/:token/:z/:x/:y.:format {:user(f),:token(f),:z(f),:x(f),:y(f),:format(f)} (1)`
+<br/>Notes: Mapnik tiles [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/:token/:layer/:z/:x/:y.(:format) {:user(f),:token(f),:layer(f),:z(f),:x(f),:y(f),:format(f)} (1)`
+<br/>Notes: Per :layer rendering based on :format [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup) {:user(f)} (1)`
+<br/>Notes: Map instantiation [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/:token/:layer/attributes/:fid {:user(f),:token(f),:layer(f),:fid(f)} (1)`
+<br/>Notes: Endpoint for info windows data, alternative for sql api when tables are private [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/static/center/:token/:z/:lat/:lng/:width/:height.:format {:user(f),:token(f),:z(f),:lat(f),:lng(f),:width(f),:height(f),:format(f)} (1)`
+<br/>Notes: Static Maps API [0]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format {:user(f),:token(f),:west(f),:south(f),:east(f),:north(f),:width(f),:height(f),:format(f)} (1)`
+<br/>Notes: Static Maps API [0]
+
+1. `GET / {} (1)`
+<br/>Notes: Welcome message
+
+1. `GET /version {} (1)`
+<br/>Notes: Return relevant module versions: mapnik, grainstore, etc
+
+1. `GET (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id/jsonp {:user(f),:template_id(f)} (1)`
+<br/>Notes: Named maps JSONP instantiation [1]
+
+1. `GET (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id {:user(f),:template_id(f)} (1)`
+<br/>Notes: Named map retrieval (w/ API KEY) [1]
+
+1. `GET (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template) {:user(f)} (1)`
+<br/>Notes: List named maps (w/ API KEY) [1]
+
+1. `GET (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup)/static/named/:template_id/:width/:height.:format {:user(f),:template_id(f),:width(f),:height(f),:format(f)} (1)`
+<br/>Notes: Static map for named maps
+
+1. `GET /health {} (1)`
+<br/>Notes: Healt check
+
+1. `OPTIONS (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup) {:user(f)} (1)`
+<br/>Notes: CORS [0]
+
+1. `OPTIONS (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id {:user(f),:template_id(f)} (1)`
+<br/>Notes: CORS [1]
+
+1. `POST (?:/api/v1/map|/user/:user/api/v1/map|/tiles/layergroup) {:user(f)} (1)`
+<br/>Notes: Map instantiation [0]
+
+1. `POST (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template) {:user(f)} (1)`
+<br/>Notes: Create named map (w/ API KEY) [1]
+
+1. `POST (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id {:user(f),:template_id(f)} (1)`
+<br/>Notes: Instantiate named map [1]
+
+1. `PUT (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id {:user(f),:template_id(f)} (1)`
+<br/>Notes: Update a named map (w/ API KEY) [1]
+
+1. `DELETE (?:/api/v1/map/named|/user/:user/api/v1/map/named|/tiles/template)/:template_id {:user(f),:template_id(f)} (1)`
+<br/>Notes: Delete named map (w/ API KEY) [1]
+
+## Optional deprecated routes
+
+- [0] `/tiles/layergroup` is deprecated and `/api/v1/map` should be used but we keep it for now.
+- [1] `/tiles/template` is deprecated and `/api/v1/map/named` should be used but we keep it for now.
+
+## How to generate the list of routes
+
+Something like the following patch should do the trick
+
+```javascript
+diff --git a/lib/cartodb/cartodb_windshaft.js b/lib/cartodb/cartodb_windshaft.js
+index b9429a2..e6cc5f9 100644
+--- a/lib/cartodb/cartodb_windshaft.js
+++ b/lib/cartodb/cartodb_windshaft.js
+@@ -212,6 +212,20 @@ var CartodbWindshaft = function(serverOptions) {
+         }
+     });
+
+    var format = require('util').format;
+    var routesNotes = Object.keys(ws.routes.routes)
+        .map(function(method) { return ws.routes.routes[method]; })
+        .reduce(function(previous, current) { current.map(function(r) { previous.push(r) }); return previous;}, [])
+        .map(function(route) {
+            return format("\n1. `%s %s {%s} (%d)`\n<br/>Notes: [DEPRECATED]? ",
+                route.method.toUpperCase(),
+                route.path,
+                route.keys.map(function(k) { return format(':%s(%s)', k.name, k.optional ? 't' : 'f'); } ).join(','),
+                route.callbacks.length
+            );
+        });
+    console.log(routesNotes.join('\n'));
+
+     return ws;
+ };
+
+
+```
--- a/docs/Template-maps.md
+++ b/docs/Template-maps.md
@@ -1,293 +0,0 @@
-Template maps are layergroup configurations that rather than being
-fully defined contain variables that can be set to produce a different
-layergroup configurations (instantiation).
-
-Template maps are persistent, can only be created and deleted by the
-CartoDB user showing a valid API_KEY.
-
-Instantiating a signed template map would result in a [signed
-map](https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps)
-instance that would be signed with the same signature as the template.
-
-Deleting a signed template results in deletion of all signatures created
-as a result of instantiation.
-
-
-# Template format
-
-A templated layergroup would allow using placeholders
-in the "cartocss" and "sql" elements in the "option"
-field of any "layer" of a layergroup configuration
-(see https://github.com/CartoDB/Windshaft/wiki/MapConfig-specification).
-
-Valid placeholder names start with a letter and can only
-contain letters, numbers or underscores. They have to be
-written between ``<%= `` and `` %>`` strings in order to be 
-replaced. Example: ``<%= my_color %>``.
-
-The set of supported placeholders for a template will need to be
-explicitly defined specifying type and default value for each.
-
-**placeholder types**
-
-Placeholder type will determine the kind of escaping for the
-associated value. Supported types are:
-
- * sql_literal (internal single-quotes will be sql-escaped)
- * sql_ident (internal double-quotes will be sql-escaped)
- * number (can only contain numerical representation)
- * css_color (can only contain color names or hex-values)
- * ... (add more as need arises)
-
-Placeholder default value will be used when not provided at
-instantiation time and could be used to test validity of the
-template by creating a default instance.
-
-Additionally you'll be able to embed an authorization
-certificate that would be used to sign any instance of the template.
-
-```js
-// template.json 
-{
-  version: "0.0.1",
-  // there can be at most 1 template with the same name for any user 
-  // valid names start with a letter and only contains letter, numbers
-  // or underscores
-  name: "template_name", 
-  // embedded authorization certificate
-  auth: {
-   // See https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps
-   method: "token", // or "open" (the default if no "method" is given)
-   // only (required and non empty) for "token" method
-   valid_tokens: ["auth_token1","auth_token2"]
-  },
-  // Variables not listed here are not substituted
-  // Variable not provided at instantiation time trigger an error
-  // A default is required for optional variables
-  // Type specification is used for quoting, to avoid injections
-  placeholders: {
-      color: {
-        type:"css_color",
-        default:"red"
-      },
-      cartodb_id: {
-        type:"number",
-        default: 1
-      }
-  },
-  layergroup: {
-   // see https://github.com/CartoDB/Windshaft/wiki/MapConfig-specification
-   "version": "1.0.1",
-   "layers": [{
-    "type": "cartodb",
-    "options": {
-      "cartocss_version": "2.1.1", 
-      "cartocss": "#layer { polygon-fill: <%= color %>; }",
-      "sql": "select * from european_countries_e WHERE cartodb_id = <%= cartodb_id %>"
-    }
-   }]
-  } 
-}
-```
-
-# Creating a templated map
-
-You can create a signed template map with a single call (for simplicity).
-You'd use a POST sending JSON data:
-
-```sh
-curl -X POST \
-   -H 'Content-Type: application/json' \
-   -d @template.json \
-   'https://docs.cartodb.com/tiles/template?api_key=APIKEY'
-```
-
-The response would be like this:
-```js
-{
-   "template_id":"@template_name"
-}
-```
-
-If a template with the same name exists in the user storage,
-a 400 response is generated.
-
-Errors are in this form:
-```js
-{
-   "error":"Some error string here"
-}
-```
-
-# Updating an existing template
-
-Update of a template map implies removal all signatures from previous
-map instances.
-
-You can update a signed template map with a PUT:
-
-```sh
-curl -X PUT \
-   -H 'Content-Type: application/json' \
-   -d @template.json \
-   'https://docs.cartodb.com/tiles/template/:template_name?api_key=APIKEY'
-```
-A template with the same name will be updated, if any.
-
-The response would be like this:
-```js
-{
-   "template_id":"@template_name"
-}
-```
-
-If a template with the same name does NOT exist,
-a 400 HTTP response is generated with an error in this format:
-
-```js
-{
-   "error":"Some error string here"
-}
-```
-
-
-# Listing available templates
-
-You can get a list of available templates with a GET to ``/template``.
-A valid api_key is required.
-
-```sh
-curl -X GET 'https://docs.cartodb.com/tiles/template?api_key=APIKEY'
-```
-
-The response would be like this:
-```js
-{
-   "template_ids": ["@template_name1","@template_name2"]
-}
-```
-
-Or, on error:
-
-```js
-{
-   "error":"Some error string here"
-}
-```
-
-# Getting a specific template
-
-You can get the definition of a template with a
-GET to ``/template/:template_name``.
-A valid api_key is required.
-
-Example:
-
-```sh
-curl -X GET 'https://docs.cartodb.com/tiles/template/@template_name?auth_token=AUTH_TOKEN'
-```
-
-The response would be like this:
-```js
-{
-   "template": {...}  // see template.json above
-}
-```
-
-Or, on error:
-
-```js
-{
-   "error":"Some error string here"
-}
-```
-
-# Instantiating a template map
-
-You can instantiate a template map passing all required parameters with
-a POST to ``/template/:template_name``.
-
-Valid credentials will be needed, if required by the template.
-
-```js
-// params.js
-{
- color: '#ff0000',
- cartodb_id: 3
-}
-```
-
-```sh
-curl -X POST \
-  -H 'Content-Type: application/json' \
-  -d @params.js \
-  'https://docs.cartodb.com/tiles/template/@template_name?auth_token=AUTH_TOKEN'
-
-```
-
-The response would be like this:
-```js
-{
-   "layergroupid":"docs@fd2861af@c01a54877c62831bb51720263f91fb33:123456788",
-   "last_updated":"2013-11-14T11:20:15.000Z"
-}
-```
-
-or, on error:
-
-```js
-{
-   "error":"Some error string here"
-}
-```
-
-You can then use the ``layergroupid`` for fetching tiles and grids as you do
-normally ( see https://github.com/CartoDB/Windshaft/wiki/Multilayer-API).
-But you'll still have to show the ``auth_token``, if required by the template
-(see https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps)
-
-Instances of a signed template map will be signed with the same signature
-certificate associated with the template. Such certificate would contain
-a reference to the template identifier, so that it can be revoked every
-time the template is updated or deleted. 
-
-### using JSONP
-There is also a special endpoint to be able to instanciate using JSONP (for old browsers)
-
-```
-curl 'https://docs.cartodb.com/tiles/template/@template_name/jsonp?auth_token=AUTH_TOKEN&callback=function_name&config=template_params_json'
-```
-
-it takes the ``callback`` function (required), ``auth_token`` in case the template needs auth and ``config`` which is the variabñes for the template (in case it has variables). For example config may be created (using javascript)
-```
-url += "config=" + encodeURIComponent(
-JSON.stringify({ color: 'red' });
-```
-
-the response it's in this format:
-```
-jQuery17205720721024554223_1390996319118(
-{
-layergroupid: "dev@744bd0ed9b047f953fae673d56a47b4d:1390844463021.1401",
-last_updated: "2014-01-27T17:41:03.021Z"
-}
-)
-```
-# Deleting a template map
-
-Deletion of a template map will imply removal all instance signatures
-
-You can delete a templated map with a DELETE to ``/template/:template_name``:
-
-```sh
-curl -X DELETE 'https://docs.cartodb.com/tiles/template/@template_name?auth_token=AUTH_TOKEN'
-```
-
-On success, a 204 (No Content) response would be issued.
-Otherwise a 4xx response with this format:
-
-```js
-{
-   "error":"Some error string here"
-}
-```
--- a/docs/metrics.md
+++ b/docs/metrics.md
@@ -25,13 +25,10 @@ Again, each inner timer may have several inner timers.
 - **TemplateMaps_instance**: time to retrieve a map template instance, see *getTemplate* and *authorizedByCert*
 - **affectedTables**: time to check what are the affected tables for adding the cache channel, see *addCacheChannel*
 - **authorize**: time to authorize a request, see *authorizedByAPIKey*, *authorizedByCert*, *authorizedBySigner*
- **authorizedByAPIKey**: time to authorize using an API KEY
- **authorizedByCert**: time to authorize a request by a cert, see [signed map](https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps)
- **authorizedBySigner**: time to authorize a request for a [signed map](https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps)
+- **authorizedByCert**: time to authorize a template instantiation
 - **findLastUpdated**: time to retrieve the last update time for a list of tables, see *affectedTables*
- **fingerPrint**: time to create a fingerprint for a signed map
 - **generateCacheChannel**: time to generate the headers for the cache channel based on the request, see *addCacheChannel*
- **getSignerMapKey**: time to retrieve from redis the authorized key for a signed map
+- **getSignerMapKey**: time to retrieve from redis the authorized user for a template map
 - **getTablePrivacy**: time to retrieve from redis the privacy of a table
 - **getTemplate**: time to retrieve from redis the template for a map
 - **getUserMapKey**: time to retrieve from redis the user key for a map
@@ -41,6 +38,5 @@ Again, each inner timer may have several inner timers.
 - **setDBAuth**: time to retrieve from redis and set db user and db password from a user
 - **setDBConn**: time to retrieve from redis and set db host and db name from a user
 - **setDBParams**: time to prepare all db params to be able to connect/query a database, see *setDBAuth* and *setDBConn*
- **signMap**: time to sign in redis layergroup for a map, see signed maps
 - **tablePrivacy_getUserDBName**: time to retrieve from redis the database for a user

--- a/lib/cartodb/api/auth_api.js
+++ b/lib/cartodb/api/auth_api.js
@@ -0,0 +1,141 @@
+var assert = require('assert');
+var step = require('step');
+
+/**
+ *
+ * @param {PgConnection} pgConnection
+ * @param metadataBackend
+ * @param {MapStore} mapStore
+ * @param {TemplateMaps} templateMaps
+ * @constructor
+ * @type {AuthApi}
+ */
+function AuthApi(pgConnection, metadataBackend, mapStore, templateMaps) {
+    this.pgConnection = pgConnection;
+    this.metadataBackend = metadataBackend;
+    this.mapStore = mapStore;
+    this.templateMaps = templateMaps;
+}
+
+module.exports = AuthApi;
+
+// Check if a request is authorized by a signer
+//
+// @param req express request object
+// @param callback function(err, signed_by) signed_by will be
+//                 null if the request is not signed by anyone
+//                 or will be a string cartodb username otherwise.
+//
+AuthApi.prototype.authorizedBySigner = function(req, callback) {
+    if ( ! req.params.token || ! req.params.signer ) {
+        return callback(null, false); // no signer requested
+    }
+
+    var self = this;
+
+    var layergroup_id = req.params.token;
+    var auth_token = req.params.auth_token;
+
+    this.mapStore.load(layergroup_id, function(err, mapConfig) {
+        if (err) {
+            return callback(err);
+        }
+
+        var authorized = self.templateMaps.isAuthorized(mapConfig.obj().template, auth_token);
+
+        return callback(null, authorized);
+    });
+};
+
+// Check if a request is authorized by api_key
+//
+// @param user
+// @param req express request object
+// @param callback function(err, authorized)
+//        NOTE: authorized is expected to be 0 or 1 (integer)
+//
+AuthApi.prototype.authorizedByAPIKey = function(user, req, callback) {
+    var givenKey = req.query.api_key || req.query.map_key;
+    if ( ! givenKey && req.body ) {
+        // check also in request body
+        givenKey = req.body.api_key || req.body.map_key;
+    }
+    if ( ! givenKey ) {
+        return callback(null, 0); // no api key, no authorization...
+    }
+
+    var self = this;
+
+    step(
+        function () {
+            self.metadataBackend.getUserMapKey(user, this);
+        },
+        function checkApiKey(err, val){
+            assert.ifError(err);
+            return val && givenKey === val;
+        },
+        function finish(err, authorized) {
+            callback(err, authorized);
+        }
+    );
+};
+
+/**
+ * Check access authorization
+ *
+ * @param req - standard req object. Importantly contains table and host information
+ * @param callback function(err, allowed) is access allowed not?
+ */
+AuthApi.prototype.authorize = function(req, callback) {
+    var self = this;
+    var user = req.context.user;
+
+    step(
+        function () {
+            self.authorizedByAPIKey(user, req, this);
+        },
+        function checkApiKey(err, authorized){
+            if (req.profiler) {
+                req.profiler.done('authorizedByAPIKey');
+            }
+            assert.ifError(err);
+
+            // if not authorized by api_key, continue
+            if (!authorized)  {
+                // not authorized by api_key, check if authorized by signer
+                return self.authorizedBySigner(req, this);
+            }
+
+            // authorized by api key, login as the given username and stop
+            self.pgConnection.setDBAuth(user, req.params, function(err) {
+                callback(err, true); // authorized (or error)
+            });
+        },
+        function checkSignAuthorized(err, authorized) {
+            if (err) {
+                return callback(err);
+            }
+
+            if ( ! authorized ) {
+                // request not authorized by signer.
+
+                // if no signer name was given, let dbparams and
+                // PostgreSQL do the rest.
+                //
+                if ( ! req.params.signer ) {
+                    return callback(null, true); // authorized so far
+                }
+
+                // if signer name was given, return no authorization
+                return callback(null, false);
+            }
+
+            self.pgConnection.setDBAuth(user, req.params, function(err) {
+                if (req.profiler) {
+                    req.profiler.done('setDBAuth');
+                }
+                callback(err, true); // authorized (or error)
+            });
+        }
+    );
+};
--- a/lib/cartodb/api/query_tables_api.js
+++ b/lib/cartodb/api/query_tables_api.js
@@ -1,7 +1,5 @@
-var sqlApi = require('../sql/sql_api'),
-    PSQL   = require('cartodb-psql');
-
-function QueryTablesApi() {
+function QueryTablesApi(pgQueryRunner) {
+    this.pgQueryRunner = pgQueryRunner;
 }

 var affectedTableRegexCache = {
@@ -13,33 +11,12 @@ var affectedTableRegexCache = {

 module.exports = QueryTablesApi;

-QueryTablesApi.prototype.getLastUpdatedTime = function (username, api_key, tableNames, callback) {
-    var sql = 'SELECT EXTRACT(EPOCH FROM max(updated_at)) as max FROM CDB_TableMetadata m WHERE m.tabname = any (ARRAY['+
-        tableNames.map(function(t) { return "'" + t + "'::regclass"; }).join(',') +
-        '])';

-    // call sql api
-    sqlApi.query(username, api_key, sql, function(err, rows){
-        if (err){
-            var msg = err.message ? err.message : err;
-            callback(new Error('could not find last updated timestamp: ' + msg));
-            return;
-        }
-        // when the table has not updated_at means it hasn't been changed so a default last_updated is set
-        var last_updated = 0;
-        if(rows.length !== 0) {
-            last_updated = rows[0].max || 0;
-        }
+QueryTablesApi.prototype.getAffectedTablesInQuery = function (username, sql, callback) {

-        callback(null, last_updated*1000);
-    });
-};
+    var query = 'SELECT CDB_QueryTablesText($windshaft$' + prepareSql(sql) + '$windshaft$)';

-QueryTablesApi.prototype.getAffectedTablesInQuery = function (username, options, sql, callback) {
-
-    var query = 'SELECT CDB_QueryTables($windshaft$' + prepareSql(sql) + '$windshaft$)';
-
-    runQuery(username, options, query, handleAffectedTablesInQueryRows, callback);
+    this.pgQueryRunner.run(username, query, handleAffectedTablesInQueryRows, callback);
 };

 function handleAffectedTablesInQueryRows(err, rows, callback) {
@@ -48,37 +25,37 @@ function handleAffectedTablesInQueryRows(err, rows, callback) {
        callback(new Error('could not fetch source tables: ' + msg));
        return;
    }
-    var qtables = rows[0].cdb_querytables;
-    var tableNames = qtables.split(/^\{(.*)\}$/)[1];
-    tableNames = tableNames ? tableNames.split(',') : [];
+
+    // This is an Array, so no need to split into parts
+    var tableNames = rows[0].cdb_querytablestext;
    callback(null, tableNames);
 }

-QueryTablesApi.prototype.getAffectedTablesAndLastUpdatedTime = function (username, options, sql, callback) {
+QueryTablesApi.prototype.getAffectedTablesAndLastUpdatedTime = function (username, sql, callback) {

    var query = [
        'WITH querytables AS (',
-            'SELECT * FROM CDB_QueryTables($windshaft$' + prepareSql(sql) + '$windshaft$) as tablenames',
+            'SELECT * FROM CDB_QueryTablesText($windshaft$' + prepareSql(sql) + '$windshaft$) as tablenames',
        ')',
        'SELECT (SELECT tablenames FROM querytables), EXTRACT(EPOCH FROM max(updated_at)) as max',
        'FROM CDB_TableMetadata m',
        'WHERE m.tabname = any ((SELECT tablenames from querytables)::regclass[])'
    ].join(' ');

-    runQuery(username, options, query, handleAffectedTablesAndLastUpdatedTimeRows, callback);
+    this.pgQueryRunner.run(username, query, handleAffectedTablesAndLastUpdatedTimeRows, callback);
 };

 function handleAffectedTablesAndLastUpdatedTimeRows(err, rows, callback) {
    if (err || rows.length === 0) {
        var msg = err.message ? err.message : err;
-        callback(new Error('could not fetch affected tables and last updated time: ' + msg));
+        callback(new Error('could not fetch affected tables or last updated time: ' + msg));
        return;
    }

    var result = rows[0];

-    var tableNames = result.tablenames.split(/^\{(.*)\}$/)[1];
-    tableNames = tableNames ? tableNames.split(',') : [];
+    // This is an Array, so no need to split into parts
+    var tableNames = result.tablenames;

    var lastUpdatedTime = result.max || 0;

@@ -88,22 +65,34 @@ function handleAffectedTablesAndLastUpdatedTimeRows(err, rows, callback) {
    });
 }

-
-function runQuery(username, options, query, queryHandler, callback) {
-    if (shouldQueryPostgresDirectly()) {
-        var psql = new PSQL(options);
-        psql.query(query, function(err, resultSet) {
-            resultSet = resultSet || {};
-            var rows = resultSet.rows || [];
-            queryHandler(err, rows, callback);
-        });
-    } else {
-        sqlApi.query(username, options.api_key, query, function(err, rows) {
-            queryHandler(err, rows, callback);
-        });
+QueryTablesApi.prototype.getLastUpdatedTime = function (username, tableNames, callback) {
+    if (!Array.isArray(tableNames) || tableNames.length === 0) {
+        return callback(null, 0);
    }
-}

+    var query = [
+        'SELECT EXTRACT(EPOCH FROM max(updated_at)) as max',
+        'FROM CDB_TableMetadata m WHERE m.tabname = any (ARRAY[',
+            tableNames.map(function(t) { return "'" + t + "'::regclass"; }).join(','),
+        '])'
+    ].join(' ');
+
+    this.pgQueryRunner.run(username, query, handleLastUpdatedTimeRows, callback);
+};
+
+function handleLastUpdatedTimeRows(err, rows, callback) {
+    if (err) {
+        var msg = err.message ? err.message : err;
+        return callback(new Error('could not fetch affected tables or last updated time: ' + msg));
+    }
+    // when the table has not updated_at means it hasn't been changed so a default last_updated is set
+    var lastUpdated = 0;
+    if (rows.length !== 0) {
+        lastUpdated = rows[0].max || 0;
+    }
+
+    return callback(null, lastUpdated*1000);
+}

 function prepareSql(sql) {
    return sql
@@ -113,10 +102,3 @@ function prepareSql(sql) {
        .replace(affectedTableRegexCache.pixel_height, '1')
    ;
 }
-
-
-function shouldQueryPostgresDirectly() {
-    return global.environment
-        && global.environment.enabledFeatures
-        && global.environment.enabledFeatures.cdbQueryTablesFromPostgres;
-}
--- a/lib/cartodb/api/tables_extent_api.js
+++ b/lib/cartodb/api/tables_extent_api.js
@@ -0,0 +1,53 @@
+function TablesExtentApi(pgQueryRunner) {
+    this.pgQueryRunner = pgQueryRunner;
+}
+
+module.exports = TablesExtentApi;
+
+/**
+ * Given a username and a list of tables it will return the estimated extent in SRID 4326 for all the tables based on
+ * the_geom_webmercator (SRID 3857) column.
+ *
+ * @param {String} username
+ * @param {Array} tableNames The named can be schema qualified, so this accepts both `schema_name.table_name` and
+ *  `table_name` format as valid input
+ * @param {Function} callback function(err, result) {Object} result with `west`, `south`, `east`, `north`
+ */
+TablesExtentApi.prototype.getBounds = function (username, tableNames, callback) {
+    var estimatedExtentSQLs = tableNames.map(function(tableName) {
+        var schemaTable = tableName.split('.');
+        if (schemaTable.length > 1) {
+            return "ST_EstimatedExtent('" + schemaTable[0] + "', '" + schemaTable[1] + "', 'the_geom_webmercator')";
+        }
+        return "ST_EstimatedExtent('" + schemaTable[0] + "', 'the_geom_webmercator')";
+    });
+
+    var query = [
+        "WITH ext as (" +
+            "SELECT ST_Transform(ST_SetSRID(ST_Extent(ST_Union(ARRAY[",
+                estimatedExtentSQLs.join(','),
+            "])), 3857), 4326) geom)",
+        "SELECT",
+            "ST_XMin(geom) west,",
+            "ST_YMin(geom) south,",
+            "ST_XMax(geom) east,",
+            "ST_YMax(geom) north",
+        "FROM ext"
+    ].join(' ');
+
+    this.pgQueryRunner.run(username, query, handleBoundsResult, callback);
+};
+
+function handleBoundsResult(err, rows, callback) {
+    if (err) {
+        var msg = err.message ? err.message : err;
+        return callback(new Error('could not fetch source tables: ' + msg));
+    }
+    var result = null;
+    if (rows.length > 0) {
+        result = {
+            bounds: rows[0]
+        };
+    }
+    callback(null, result);
+}
--- a/lib/cartodb/api/user_limits_api.js
+++ b/lib/cartodb/api/user_limits_api.js
@@ -0,0 +1,28 @@
+/**
+ *
+ * @param metadataBackend
+ * @param options
+ * @constructor
+ * @type {UserLimitsApi}
+ */
+function UserLimitsApi(metadataBackend, options) {
+    this.metadataBackend = metadataBackend;
+    this.options = options || {};
+    this.options.limits = this.options.limits || {};
+}
+
+module.exports = UserLimitsApi;
+
+UserLimitsApi.prototype.getRenderLimits = function (username, callback) {
+    var self = this;
+    this.metadataBackend.getTilerRenderLimit(username, function handleTilerLimits(err, renderLimit) {
+        if (err) {
+            return callback(err);
+        }
+
+        return callback(null, {
+            cacheOnTimeout: self.options.limits.cacheOnTimeout || false,
+            render: renderLimit || self.options.limits.render || 0
+        });
+    });
+};
--- a/lib/cartodb/backends/pg_connection.js
+++ b/lib/cartodb/backends/pg_connection.js
@@ -0,0 +1,101 @@
+var assert = require('assert');
+var step = require('step');
+var _ = require('underscore');
+
+function PgConnection(metadataBackend) {
+    this.metadataBackend = metadataBackend;
+}
+
+module.exports = PgConnection;
+
+
+// Set db authentication parameters to those of the given username
+//
+// @param username the cartodb username, mapped to a database username
+//                 via CartodbRedis metadata records
+//
+// @param params the parameters to set auth options into
+//               added params are: "dbuser" and "dbpassword"
+//
+// @param callback function(err)
+//
+PgConnection.prototype.setDBAuth = function(username, params, callback) {
+    var self = this;
+
+    var user_params = {};
+    var auth_user = global.environment.postgres_auth_user;
+    var auth_pass = global.environment.postgres_auth_pass;
+    step(
+        function getId() {
+            self.metadataBackend.getUserId(username, this);
+        },
+        function(err, user_id) {
+            assert.ifError(err);
+            user_params.user_id = user_id;
+            var dbuser = _.template(auth_user, user_params);
+            _.extend(params, {dbuser:dbuser});
+
+            // skip looking up user_password if postgres_auth_pass
+            // doesn't contain the "user_password" label
+            if (!auth_pass || ! auth_pass.match(/\buser_password\b/) ) {
+                return null;
+            }
+
+            self.metadataBackend.getUserDBPass(username, this);
+        },
+        function(err, user_password) {
+            assert.ifError(err);
+            user_params.user_password = user_password;
+            if ( auth_pass ) {
+                var dbpass = _.template(auth_pass, user_params);
+                _.extend(params, {dbpassword:dbpass});
+            }
+            return true;
+        },
+        function finish(err) {
+            callback(err);
+        }
+    );
+};
+
+// Set db connection parameters to those for the given username
+//
+// @param dbowner cartodb username of database owner,
+//                mapped to a database username
+//                via CartodbRedis metadata records
+//
+// @param params the parameters to set connection options into
+//               added params are: "dbname", "dbhost"
+//
+// @param callback function(err)
+//
+PgConnection.prototype.setDBConn = function(dbowner, params, callback) {
+    var self = this;
+    // Add default database connection parameters
+    // if none given
+    _.defaults(params, {
+        dbuser: global.environment.postgres.user,
+        dbpassword: global.environment.postgres.password,
+        dbhost: global.environment.postgres.host,
+        dbport: global.environment.postgres.port
+    });
+    step(
+        function getConnectionParams() {
+            self.metadataBackend.getUserDBConnectionParams(dbowner, this);
+        },
+        function extendParams(err, dbParams){
+            assert.ifError(err);
+            // we don't want null values or overwrite a non public user
+            if (params.dbuser !== 'publicuser' || !dbParams.dbuser) {
+                delete dbParams.dbuser;
+            }
+            if ( dbParams ) {
+                _.extend(params, dbParams);
+            }
+            return null;
+        },
+        function finish(err) {
+            callback(err);
+        }
+    );
+};
--- a/lib/cartodb/backends/pg_query_runner.js
+++ b/lib/cartodb/backends/pg_query_runner.js
@@ -0,0 +1,41 @@
+var assert = require('assert');
+var PSQL = require('cartodb-psql');
+var step = require('step');
+
+function PgQueryRunner(pgConnection) {
+    this.pgConnection = pgConnection;
+}
+
+module.exports = PgQueryRunner;
+
+
+PgQueryRunner.prototype.run = function(username, query, queryHandler, callback) {
+    var self = this;
+
+    var params = {};
+
+    step(
+        function setAuth() {
+            self.pgConnection.setDBAuth(username, params, this);
+        },
+        function setConn(err) {
+            assert.ifError(err);
+            self.pgConnection.setDBConn(username, params, this);
+        },
+        function executeQuery(err) {
+            assert.ifError(err);
+            var psql = new PSQL({
+                user: params.dbuser,
+                pass: params.dbpass,
+                host: params.dbhost,
+                port: params.dbport,
+                dbname: params.dbname
+            });
+            psql.query(query, function(err, resultSet) {
+                resultSet = resultSet || {};
+                var rows = resultSet.rows || [];
+                queryHandler(err, rows, callback);
+            });
+        }
+    );
+};
--- a/lib/cartodb/backends/template_maps.js
+++ b/lib/cartodb/backends/template_maps.js
@@ -0,0 +1,513 @@
+var assert = require('assert');
+var crypto = require('crypto');
+var debug = require('debug')('windshaft:templates');
+var step = require('step');
+var _ = require('underscore');
+var dot = require('dot');
+
+
+var EventEmitter = require('events').EventEmitter;
+var util = require('util');
+
+
+// Class handling map templates
+//
+// See http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps
+//
+// @param redis_pool an instance of a "redis-mpool"
+//        See https://github.com/CartoDB/node-redis-mpool
+//        Needs version 0.x.x of the API.
+//
+// @param opts TemplateMap options. Supported elements:
+//    'max_user_templates' limit on the number of per-user
+//
+// 
+function TemplateMaps(redis_pool, opts) {
+  if (!(this instanceof TemplateMaps)) {
+      return new TemplateMaps();
+  }
+
+  EventEmitter.call(this);
+
+  this.redis_pool = redis_pool;
+  this.opts = opts || {};
+
+  // Database containing templates
+  // TODO: allow configuring ?
+  // NOTE: currently it is the same as
+  //       the one containing layergroups
+  this.db_signatures = 0;
+
+  //
+  // Map templates are owned by a user that specifies access permissions
+  // for their instances.
+  // 
+  // We have the following datastores:
+  //
+  //  1. User templates: set of per-user map templates
+
+  // User templates (HASH:tpl_id->tpl_val)
+  this.key_usr_tpl = dot.template("map_tpl|{{=it.owner}}");
+}
+
+util.inherits(TemplateMaps, EventEmitter);
+
+module.exports = TemplateMaps;
+
+
+var o = TemplateMaps.prototype;
+
+//--------------- PRIVATE METHODS --------------------------------
+
+o._userTemplateLimit = function() {
+  return this.opts.max_user_templates || 0;
+};
+
+/**
+ * Internal function to communicate with redis
+ *
+ * @param redisFunc - the redis function to execute
+ * @param redisArgs - the arguments for the redis function in an array
+ * @param callback - function to pass results too.
+ */
+o._redisCmd = function(redisFunc, redisArgs, callback) {
+  var redisClient;
+  var that = this;
+  var db = that.db_signatures;
+
+  step(
+    function getRedisClient() {
+      that.redis_pool.acquire(db, this);
+    },
+    function executeQuery(err, data) {
+      assert.ifError(err);
+      redisClient = data;
+      redisArgs.push(this);
+      redisClient[redisFunc.toUpperCase()].apply(redisClient, redisArgs);
+    },
+    function releaseRedisClient(err, data) {
+      if ( ! _.isUndefined(redisClient) ) {
+          that.redis_pool.release(db, redisClient);
+      }
+      callback(err, data);
+    }
+  );
+};
+
+var _reValidNameIdentifier = /^[a-z0-9][0-9a-z_\-]*$/i;
+var _reValidPlaceholderIdentifier = /^[a-z][0-9a-z_]*$/i;
+// jshint maxcomplexity:15
+o._checkInvalidTemplate = function(template) {
+  if ( template.version !== '0.0.1' ) {
+    return new Error("Unsupported template version " + template.version);
+  }
+  var tplname = template.name;
+  if ( ! tplname ) {
+    return new Error("Missing template name");
+  }
+  if ( ! tplname.match(_reValidNameIdentifier) ) {
+    return new Error("Invalid characters in template name '" + tplname + "'");
+  }
+
+  var invalidError = isInvalidLayergroup(template.layergroup);
+  if (invalidError) {
+    return invalidError;
+  }
+
+  var placeholders = template.placeholders || {};
+
+  var placeholderKeys = Object.keys(placeholders);
+  for (var i = 0, len = placeholderKeys.length; i < len; i++) {
+      var placeholderKey = placeholderKeys[i];
+
+      if (!placeholderKey.match(_reValidPlaceholderIdentifier)) {
+          return new Error("Invalid characters in placeholder name '" + placeholderKey + "'");
+      }
+      if ( ! placeholders[placeholderKey].hasOwnProperty('default') ) {
+          return new Error("Missing default for placeholder '" + placeholderKey + "'");
+      }
+      if ( ! placeholders[placeholderKey].hasOwnProperty('type') ) {
+          return new Error("Missing type for placeholder '" + placeholderKey + "'");
+      }
+  }
+
+    var auth = template.auth || {};
+
+    switch ( auth.method ) {
+        case 'open':
+            break;
+        case 'token':
+            if ( ! _.isArray(auth.valid_tokens) ) {
+                return new Error("Invalid 'token' authentication: missing valid_tokens");
+            }
+            if ( ! auth.valid_tokens.length ) {
+                return new Error("Invalid 'token' authentication: no valid_tokens");
+            }
+            break;
+        default:
+            return new Error("Unsupported authentication method: " + auth.method);
+    }
+
+    return false;
+};
+
+function isInvalidLayergroup(layergroup) {
+    if (!layergroup) {
+        return new Error('Missing layergroup');
+    }
+
+    var layers = layergroup.layers;
+
+    if (!_.isArray(layers) || layers.length === 0) {
+        return new Error('Missing or empty layers array from layergroup config');
+    }
+
+    var invalidLayers = layers
+        .map(function(layer, layerIndex) {
+            return layer.options ? null : layerIndex;
+        })
+        .filter(function(layerIndex) {
+            return layerIndex !== null;
+        });
+
+    if (invalidLayers.length) {
+        return new Error('Missing `options` in layergroup config for layers: ' + invalidLayers.join(', '));
+    }
+
+    return false;
+}
+
+function templateDefaults(template) {
+    var templateAuth = _.defaults({}, template.auth || {}, {
+        method: 'open'
+    });
+    return _.defaults({ auth: templateAuth }, template, {
+        placeholders: {}
+    });
+}
+
+//--------------- PUBLIC API -------------------------------------
+
+// Add a template
+//
+// NOTE: locks user+template_name or fails
+//
+// @param owner cartodb username of the template owner
+//
+// @param template layergroup template, see
+//        http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps#template-format
+//
+// @param callback function(err, tpl_id) 
+//        Return template identifier (only valid for given user)
+//
+o.addTemplate = function(owner, template, callback) {
+    var self = this;
+
+    template = templateDefaults(template);
+
+    var invalidError = this._checkInvalidTemplate(template);
+    if ( invalidError ) {
+        return callback(invalidError);
+    }
+
+    var templateName = template.name;
+    var userTemplatesKey = this.key_usr_tpl({ owner:owner });
+    var limit = this._userTemplateLimit();
+
+    step(
+        function checkLimit() {
+            if ( ! limit ) {
+                return 0;
+            }
+            self._redisCmd('HLEN', [ userTemplatesKey ], this);
+        },
+        function installTemplateIfDoesNotExist(err, numberOfTemplates) {
+            assert.ifError(err);
+            if ( limit && numberOfTemplates >= limit ) {
+                throw new Error("User '" + owner + "' reached limit on number of templates " +
+                    "("+ numberOfTemplates + "/" + limit + ")");
+            }
+            self._redisCmd('HSETNX', [ userTemplatesKey, templateName, JSON.stringify(template) ], this);
+        },
+        function validateInstallation(err, wasSet) {
+            assert.ifError(err);
+            if ( ! wasSet ) {
+                throw new Error("Template '" + templateName + "' of user '" + owner + "' already exists");
+            }
+
+            return true;
+        },
+        function finish(err) {
+            if (!err) {
+                self.emit('add', owner, templateName, template);
+            }
+
+            callback(err, templateName, template);
+        }
+  );
+};
+
+// Delete a template
+//
+// @param owner cartodb username of the template owner
+//
+// @param tpl_id template identifier as returned
+//        by addTemplate or listTemplates
+//
+// @param callback function(err)
+//
+o.delTemplate = function(owner, tpl_id, callback) {
+    var self = this;
+    step(
+        function deleteTemplate() {
+            self._redisCmd('HDEL', [ self.key_usr_tpl({ owner:owner }), tpl_id ], this);
+        },
+        function handleDeletion(err, deleted) {
+            assert.ifError(err);
+            if (!deleted) {
+                throw new Error("Template '" + tpl_id + "' of user '" + owner + "' does not exist");
+            }
+            return true;
+        },
+        function finish(err) {
+            if (!err) {
+                self.emit('delete', owner, tpl_id);
+            }
+
+            callback(err);
+        }
+    );
+};
+
+// Update a template
+//
+// NOTE: locks user+template_name or fails
+//
+// Also deletes and re-creates associated authentication certificate,
+// which in turn deletes all instance signatures
+//
+// @param owner cartodb username of the template owner
+//
+// @param tpl_id template identifier as returned by addTemplate
+//
+// @param template layergroup template, see
+//        http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps#template-format
+//
+// @param callback function(err)
+//        
+o.updTemplate = function(owner, tpl_id, template, callback) {
+    var self = this;
+
+    template = templateDefaults(template);
+
+    var invalidError = this._checkInvalidTemplate(template);
+
+    if ( invalidError ) {
+        return callback(invalidError);
+    }
+
+    var templateName = template.name;
+
+    if ( tpl_id !== templateName ) {
+        return callback(new Error("Cannot update name of a map template ('" + tpl_id + "' != '" + templateName + "')"));
+    }
+
+    var userTemplatesKey = this.key_usr_tpl({ owner:owner });
+
+    var previousTemplate = null;
+
+    step(
+        function getExistingTemplate() {
+            self._redisCmd('HGET', [ userTemplatesKey, tpl_id ], this);
+        },
+        function updateTemplate(err, _currentTemplate) {
+            assert.ifError(err);
+            if (!_currentTemplate) {
+                throw new Error("Template '" + tpl_id + "' of user '" + owner + "' does not exist");
+            }
+            previousTemplate = _currentTemplate;
+            self._redisCmd('HSET', [ userTemplatesKey, templateName, JSON.stringify(template) ], this);
+        },
+        function handleTemplateUpdate(err, didSetNewField) {
+            assert.ifError(err);
+            if (didSetNewField) {
+                debug('New template created on update operation');
+            }
+            return true;
+        },
+        function finish(err) {
+            if (!err) {
+                if (self.fingerPrint(JSON.parse(previousTemplate)) !== self.fingerPrint(template)) {
+                    self.emit('update', owner, templateName, template);
+                }
+            }
+
+            callback(err, template);
+        }
+    );
+};
+
+// List user templates
+//
+// @param owner cartodb username of the templates owner
+//
+// @param callback function(err, tpl_id_list)
+//        Returns a list of template identifiers
+// 
+o.listTemplates = function(owner, callback) {
+    this._redisCmd('HKEYS', [ this.key_usr_tpl({owner:owner}) ], callback);
+};
+
+// Get a templates
+//
+// @param owner cartodb username of the template owner
+//
+// @param tpl_id template identifier as returned
+//        by addTemplate or listTemplates
+//
+// @param callback function(err, template)
+//        Return full template definition
+//
+o.getTemplate = function(owner, tpl_id, callback) {
+    var self = this;
+    step(
+        function getTemplate() {
+            self._redisCmd('HGET', [ self.key_usr_tpl({owner:owner}), tpl_id ], this);
+        },
+        function parseTemplate(err, tpl_val) {
+            assert.ifError(err);
+            return JSON.parse(tpl_val);
+        },
+        function finish(err, tpl) {
+            callback(err, tpl);
+        }
+    );
+};
+
+o.isAuthorized = function(template, authTokens) {
+    if (!template) {
+        return false;
+    }
+
+    authTokens = _.isArray(authTokens) ? authTokens : [authTokens];
+
+    var templateAuth = template.auth;
+
+    if (!templateAuth) {
+        return false;
+    }
+
+    if (_.isString(templateAuth) && templateAuth === 'open') {
+        return true;
+    }
+
+    if (templateAuth.method === 'open') {
+        return true;
+    }
+
+    if (templateAuth.method === 'token') {
+        return _.intersection(templateAuth.valid_tokens, authTokens).length > 0;
+    }
+
+    return false;
+};
+
+// Perform placeholder substitutions on a template
+//
+// @param template a template object (will not be modified)
+//
+// @param params an object containing named subsitution parameters
+//        Only the ones found in the template's placeholders object
+//        will be used, with missing ones taking default values.
+//
+// @returns a layergroup configuration 
+//
+// @throws Error on malformed template or parameter
+//
+var _reNumber = /^([-+]?[\d\.]?\d+([eE][+-]?\d+)?)$/,
+    _reCSSColorName = /^[a-zA-Z]+$/,
+    _reCSSColorVal = /^#[0-9a-fA-F]{3,6}$/;
+
+function _replaceVars (str, params) {
+  //return _.template(str, params); // lazy way, possibly dangerous 
+  // Construct regular expressions for each param
+    Object.keys(params).forEach(function(k) {
+        str = str.replace(new RegExp("<%=\\s*" + k + "\\s*%>", "g"), params[k]);
+    });
+    return str;
+}
+o.instance = function(template, params) {
+  var all_params = {};
+  var phold = template.placeholders || {};
+  Object.keys(phold).forEach(function(k) {
+    var val = params.hasOwnProperty(k) ? params[k] : phold[k].default;
+    var type = phold[k].type;
+    // properly escape
+    if ( type === 'sql_literal' ) {
+      // duplicate any single-quote
+      val = val.replace(/'/g, "''");
+    }
+    else if ( type === 'sql_ident' ) {
+      // duplicate any double-quote
+      val = val.replace(/"/g, '""');
+    }
+    else if ( type === 'number' ) {
+      // check it's a number
+      if ( typeof(val) !== 'number' && ! val.match(_reNumber) ) {
+        throw new Error("Invalid number value for template parameter '" + k + "': " + val);
+      }
+    }
+    else if ( type === 'css_color' ) {
+      // check it only contains letters or
+      // starts with # and only contains hexdigits
+      if ( ! val.match(_reCSSColorName) && ! val.match(_reCSSColorVal) ) {
+        throw new Error("Invalid css_color value for template parameter '" + k + "': " + val);
+      }
+    }
+    else {
+      // NOTE: should be checked at template create/update time
+      throw new Error("Invalid placeholder type '" + type + "'");
+    }
+    all_params[k] = val;
+  });
+
+  // NOTE: we're deep-cloning the layergroup here
+  var layergroup = JSON.parse(JSON.stringify(template.layergroup));
+  for (var i=0; i<layergroup.layers.length; ++i) {
+    var lyropt = layergroup.layers[i].options;
+    if ( lyropt.cartocss ) {
+        lyropt.cartocss = _replaceVars(lyropt.cartocss, all_params);
+    }
+    if ( lyropt.sql) {
+        lyropt.sql = _replaceVars(lyropt.sql, all_params);
+    }
+    // Anything else ?
+  }
+
+  // extra information about the template
+  layergroup.template = {
+    name: template.name,
+    auth: template.auth
+  };
+
+  return layergroup;
+};
+
+// Return a fingerPrint of the object
+o.fingerPrint = function(template) {
+  return crypto.createHash('md5')
+    .update(JSON.stringify(template))
+    .digest('hex')
+  ;
+};
+
+module.exports.templateName = function templateName(templateId) {
+    var templateIdTokens = templateId.split('@');
+    var name = templateIdTokens[0];
+
+    if (templateIdTokens.length > 1) {
+        name = templateIdTokens[1];
+    }
+
+    return name;
+};
--- a/lib/cartodb/cache/backend/fastly.js
+++ b/lib/cartodb/cache/backend/fastly.js
@@ -0,0 +1,16 @@
+var FastlyPurge = require('fastly-purge');
+
+function FastlyCacheBackend(apiKey, serviceId) {
+    this.serviceId = serviceId;
+    this.fastlyPurge = new FastlyPurge(apiKey, { softPurge: false });
+}
+
+module.exports = FastlyCacheBackend;
+
+/**
+ * @param cacheObject should respond to `key() -> String` method
+ * @param {Function} callback
+ */
+FastlyCacheBackend.prototype.invalidate = function(cacheObject, callback) {
+    this.fastlyPurge.key(this.serviceId, cacheObject.key(), callback);
+};
--- a/lib/cartodb/cache/backend/varnish_http.js
+++ b/lib/cartodb/cache/backend/varnish_http.js
@@ -0,0 +1,30 @@
+var request = require('request');
+
+function VarnishHttpCacheBackend(host, port) {
+    this.host = host;
+    this.port = port;
+}
+
+module.exports = VarnishHttpCacheBackend;
+
+/**
+ * @param cacheObject should respond to `key() -> String` method
+ * @param {Function} callback
+ */
+VarnishHttpCacheBackend.prototype.invalidate = function(cacheObject, callback) {
+    request(
+        {
+            method: 'PURGE',
+            url: 'http://' + this.host + ':' + this.port + '/key',
+            headers: {
+                'Invalidation-Match': '\\b' + cacheObject.key() + '\\b'
+            }
+        },
+        function(err, response) {
+            if (err || response.statusCode !== 204) {
+                return callback(new Error('Unable to invalidate Varnish object'));
+            }
+            return callback(null);
+        }
+    );
+};
--- a/lib/cartodb/cache/layergroup_affected_tables.js
+++ b/lib/cartodb/cache/layergroup_affected_tables.js
@@ -0,0 +1,24 @@
+var LruCache = require('lru-cache');
+
+function LayergroupAffectedTables() {
+    // dbname + layergroupId -> affected tables cache
+    this.cache = new LruCache({ max: 2000 });
+}
+
+module.exports = LayergroupAffectedTables;
+
+LayergroupAffectedTables.prototype.hasAffectedTables = function(dbName, layergroupId) {
+    return this.cache.has(createKey(dbName, layergroupId));
+};
+
+LayergroupAffectedTables.prototype.set = function(dbName, layergroupId, affectedTables) {
+    this.cache.set(createKey(dbName, layergroupId), affectedTables);
+};
+
+LayergroupAffectedTables.prototype.get = function(dbName, layergroupId) {
+    return this.cache.get(createKey(dbName, layergroupId));
+};
+
+function createKey(dbName, layergroupId) {
+    return dbName + ':' + layergroupId;
+}
--- a/lib/cartodb/cache/model/database_tables_entry.js
+++ b/lib/cartodb/cache/model/database_tables_entry.js
@@ -0,0 +1,24 @@
+var crypto = require('crypto');
+
+function DatabaseTables(dbName, tableNames) {
+    this.namespace = 't';
+    this.dbName = dbName;
+    this.tableNames = tableNames;
+}
+
+module.exports = DatabaseTables;
+
+
+DatabaseTables.prototype.key = function() {
+    return this.tableNames.map(function(tableName) {
+        return this.namespace + ':' + shortHashKey(this.dbName + ':' + tableName);
+    }.bind(this));
+};
+
+DatabaseTables.prototype.getCacheChannel = function() {
+    return this.dbName + ':' + this.tableNames.join(',');
+};
+
+function shortHashKey(target) {
+    return crypto.createHash('sha256').update(target).digest('base64').substring(0,6);
+}
--- a/lib/cartodb/cache/model/named_maps_entry.js
+++ b/lib/cartodb/cache/model/named_maps_entry.js
@@ -0,0 +1,18 @@
+var crypto = require('crypto');
+
+function NamedMaps(owner, name) {
+    this.namespace = 'n';
+    this.owner = owner;
+    this.name = name;
+}
+
+module.exports = NamedMaps;
+
+
+NamedMaps.prototype.key = function() {
+    return this.namespace + ':' + shortHashKey(this.owner + ':' + this.name);
+};
+
+function shortHashKey(target) {
+    return crypto.createHash('sha256').update(target).digest('base64').substring(0,6);
+}
--- a/lib/cartodb/cache/named_map_provider_cache.js
+++ b/lib/cartodb/cache/named_map_provider_cache.js
@@ -0,0 +1,88 @@
+var _ = require('underscore');
+var dot = require('dot');
+var NamedMapMapConfigProvider = require('../models/mapconfig/named_map_provider');
+var MapConfigNamedLayersAdapter = require('../models/mapconfig_named_layers_adapter');
+var templateName = require('../backends/template_maps').templateName;
+var queue = require('queue-async');
+
+var LruCache = require("lru-cache");
+
+function NamedMapProviderCache(templateMaps, pgConnection, userLimitsApi, queryTablesApi) {
+    this.templateMaps = templateMaps;
+    this.pgConnection = pgConnection;
+    this.userLimitsApi = userLimitsApi;
+    this.queryTablesApi = queryTablesApi;
+
+    this.namedLayersAdapter = new MapConfigNamedLayersAdapter(templateMaps);
+
+    this.providerCache = new LruCache({ max: 2000 });
+}
+
+module.exports = NamedMapProviderCache;
+
+NamedMapProviderCache.prototype.get = function(user, templateId, config, authToken, params, callback) {
+    var namedMapKey = createNamedMapKey(user, templateId);
+    var namedMapProviders = this.providerCache.get(namedMapKey) || {};
+
+    var providerKey = createProviderKey(config, authToken, params);
+    if (!namedMapProviders.hasOwnProperty(providerKey)) {
+        namedMapProviders[providerKey] = new NamedMapMapConfigProvider(
+            this.templateMaps,
+            this.pgConnection,
+            this.userLimitsApi,
+            this.queryTablesApi,
+            this.namedLayersAdapter,
+            user,
+            templateId,
+            config,
+            authToken,
+            params
+        );
+        this.providerCache.set(namedMapKey, namedMapProviders);
+
+        // early exit, if provider did not exist we just return it
+        return callback(null, namedMapProviders[providerKey]);
+    }
+
+    var namedMapProvider = namedMapProviders[providerKey];
+
+    var self = this;
+    queue(2)
+        .defer(namedMapProvider.getTemplate.bind(namedMapProvider))
+        .defer(this.templateMaps.getTemplate.bind(this.templateMaps), user, templateId)
+        .awaitAll(function templatesQueueDone(err, results) {
+            if (err) {
+                return callback(err);
+            }
+
+            // We want to reset provider its template has changed
+            // Ideally this should be done in a passive mode where this cache gets notified of template changes
+            var uniqueFingerprints = _.uniq(results.map(self.templateMaps.fingerPrint)).length;
+            if (uniqueFingerprints > 1) {
+                namedMapProvider.reset();
+            }
+            return callback(null, namedMapProvider);
+        });
+};
+
+NamedMapProviderCache.prototype.invalidate = function(user, templateId) {
+    this.providerCache.del(createNamedMapKey(user, templateId));
+};
+
+function createNamedMapKey(user, templateId) {
+    return user + ':' + templateName(templateId);
+}
+
+var providerKey = '{{=it.authToken}}:{{=it.configHash}}:{{=it.format}}:{{=it.layer}}:{{=it.scale_factor}}';
+var providerKeyTpl = dot.template(providerKey);
+
+function createProviderKey(config, authToken, params) {
+    var tplValues = _.defaults({}, params, {
+        authToken: authToken || '',
+        configHash: NamedMapMapConfigProvider.configHash(config),
+        layer: '',
+        format: '',
+        scale_factor: 1
+    });
+    return providerKeyTpl(tplValues);
+}
--- a/lib/cartodb/cache/surrogate_keys_cache.js
+++ b/lib/cartodb/cache/surrogate_keys_cache.js
@@ -0,0 +1,53 @@
+var queue = require('queue-async');
+
+/**
+ * @param {Array|Object} cacheBackends each backend backend should respond to `invalidate(cacheObject, callback)` method
+ * @constructor
+ */
+function SurrogateKeysCache(cacheBackends) {
+    this.cacheBackends = Array.isArray(cacheBackends) ? cacheBackends : [cacheBackends];
+}
+
+module.exports = SurrogateKeysCache;
+
+
+/**
+ * @param response should respond to `header(key, value)` method
+ * @param cacheObject should respond to `key() -> String` method
+ */
+SurrogateKeysCache.prototype.tag = function(response, cacheObject) {
+    var newKey = cacheObject.key();
+    response.set('Surrogate-Key', appendSurrogateKey(
+        response.get('Surrogate-Key'),
+        Array.isArray(newKey) ? cacheObject.key().join(' ') : newKey
+    ));
+
+};
+
+function appendSurrogateKey(currentKey, newKey) {
+    if (!!currentKey) {
+        newKey = currentKey + ' ' + newKey;
+    }
+    return newKey;
+}
+
+/**
+ * @param cacheObject should respond to `key() -> String` method
+ * @param {Function} callback
+ */
+SurrogateKeysCache.prototype.invalidate = function(cacheObject, callback) {
+    var invalidationQueue = queue(this.cacheBackends.length);
+
+    this.cacheBackends.forEach(function(cacheBackend) {
+        invalidationQueue.defer(function(cacheBackend, done) {
+            cacheBackend.invalidate(cacheObject, done);
+        }, cacheBackend);
+    });
+
+    invalidationQueue.awaitAll(function(err, result) {
+        if (err) {
+            return callback(err);
+        }
+        callback(null, result);
+    });
+};
--- a/lib/cartodb/cache_validator.js
+++ b/lib/cartodb/cache_validator.js
@@ -1,26 +0,0 @@
-var _             = require('underscore'),
-    Varnish       = require('node-varnish'),
-    varnish_queue = null;
-
-function init(host, port, secret) {
-    varnish_queue = new Varnish.VarnishQueue(host, port, secret);
-    varnish_queue.on('error', function(e) {
-        console.log("[CACHE VALIDATOR ERROR] " + e);
-    });
-}
-
-function invalidate_db(dbname, table) {
-    var cmd = 'purge obj.http.X-Cache-Channel ~ "^' + dbname +
-              ':(.*'+ table +'.*)|(table)$"';
-    try{
-        varnish_queue.run_cmd(cmd, false);
-    } catch (e) {
-        console.log("[CACHE VALIDATOR ERROR] could not queue command " +
-                    cmd + " -- " + e);
-    }
-}
-
-module.exports = {
-    init: init,
-    invalidate_db: invalidate_db
-}
--- a/lib/cartodb/cartodb_windshaft.js
+++ b/lib/cartodb/cartodb_windshaft.js
@@ -1,670 +0,0 @@
-
-var _ = require('underscore')
-    , Step       = require('step')
-    , Windshaft = require('windshaft')
-    , redisPool = require('redis-mpool')(_.extend(global.environment.redis, {name: 'windshaft:cartodb'}))
-    // TODO: instanciate cartoData with redisPool
-    , cartoData  = require('cartodb-redis')(global.environment.redis)
-    , SignedMaps = require('./signed_maps.js')
-    , TemplateMaps = require('./template_maps.js')
-    , Cache = require('./cache_validator')
-    , os = require('os')
-;
-
-if ( ! process.env['PGAPPNAME'] )
-  process.env['PGAPPNAME']='cartodb_tiler';
-
-var CartodbWindshaft = function(serverOptions) {
-   var debug = global.environment.debug;
-
-    // Perform keyword substitution in statsd
-    // See https://github.com/CartoDB/Windshaft-cartodb/issues/153
-    if ( global.environment.statsd ) {
-      if ( global.environment.statsd.prefix ) {
-        var host_token = os.hostname().split('.').reverse().join('.');
-        global.environment.statsd.prefix = global.environment.statsd.prefix.replace(/:host/, host_token);
-      }
-    }
-
-    if(serverOptions.cache_enabled) {
-        console.log("cache invalidation enabled, varnish on ", serverOptions.varnish_host, ' ', serverOptions.varnish_port);
-        Cache.init(serverOptions.varnish_host, serverOptions.varnish_port, serverOptions.varnish_secret);
-        serverOptions.afterStateChange = function(req, data, callback) {
-            Cache.invalidate_db(req.params.dbname, req.params.table);
-            callback(null, data);
-        }
-    }
-
-    serverOptions.beforeStateChange = function(req, callback) {
-        var err = null;
-        if ( ! req.params.hasOwnProperty('_authorizedByApiKey') ) {
-          err = new Error("map state cannot be changed by unauthenticated request!");
-        }
-        callback(err, req);
-    }
-
-    // This is for Templated maps
-    //
-    // "named" is the official, "template" is for backward compatibility up to 1.6.x
-    //
-    var template_baseurl = global.environment.base_url_templated || '(?:/maps/named|/tiles/template)';
-
-    serverOptions.signedMaps = new SignedMaps(redisPool);
-    var templateMapsOpts = {
-      max_user_templates: global.environment.maxUserTemplates
-    }
-    var templateMaps = new TemplateMaps(redisPool, serverOptions.signedMaps, templateMapsOpts);
-
-    // boot
-    var ws = new Windshaft.Server(serverOptions);
-
-    // Override getVersion to include cartodb-specific versions
-    var wsversion = ws.getVersion;
-    ws.getVersion = function() {
-      var version = wsversion();
-      version.windshaft_cartodb = require('../../package.json').version;
-      return version;
-    }
-
-    var ws_sendResponse = ws.sendResponse;
-    // GET routes for which we don't want to request any caching.
-    // POST/PUT/DELETE requests are never cached anyway.
-    var noCacheGETRoutes = [
-      '/',
-      // See https://github.com/CartoDB/Windshaft-cartodb/issues/176
-      serverOptions.base_url_mapconfig,
-      template_baseurl + '/:template_id/jsonp'
-    ];
-    ws.sendResponse = function(res, args) {
-      var that = this;
-      var thatArgs = arguments;
-      var statusCode;
-      if ( res._windshaftStatusCode ) {
-        // Added by our override of sendError
-        statusCode = res._windshaftStatusCode;
-      } else {
-        if ( args.length > 2 ) statusCode = args[2];
-        else {
-          statusCode = args[1] || 200;
-        }
-      }
-      var req = res.req;
-      Step (
-        function addCacheChannel() {
-          if ( ! req ) {
-            // having no associated request can happen when
-            // using fake response objects for testing layergroup
-            // creation
-            return false;
-          }
-          if ( ! req.params ) {
-            // service requests (/version, /) 
-            // have no need for an X-Cache-Channel
-            return false;
-          }
-          if ( statusCode != 200 ) {
-            // We do not want to cache
-            // unsuccessful responses
-            return false;
-          }
-          if ( _.contains(noCacheGETRoutes, req.route.path) ) {
-//console.log("Skipping cache channel in route:\n" + req.route.path);
-            return false;
-          }
-//console.log("Adding cache channel to route\n" + req.route.path + " not matching any in:\n" + mapCreateRoutes.join("\n"));
-          serverOptions.addCacheChannel(that, req, this);
-        },
-        function sendResponse(err, added) {
-          if ( err ) console.log(err + err.stack);
-          ws_sendResponse.apply(that, thatArgs);
-          return null;
-        },
-        function finish(err) {
-          if ( err ) console.log(err + err.stack);
-        }
-      );
-    };
-
-    var ws_sendError = ws.sendError;
-    ws.sendError = function() {
-      var res = arguments[0];
-      var statusCode = arguments[2];
-      res._windshaftStatusCode = statusCode;
-      ws_sendError.apply(this, arguments);
-    };
-
-    /**
-     * Helper to allow access to the layer to be used in the maps infowindow popup.
-     */
-    ws.get(serverOptions.base_url + '/infowindow', function(req, res){
-        ws.doCORS(res);
-        Step(
-            function(){
-                serverOptions.getInfowindow(req, this);
-            },
-            function(err, data){
-                if (err){
-                    ws.sendError(res, {error: err.message}, 500, 'GET INFOWINDOW', err);
-                    //ws.sendResponse(res, [{error: err.message}, 500]);
-                } else {
-                    ws.sendResponse(res, [{infowindow: data}, 200]);
-                }
-            }
-        );
-    });
-
-
-    /**
-     * Helper to allow access to metadata to be used in embedded maps.
-     */
-    ws.get(serverOptions.base_url + '/map_metadata', function(req, res){
-        ws.doCORS(res);
-        Step(
-            function(){
-                serverOptions.getMapMetadata(req, this);
-            },
-            function(err, data){
-                if (err){
-                    ws.sendError(res, {error: err.message}, 500, 'GET MAP_METADATA', err);
-                    //ws.sendResponse(res, [err.message, 500]);
-                } else {
-                    ws.sendResponse(res, [{map_metadata: data}, 200]);
-                }
-            }
-        );
-    });
-
-    /**
-     * Helper API to allow per table tile cache (and sql cache) to be invalidated remotely.
-     * TODO: Move?
-     */
-    ws.del(serverOptions.base_url + '/flush_cache', function(req, res){
-        if ( req.profiler && req.profiler.statsd_client ) {
-          req.profiler.start('windshaft-cartodb.flush_cache');
-        }
-        ws.doCORS(res);
-        Step(
-            function flushCache(){
-                serverOptions.flushCache(req, serverOptions.cache_enabled ? Cache : null, this);
-            },
-            function sendResponse(err, data){
-                if (err){
-                    ws.sendError(res, {error: err.message}, 500, 'DELETE CACHE', err);
-                    //ws.sendResponse(res, [500]);
-                } else {
-                    ws.sendResponse(res, [{status: 'ok'}, 200]);
-                }
-            }
-        );
-    });
-
-    // ---- Template maps interface starts @{
-
-    ws.userByReq = function(req) {
-        return serverOptions.userByReq(req);
-    }
-
-    // Add a template
-    ws.post(template_baseurl, function(req, res) {
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var cdbuser = ws.userByReq(req);
-      Step(
-        function checkPerms(){
-            serverOptions.authorizedByAPIKey(req, this);
-        },
-        function addTemplate(err, authenticated) {
-          if ( err ) throw err;
-          if (authenticated !== 1) {
-            err = new Error("Only authenticated user can create templated maps");
-            err.http_status = 403;
-            throw err;
-          }
-          var next = this;
-          if ( ! req.headers['content-type'] || req.headers['content-type'].split(';')[0] != 'application/json' )
-            throw new Error('template POST data must be of type application/json');
-          var cfg = req.body;
-          templateMaps.addTemplate(cdbuser, cfg, this);
-        },
-        function prepareResponse(err, tpl_id){
-          if ( err ) throw err;
-          // NOTE: might omit "cdbuser" if == dbowner ...
-          return { template_id: cdbuser + '@' + tpl_id };
-        },
-        function finish(err, response){
-            if ( req.profiler ) {
-              res.header('X-Tiler-Profiler', req.profiler.toJSONString());
-            }
-            if (err){
-                response = { error: ''+err };
-                var statusCode = 400;
-                if ( ! _.isUndefined(err.http_status) ) {
-                  statusCode = err.http_status;
-                }
-                ws.sendError(res, response, statusCode, 'POST TEMPLATE', err);
-            } else {
-              ws.sendResponse(res, [response, 200]);
-            }
-        }
-      );
-    });
-
-    // Update a template
-    ws.put(template_baseurl + '/:template_id', function(req, res) {
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var cdbuser = ws.userByReq(req);
-      var template;
-      var tpl_id;
-      Step(
-        function checkPerms(){
-            serverOptions.authorizedByAPIKey(req, this);
-        },
-        function updateTemplate(err, authenticated) {
-          if ( err ) throw err;
-          if (authenticated !== 1) {
-            err = new Error("Only authenticated user can list templated maps");
-            err.http_status = 403;
-            throw err;
-          }
-          if ( ! req.headers['content-type'] || req.headers['content-type'].split(';')[0] != 'application/json' )
-            throw new Error('template PUT data must be of type application/json');
-          template = req.body;
-          tpl_id = req.params.template_id.split('@');
-          if ( tpl_id.length > 1 ) {
-            if ( tpl_id[0] != cdbuser ) {
-              err = new Error("Invalid template id '"
-                + req.params.template_id + "' for user '" + cdbuser + "'");
-              err.http_status = 404;
-              throw err;
-            }
-            tpl_id = tpl_id[1];
-          }
-          templateMaps.updTemplate(cdbuser, tpl_id, template, this);
-        },
-        function prepareResponse(err){
-          if ( err ) throw err;
-          return { template_id: cdbuser + '@' + tpl_id };
-        },
-        function finish(err, response){
-            if ( req.profiler ) {
-              res.header('X-Tiler-Profiler', req.profiler.toJSONString());
-            }
-            if (err){
-                var statusCode = 400;
-                response = { error: ''+err };
-                if ( ! _.isUndefined(err.http_status) ) {
-                  statusCode = err.http_status;
-                }
-                ws.sendError(res, response, statusCode, 'PUT TEMPLATE', err);
-            } else {
-              ws.sendResponse(res, [response, 200]);
-            }
-        }
-      );
-    });
-
-    // Get a specific template
-    ws.get(template_baseurl + '/:template_id', function(req, res) {
-      if ( req.profiler && req.profiler.statsd_client ) {
-        req.profiler.start('windshaft-cartodb.get_template');
-      }
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var cdbuser = ws.userByReq(req);
-      var template;
-      var tpl_id;
-      Step(
-        function checkPerms(){
-            serverOptions.authorizedByAPIKey(req, this);
-        },
-        function updateTemplate(err, authenticated) {
-          if ( err ) throw err;
-          if (authenticated !== 1) {
-            err = new Error("Only authenticated users can get template maps");
-            err.http_status = 403;
-            throw err;
-          }
-          tpl_id = req.params.template_id.split('@');
-          if ( tpl_id.length > 1 ) {
-            if ( tpl_id[0] != cdbuser ) {
-              var err = new Error("Cannot get template id '"
-                + req.params.template_id + "' for user '" + cdbuser + "'");
-              err.http_status = 404;
-              throw err;
-            }
-            tpl_id = tpl_id[1];
-          }
-          templateMaps.getTemplate(cdbuser, tpl_id, this);
-        },
-        function prepareResponse(err, tpl_val){
-          if ( err ) throw err;
-          if ( ! tpl_val ) {
-            err = new Error("Cannot find template '" + tpl_id + "' of user '" + cdbuser + "'");
-            err.http_status = 404;
-            throw err;
-          }
-          // auth_id was added by ourselves,
-          // so we remove it before returning to the user
-          delete tpl_val.auth_id;
-          return { template: tpl_val };
-        },
-        function finish(err, response){
-            if (err){
-                var statusCode = 400;
-                response = { error: ''+err };
-                if ( ! _.isUndefined(err.http_status) ) {
-                  statusCode = err.http_status;
-                }
-                ws.sendError(res, response, statusCode, 'GET TEMPLATE', err);
-            } else {
-              ws.sendResponse(res, [response, 200]);
-            }
-        }
-      );
-    });
-
-    // Delete a specific template
-    ws.del(template_baseurl + '/:template_id', function(req, res) {
-      if ( req.profiler && req.profiler.statsd_client ) {
-        req.profiler.start('windshaft-cartodb.delete_template');
-      }
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var cdbuser = ws.userByReq(req);
-      var template;
-      var tpl_id;
-      Step(
-        function checkPerms(){
-            serverOptions.authorizedByAPIKey(req, this);
-        },
-        function updateTemplate(err, authenticated) {
-          if ( err ) throw err;
-          if (authenticated !== 1) {
-            err = new Error("Only authenticated users can delete template maps");
-            err.http_status = 403;
-            throw err;
-          }
-          tpl_id = req.params.template_id.split('@');
-          if ( tpl_id.length > 1 ) {
-            if ( tpl_id[0] != cdbuser ) {
-              var err = new Error("Cannot find template id '"
-                + req.params.template_id + "' for user '" + cdbuser + "'");
-              err.http_status = 404;
-              throw err;
-            }
-            tpl_id = tpl_id[1];
-          }
-          templateMaps.delTemplate(cdbuser, tpl_id, this);
-        },
-        function prepareResponse(err, tpl_val){
-          if ( err ) throw err;
-          return { status: 'ok' };
-        },
-        function finish(err, response){
-            if (err){
-                var statusCode = 400;
-                response = { error: ''+err };
-                if ( ! _.isUndefined(err.http_status) ) {
-                  statusCode = err.http_status;
-                }
-                ws.sendError(res, response, statusCode, 'DELETE TEMPLATE', err);
-            } else {
-              ws.sendResponse(res, ['', 204]);
-            }
-        }
-      );
-    });
-
-    // Get a list of owned templates 
-    ws.get(template_baseurl, function(req, res) {
-      if ( req.profiler && req.profiler.statsd_client ) {
-        req.profiler.start('windshaft-cartodb.get_template_list');
-      }
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var cdbuser = ws.userByReq(req);
-      Step(
-        function checkPerms(){
-            serverOptions.authorizedByAPIKey(req, this);
-        },
-        function listTemplates(err, authenticated) {
-          if ( err ) throw err;
-          if (authenticated !== 1) {
-            err = new Error("Only authenticated user can list templated maps");
-            err.http_status = 403;
-            throw err;
-          }
-          templateMaps.listTemplates(cdbuser, this);
-        },
-        function prepareResponse(err, tpl_ids){
-          if ( err ) throw err;
-          // NOTE: might omit "cbduser" if == dbowner ...
-          var ids = _.map(tpl_ids, function(id) { return cdbuser + '@' + id; })
-          return { template_ids: ids };
-        },
-        function finish(err, response){
-            var statusCode = 200;
-            if (err){
-                response = { error: ''+err };
-                if ( ! _.isUndefined(err.http_status) ) {
-                  statusCode = err.http_status;
-                }
-                ws.sendError(res, response, statusCode, 'GET TEMPLATE LIST', err);
-            } else {
-              ws.sendResponse(res, [response, statusCode]);
-            }
-        }
-      );
-    });
-
-    ws.setDBParams = function(cdbuser, params, callback) {
-      Step(
-        function setAuth() {
-          serverOptions.setDBAuth(cdbuser, params, this);
-        },
-        function setConn(err) {
-          if ( err ) throw err;
-          serverOptions.setDBConn(cdbuser, params, this);
-        },
-        function finish(err) {
-          callback(err);
-        }
-      );
-    };
-
-    ws.options(template_baseurl + '/:template_id', function(req, res) {
-      ws.doCORS(res, "Content-Type");
-      return next();
-    });
-
-    // Instantiate a template
-    function instanciateTemplate(req, res, template_params, callback) {
-      ws.doCORS(res);
-      var that = this;
-      var response = {};
-      var template;
-      var signedMaps = serverOptions.signedMaps;
-      var layergroup;
-      var layergroupid;
-      var fakereq; // used for call to createLayergroup
-      var cdbuser = ws.userByReq(req);
-      // Format of template_id: [<template_owner>]@<template_id>
-      var tpl_id = req.params.template_id.split('@');
-      if ( tpl_id.length > 1 ) {
-        if ( tpl_id[0] && tpl_id[0] != cdbuser ) {
-          var err = new Error('Cannot instanciate map of user "'
-                              + tpl_id[0] + '" on database of user "'
-                              + cdbuser + '"')
-          err.http_status = 403;
-          callback(err);
-          return;
-        }
-        tpl_id = tpl_id[1];
-      }
-      var auth_token = req.query.auth_token;
-      Step(
-        function getTemplate(){
-          templateMaps.getTemplate(cdbuser, tpl_id, this);
-        },
-        function checkAuthorized(err, data) {
-          if ( req.profiler ) req.profiler.done('getTemplate');
-          if ( err ) throw err;
-          if ( ! data ) {
-            err = new Error("Template '" + tpl_id + "' of user '" + cdbuser + "' not found");
-            err.http_status = 404;
-            throw err;
-          }
-          template = data;
-          var cert = templateMaps.getTemplateCertificate(template);
-          var authorized = false;
-          try {
-            // authorizedByCert will throw if unauthorized
-            authorized = signedMaps.authorizedByCert(cert, auth_token);
-          } catch (err) {
-            // we catch to add http_status
-            err.http_status = 403;
-            throw err;
-          }
-          if ( ! authorized ) {
-            err = new Error('Unauthorized template instanciation');
-            err.http_status = 403;
-            throw err;
-          }
-          /*if ( (! req.headers['content-type'] || req.headers['content-type'].split(';')[0] != 'application/json') && req.query.callback === undefined) {
-            throw new Error('template POST data must be of type application/json, it is instead ');
-          }*/
-          //var template_params = req.body;
-          if ( req.profiler ) req.profiler.done('authorizedByCert');
-          return templateMaps.instance(template, template_params);
-        },
-        function prepareParams(err, instance){
-          if ( req.profiler ) req.profiler.done('TemplateMaps_instance');
-          if ( err ) throw err;
-          layergroup = instance;
-          fakereq = { query: {}, params: {}, headers: _.clone(req.headers),
-            method: req.method,
-            res: res,
-            profiler: req.profiler
-          };
-          ws.setDBParams(cdbuser, fakereq.params, this);
-        },
-        function setApiKey(err){
-          if ( req.profiler ) req.profiler.done('setDBParams');
-          if ( err ) throw err;
-          cartoData.getUserMapKey(cdbuser, this);
-        },
-        function createLayergroup(err, val) {
-          if ( req.profiler ) req.profiler.done('getUserMapKey');
-          if ( err ) throw err;
-          fakereq.params.api_key = val;
-          ws.createLayergroup(layergroup, fakereq, this);
-        },
-        function signLayergroup(err, resp) {
-          // NOTE: createLayergroup uses profiler.start()/end() internally
-          //if ( req.profiler ) req.profiler.done('createLayergroup');
-          if ( err ) throw err;
-          response = resp;
-          var signer = cdbuser;
-          var map_id = response.layergroupid.split(':')[0]; // dropping last_updated 
-          var crt_id = template.auth_id; // check ?
-          if ( ! crt_id ) {
-            var errmsg = "Template '" + tpl_id + "' of user '" + cdbuser + "' has no signature";
-            // Is this really illegal ?
-            // Maybe we could just return an unsigned layergroupid
-            // in this case...
-            err = new Error(errmsg);
-            err.http_status = 403; // Forbidden, we refuse to respond to this
-            throw err;
-          }
-          signedMaps.signMap(signer, map_id, crt_id, this);
-        },
-        function prepareResponse(err) {
-          if ( req.profiler ) req.profiler.done('signMap');
-          if ( err ) throw err;
-          //console.log("Response from createLayergroup: "); console.dir(response);
-          // Add the signature part to the token!
-          var tplhash = templateMaps.fingerPrint(template).substring(0,8);
-          if ( req.profiler ) req.profiler.done('fingerPrint');
-          response.layergroupid = cdbuser + '@' + tplhash + '@' + response.layergroupid;
-          return response;
-        },
-        callback
-      );
-    }
-
-    function finish_instanciation(err, response, res, req) {
-        if ( req.profiler ) {
-          res.header('X-Tiler-Profiler', req.profiler.toJSONString());
-        }
-        if (err) {
-            var statusCode = 400;
-            response = { error: ''+err };
-            if ( ! _.isUndefined(err.http_status) ) {
-              statusCode = err.http_status;
-            }
-            if(debug) {
-              response.stack = err.stack;
-            }
-            ws.sendError(res, response, statusCode, 'POST INSTANCE TEMPLATE', err);
-        } else {
-          ws.sendResponse(res, [response, 200]);
-        }
-    }
-
-    ws.post(template_baseurl + '/:template_id', function(req, res) {
-      if ( req.profiler && req.profiler.statsd_client) {
-        req.profiler.start('windshaft-cartodb.instance_template_post');
-      }
-      Step(
-        function() {
-          if ( ! req.headers['content-type'] || req.headers['content-type'].split(';')[0] != 'application/json') {
-            throw new Error('template POST data must be of type application/json, it is instead ');
-          }
-          instanciateTemplate(req, res, req.body, this);
-        }, function(err, response) {
-          finish_instanciation(err, response, res, req);
-        }
-      );
-    });
-
-    /**
-     * jsonp endpoint, allows to instanciate a template with a json call.
-     * callback query argument is mandartoy
-     */
-    ws.get(template_baseurl + '/:template_id/jsonp', function(req, res) {
-      if ( req.profiler && req.profiler.statsd_client) {
-        req.profiler.start('windshaft-cartodb.instance_template_get');
-      }
-      Step(
-        function() {
-          if ( req.query.callback === undefined || req.query.callback.length === 0) {
-            throw new Error('callback parameter should be present and be a function name');
-          }
-          var config = {};
-          if(req.query.config) {
-            try {
-              config = JSON.parse(req.query.config);
-            } catch(e) {
-              throw new Error('badformed config parameter, should be a valid JSON');
-            }
-          }
-          instanciateTemplate(req, res, config, this);
-        }, function(err, response) {
-          finish_instanciation(err, response, res, req);
-        }
-      );
-    });
-
-
-    // ---- Template maps interface ends @}
-
-    return ws;
-}
-
-module.exports = CartodbWindshaft;
--- a/lib/cartodb/controllers/base.js
+++ b/lib/cartodb/controllers/base.js
@@ -0,0 +1,250 @@
+var assert = require('assert');
+
+var _ = require('underscore');
+var step = require('step');
+var debug = require('debug')('windshaft:cartodb');
+
+var LZMA = require('lzma').LZMA;
+var lzmaWorker = new LZMA();
+
+// Whitelist query parameters and attach format
+var REQUEST_QUERY_PARAMS_WHITELIST = [
+    'config',
+    'map_key',
+    'api_key',
+    'auth_token',
+    'callback'
+];
+
+function BaseController(authApi, pgConnection) {
+    this.authApi = authApi;
+    this.pgConnection = pgConnection;
+}
+
+module.exports = BaseController;
+
+// jshint maxcomplexity:9
+/**
+ * Whitelist input and get database name & default geometry type from
+ * subdomain/user metadata held in CartoDB Redis
+ * @param req - standard express request obj. Should have host & table
+ * @param callback
+ */
+BaseController.prototype.req2params = function(req, callback){
+    var self = this;
+
+    if ( req.query.lzma ) {
+
+        // Decode (from base64)
+        var lzma = new Buffer(req.query.lzma, 'base64')
+            .toString('binary')
+            .split('')
+            .map(function(c) {
+                return c.charCodeAt(0) - 128;
+            });
+
+
+        // Decompress
+        lzmaWorker.decompress(
+            lzma,
+            function(result) {
+                if (req.profiler) {
+                    req.profiler.done('lzma');
+                }
+                try {
+                    delete req.query.lzma;
+                    _.extend(req.query, JSON.parse(result));
+                    self.req2params(req, callback);
+                } catch (err) {
+                    req.profiler.done('req2params');
+                    callback(new Error('Error parsing lzma as JSON: ' + err));
+                }
+            }
+        );
+        return;
+    }
+
+    req.query = _.pick(req.query, REQUEST_QUERY_PARAMS_WHITELIST);
+    req.params = _.extend({}, req.params); // shuffle things as request is a strange array/object
+
+    var user = req.context.user;
+
+    if ( req.params.token ) {
+        // Token might match the following patterns:
+        // - {user}@{tpl_id}@{token}:{cache_buster}
+        var tksplit = req.params.token.split(':');
+        req.params.token = tksplit[0];
+        if ( tksplit.length > 1 ) {
+            req.params.cache_buster= tksplit[1];
+        }
+        tksplit = req.params.token.split('@');
+        if ( tksplit.length > 1 ) {
+            req.params.signer = tksplit.shift();
+            if ( ! req.params.signer ) {
+                req.params.signer = user;
+            }
+            else if ( req.params.signer !== user ) {
+                var err = new Error(
+                        'Cannot use map signature of user "' + req.params.signer + '" on db of user "' + user + '"'
+                );
+                err.http_status = 403;
+                req.profiler.done('req2params');
+                callback(err);
+                return;
+            }
+            if ( tksplit.length > 1 ) {
+                /*var template_hash = */tksplit.shift(); // unused
+            }
+            req.params.token = tksplit.shift();
+        }
+    }
+
+    // bring all query values onto req.params object
+    _.extend(req.params, req.query);
+
+    if (req.profiler) {
+        req.profiler.done('req2params.setup');
+    }
+
+    step(
+        function getPrivacy(){
+            self.authApi.authorize(req, this);
+        },
+        function validateAuthorization(err, authorized) {
+            if (req.profiler) {
+                req.profiler.done('authorize');
+            }
+            assert.ifError(err);
+            if(!authorized) {
+                err = new Error("Sorry, you are unauthorized (permission denied)");
+                err.http_status = 403;
+                throw err;
+            }
+            return null;
+        },
+        function getDatabase(err){
+            assert.ifError(err);
+            self.pgConnection.setDBConn(user, req.params, this);
+        },
+        function finishSetup(err) {
+            if ( err ) {
+                req.profiler.done('req2params');
+                return callback(err, req);
+            }
+
+            // Add default database connection parameters
+            // if none given
+            _.defaults(req.params, {
+                dbuser: global.environment.postgres.user,
+                dbpassword: global.environment.postgres.password,
+                dbhost: global.environment.postgres.host,
+                dbport: global.environment.postgres.port
+            });
+
+            req.profiler.done('req2params');
+            callback(null, req);
+        }
+    );
+};
+// jshint maxcomplexity:6
+
+// jshint maxcomplexity:9
+BaseController.prototype.send = function(req, res, body, status, headers) {
+    if (req.params.dbhost) {
+        res.set('X-Served-By-DB-Host', req.params.dbhost);
+    }
+
+    if (req.profiler) {
+        res.set('X-Tiler-Profiler', req.profiler.toJSONString());
+    }
+
+    if (headers) {
+        res.set(headers);
+    }
+
+    res.status(status);
+
+    if (!Buffer.isBuffer(body) && typeof body === 'object') {
+        if (req.query && req.query.callback) {
+            res.jsonp(body);
+        } else {
+            res.json(body);
+        }
+    } else {
+        res.send(body);
+    }
+
+    if (req.profiler) {
+        try {
+            // May throw due to dns, see
+            // See http://github.com/CartoDB/Windshaft/issues/166
+            req.profiler.sendStats();
+        } catch (err) {
+            debug("error sending profiling stats: " + err);
+        }
+    }
+};
+// jshint maxcomplexity:6
+
+BaseController.prototype.sendError = function(req, res, err, label) {
+    label = label || 'UNKNOWN';
+
+    var statusCode = findStatusCode(err);
+
+    debug('[%s ERROR] -- %d: %s', label, statusCode, err);
+
+    // If a callback was requested, force status to 200
+    if (req.query && req.query.callback) {
+        statusCode = 200;
+    }
+
+    var errorResponseBody = { errors: [errorMessage(err)] };
+
+    this.send(req, res, errorResponseBody, statusCode);
+};
+
+function errorMessage(err) {
+    // See https://github.com/Vizzuality/Windshaft-cartodb/issues/68
+    var message = (_.isString(err) ? err : err.message) || 'Unknown error';
+
+    // Strip connection info, if any
+    return message
+        // See https://github.com/CartoDB/Windshaft/issues/173
+        .replace(/Connection string: '[^']*'\n\s/im, '')
+        // See https://travis-ci.org/CartoDB/Windshaft/jobs/20703062#L1644
+        .replace(/is the server.*encountered/im, 'encountered');
+}
+module.exports.errorMessage = errorMessage;
+
+function findStatusCode(err) {
+    var statusCode;
+    if ( err.http_status ) {
+        statusCode = err.http_status;
+    } else {
+        statusCode = statusFromErrorMessage('' + err);
+    }
+    return statusCode;
+}
+module.exports.findStatusCode = findStatusCode;
+
+function statusFromErrorMessage(errMsg) {
+    // Find an appropriate statusCode based on message
+    var statusCode = 400;
+    if ( -1 !== errMsg.indexOf('permission denied') ) {
+        statusCode = 403;
+    }
+    else if ( -1 !== errMsg.indexOf('authentication failed') ) {
+        statusCode = 403;
+    }
+    else if (errMsg.match(/Postgis Plugin.*[\s|\n].*column.*does not exist/)) {
+        statusCode = 400;
+    }
+    else if ( -1 !== errMsg.indexOf('does not exist') ) {
+        if ( -1 !== errMsg.indexOf(' role ') ) {
+            statusCode = 403; // role 'xxx' does not exist
+        } else {
+            statusCode = 404;
+        }
+    }
+    return statusCode;
+}
--- a/lib/cartodb/controllers/index.js
+++ b/lib/cartodb/controllers/index.js
@@ -0,0 +1,7 @@
+module.exports = {
+    Layergroup: require('./layergroup'),
+    Map: require('./map'),
+    NamedMaps: require('./named_maps'),
+    NamedMapsAdmin: require('./named_maps_admin'),
+    ServerInfo: require('./server_info')
+};
--- a/lib/cartodb/controllers/layergroup.js
+++ b/lib/cartodb/controllers/layergroup.js
@@ -0,0 +1,314 @@
+var assert = require('assert');
+var step = require('step');
+
+var util = require('util');
+var BaseController = require('./base');
+
+var cors = require('../middleware/cors');
+var userMiddleware = require('../middleware/user');
+
+var MapStoreMapConfigProvider = require('../models/mapconfig/map_store_provider');
+var TablesCacheEntry = require('../cache/model/database_tables_entry');
+
+/**
+ * @param {AuthApi} authApi
+ * @param {PgConnection} pgConnection
+ * @param {MapStore} mapStore
+ * @param {TileBackend} tileBackend
+ * @param {PreviewBackend} previewBackend
+ * @param {AttributesBackend} attributesBackend
+ * @param {SurrogateKeysCache} surrogateKeysCache
+ * @param {UserLimitsApi} userLimitsApi
+ * @param {QueryTablesApi} queryTablesApi
+ * @param {LayergroupAffectedTables} layergroupAffectedTables
+ * @constructor
+ */
+function LayergroupController(authApi, pgConnection, mapStore, tileBackend, previewBackend, attributesBackend,
+                              surrogateKeysCache, userLimitsApi, queryTablesApi, layergroupAffectedTables) {
+    BaseController.call(this, authApi, pgConnection);
+
+    this.mapStore = mapStore;
+    this.tileBackend = tileBackend;
+    this.previewBackend = previewBackend;
+    this.attributesBackend = attributesBackend;
+    this.surrogateKeysCache = surrogateKeysCache;
+    this.userLimitsApi = userLimitsApi;
+    this.queryTablesApi = queryTablesApi;
+    this.layergroupAffectedTables = layergroupAffectedTables;
+}
+
+util.inherits(LayergroupController, BaseController);
+
+module.exports = LayergroupController;
+
+
+LayergroupController.prototype.register = function(app) {
+    app.get(app.base_url_mapconfig +
+        '/:token/:z/:x/:y@:scale_factor?x.:format', cors(), userMiddleware,
+        this.tile.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/:token/:z/:x/:y.:format', cors(), userMiddleware,
+        this.tile.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/:token/:layer/:z/:x/:y.(:format)', cors(), userMiddleware,
+        this.layer.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/:token/:layer/attributes/:fid', cors(), userMiddleware,
+        this.attributes.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/static/center/:token/:z/:lat/:lng/:width/:height.:format', cors(), userMiddleware,
+        this.center.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/static/bbox/:token/:west,:south,:east,:north/:width/:height.:format', cors(), userMiddleware,
+        this.bbox.bind(this));
+};
+
+LayergroupController.prototype.attributes = function(req, res) {
+    var self = this;
+
+    req.profiler.start('windshaft.maplayer_attribute');
+
+    step(
+        function setupParams() {
+            self.req2params(req, this);
+        },
+        function retrieveFeatureAttributes(err) {
+            assert.ifError(err);
+
+            var mapConfigProvider = new MapStoreMapConfigProvider(
+                self.mapStore, req.context.user, self.userLimitsApi, req.params
+            );
+            self.attributesBackend.getFeatureAttributes(mapConfigProvider, req.params, false, this);
+        },
+        function finish(err, tile, stats) {
+            req.profiler.add(stats || {});
+
+            if (err) {
+                self.sendError(req, res, err, 'GET ATTRIBUTES');
+            } else {
+                self.sendResponse(req, res, tile, 200);
+            }
+        }
+    );
+
+};
+
+// Gets a tile for a given token and set of tile ZXY coords. (OSM style)
+LayergroupController.prototype.tile = function(req, res) {
+    req.profiler.start('windshaft.map_tile');
+    this.tileOrLayer(req, res);
+};
+
+// Gets a tile for a given token, layer set of tile ZXY coords. (OSM style)
+LayergroupController.prototype.layer = function(req, res, next) {
+    if (req.params.token === 'static') {
+        return next();
+    }
+    req.profiler.start('windshaft.maplayer_tile');
+    this.tileOrLayer(req, res);
+};
+
+LayergroupController.prototype.tileOrLayer = function (req, res) {
+    var self = this;
+
+    step(
+        function mapController$prepareParams() {
+            self.req2params(req, this);
+        },
+        function mapController$getTileOrGrid(err) {
+            assert.ifError(err);
+            self.tileBackend.getTile(
+                new MapStoreMapConfigProvider(self.mapStore, req.context.user, self.userLimitsApi, req.params),
+                req.params, this
+            );
+        },
+        function mapController$finalize(err, tile, headers, stats) {
+            req.profiler.add(stats);
+            self.finalizeGetTileOrGrid(err, req, res, tile, headers);
+        }
+    );
+};
+
+// This function is meant for being called as the very last
+// step by all endpoints serving tiles or grids
+LayergroupController.prototype.finalizeGetTileOrGrid = function(err, req, res, tile, headers) {
+    var supportedFormats = {
+        grid_json: true,
+        json_torque: true,
+        torque_json: true,
+        png: true
+    };
+
+    var formatStat = 'invalid';
+    if (req.params.format) {
+        var format = req.params.format.replace('.', '_');
+        if (supportedFormats[format]) {
+            formatStat = format;
+        }
+    }
+
+    if (err) {
+        // See https://github.com/Vizzuality/Windshaft-cartodb/issues/68
+        var errMsg = err.message ? ( '' + err.message ) : ( '' + err );
+
+        // Rewrite mapnik parsing errors to start with layer number
+        var matches = errMsg.match("(.*) in style 'layer([0-9]+)'");
+        if (matches) {
+            errMsg = 'style'+matches[2]+': ' + matches[1];
+        }
+        err.message = errMsg;
+
+        this.sendError(req, res, err, 'TILE RENDER');
+        global.statsClient.increment('windshaft.tiles.error');
+        global.statsClient.increment('windshaft.tiles.' + formatStat + '.error');
+    } else {
+        this.sendResponse(req, res, tile, 200, headers);
+        global.statsClient.increment('windshaft.tiles.success');
+        global.statsClient.increment('windshaft.tiles.' + formatStat + '.success');
+    }
+};
+
+LayergroupController.prototype.bbox = function(req, res) {
+    this.staticMap(req, res, +req.params.width, +req.params.height, {
+        west: +req.params.west,
+        north: +req.params.north,
+        east: +req.params.east,
+        south: +req.params.south
+    });
+};
+
+LayergroupController.prototype.center = function(req, res) {
+    this.staticMap(req, res, +req.params.width, +req.params.height, +req.params.z, {
+        lng: +req.params.lng,
+        lat: +req.params.lat
+    });
+};
+
+LayergroupController.prototype.staticMap = function(req, res, width, height, zoom /* bounds */, center) {
+    var format = req.params.format === 'jpg' ? 'jpeg' : 'png';
+    req.params.layer = 'all';
+    req.params.format = 'png';
+
+    var self = this;
+
+    step(
+        function reqParams() {
+            self.req2params(req, this);
+        },
+        function getImage(err) {
+            assert.ifError(err);
+            if (center) {
+                self.previewBackend.getImage(
+                    new MapStoreMapConfigProvider(self.mapStore, req.context.user, self.userLimitsApi, req.params),
+                    format, width, height, zoom, center, this);
+            } else {
+                self.previewBackend.getImage(
+                    new MapStoreMapConfigProvider(self.mapStore, req.context.user, self.userLimitsApi, req.params),
+                    format, width, height, zoom /* bounds */, this);
+            }
+        },
+        function handleImage(err, image, headers, stats) {
+            req.profiler.done('render-' + format);
+            req.profiler.add(stats || {});
+
+            if (err) {
+                self.sendError(req, res, err, 'STATIC_MAP');
+            } else {
+                res.set('Content-Type', headers['Content-Type'] || 'image/' + format);
+                self.sendResponse(req, res, image, 200);
+            }
+        }
+    );
+};
+
+LayergroupController.prototype.sendResponse = function(req, res, body, status, headers) {
+    var self = this;
+
+    res.set('Cache-Control', 'public,max-age=31536000');
+
+    // Set Last-Modified header
+    var lastUpdated;
+    if (req.params.cache_buster) {
+        // Assuming cache_buster is a timestamp
+        lastUpdated = new Date(parseInt(req.params.cache_buster));
+    } else {
+        lastUpdated = new Date();
+    }
+    res.set('Last-Modified', lastUpdated.toUTCString());
+
+    var dbName = req.params.dbname;
+    step(
+        function getAffectedTables() {
+            self.getAffectedTables(req.context.user, dbName, req.params.token, this);
+        },
+        function sendResponse(err, affectedTables) {
+            req.profiler.done('affectedTables');
+            if (err) {
+                global.logger.warn('ERROR generating cache channel: ' + err);
+            }
+            if (!!affectedTables) {
+                var tablesCacheEntry = new TablesCacheEntry(dbName, affectedTables);
+                res.set('X-Cache-Channel', tablesCacheEntry.getCacheChannel());
+                self.surrogateKeysCache.tag(res, tablesCacheEntry);
+            }
+            self.send(req, res, body, status, headers);
+        }
+    );
+
+};
+
+LayergroupController.prototype.getAffectedTables = function(user, dbName, layergroupId, callback) {
+
+    if (this.layergroupAffectedTables.hasAffectedTables(dbName, layergroupId)) {
+        return callback(null, this.layergroupAffectedTables.get(dbName, layergroupId));
+    }
+
+    var self = this;
+    step(
+        function extractSQL() {
+            step(
+                function loadFromStore() {
+                    self.mapStore.load(layergroupId, this);
+                },
+                function getSQL(err, mapConfig) {
+                    assert.ifError(err);
+
+                    var queries = mapConfig.getLayers()
+                        .map(function(lyr) {
+                            return lyr.options.sql;
+                        })
+                        .filter(function(sql) {
+                            return !!sql;
+                        });
+
+                    return queries.length ? queries.join(';') : null;
+                },
+                this
+            );
+        },
+        function findAffectedTables(err, sql) {
+            assert.ifError(err);
+
+            if ( ! sql ) {
+                throw new Error("this request doesn't need an X-Cache-Channel generated");
+            }
+
+            self.queryTablesApi.getAffectedTablesInQuery(user, sql, this); // in addCacheChannel
+        },
+        function buildCacheChannel(err, tableNames) {
+            assert.ifError(err);
+
+            self.layergroupAffectedTables.set(dbName, layergroupId, tableNames);
+
+            return tableNames;
+        },
+        function finish(err, affectedTables) {
+            callback(err, affectedTables);
+        }
+    );
+};
--- a/lib/cartodb/controllers/map.js
+++ b/lib/cartodb/controllers/map.js
@@ -0,0 +1,326 @@
+var _ = require('underscore');
+var assert = require('assert');
+var step = require('step');
+var windshaft = require('windshaft');
+
+var util = require('util');
+var BaseController = require('./base');
+
+var cors = require('../middleware/cors');
+var userMiddleware = require('../middleware/user');
+
+var MapConfig = windshaft.model.MapConfig;
+var Datasource = windshaft.model.Datasource;
+
+var NamedMapsCacheEntry = require('../cache/model/named_maps_entry');
+var TablesCacheEntry = require('../cache/model/database_tables_entry');
+
+var MapConfigNamedLayersAdapter = require('../models/mapconfig_named_layers_adapter');
+var NamedMapMapConfigProvider = require('../models/mapconfig/named_map_provider');
+var CreateLayergroupMapConfigProvider = require('../models/mapconfig/create_layergroup_provider');
+
+/**
+ * @param {AuthApi} authApi
+ * @param {PgConnection} pgConnection
+ * @param {TemplateMaps} templateMaps
+ * @param {MapBackend} mapBackend
+ * @param metadataBackend
+ * @param {QueryTablesApi} queryTablesApi
+ * @param {SurrogateKeysCache} surrogateKeysCache
+ * @param {UserLimitsApi} userLimitsApi
+ * @param {LayergroupAffectedTables} layergroupAffectedTables
+ * @constructor
+ */
+function MapController(authApi, pgConnection, templateMaps, mapBackend, metadataBackend, queryTablesApi,
+                       surrogateKeysCache, userLimitsApi, layergroupAffectedTables) {
+
+    BaseController.call(this, authApi, pgConnection);
+
+    this.pgConnection = pgConnection;
+    this.templateMaps = templateMaps;
+    this.mapBackend = mapBackend;
+    this.metadataBackend = metadataBackend;
+    this.queryTablesApi = queryTablesApi;
+    this.surrogateKeysCache = surrogateKeysCache;
+    this.userLimitsApi = userLimitsApi;
+    this.layergroupAffectedTables = layergroupAffectedTables;
+
+    this.namedLayersAdapter = new MapConfigNamedLayersAdapter(templateMaps);
+}
+
+util.inherits(MapController, BaseController);
+
+module.exports = MapController;
+
+
+MapController.prototype.register = function(app) {
+    app.get(app.base_url_mapconfig, cors(), userMiddleware, this.createGet.bind(this));
+    app.post(app.base_url_mapconfig, cors(), userMiddleware, this.createPost.bind(this));
+    app.get(app.base_url_templated + '/:template_id/jsonp', cors(), userMiddleware, this.jsonp.bind(this));
+    app.post(app.base_url_templated + '/:template_id', cors(), userMiddleware, this.instantiate.bind(this));
+    app.options(app.base_url_mapconfig, cors('Content-Type'));
+};
+
+MapController.prototype.createGet = function(req, res){
+    req.profiler.start('windshaft.createmap_get');
+
+    this.create(req, res, function createGet$prepareConfig(err, req) {
+        assert.ifError(err);
+        if ( ! req.params.config ) {
+            throw new Error('layergroup GET needs a "config" parameter');
+        }
+        return JSON.parse(req.params.config);
+    });
+};
+
+MapController.prototype.createPost = function(req, res) {
+    req.profiler.start('windshaft.createmap_post');
+
+    this.create(req, res, function createPost$prepareConfig(err, req) {
+        assert.ifError(err);
+        if (!req.is('application/json')) {
+            throw new Error('layergroup POST data must be of type application/json');
+        }
+        return req.body;
+    });
+};
+
+MapController.prototype.instantiate = function(req, res) {
+    if (req.profiler) {
+        req.profiler.start('windshaft-cartodb.instance_template_post');
+    }
+
+    this.instantiateTemplate(req, res, function prepareTemplateParams(callback) {
+        if (!req.is('application/json')) {
+            return callback(new Error('Template POST data must be of type application/json'));
+        }
+        return callback(null, req.body);
+    });
+};
+
+MapController.prototype.jsonp = function(req, res) {
+    if (req.profiler) {
+        req.profiler.start('windshaft-cartodb.instance_template_get');
+    }
+
+    this.instantiateTemplate(req, res, function prepareJsonTemplateParams(callback) {
+        var err = null;
+        if ( req.query.callback === undefined || req.query.callback.length === 0) {
+            err = new Error('callback parameter should be present and be a function name');
+        }
+
+        var templateParams = {};
+        if (req.query.config) {
+            try {
+                templateParams = JSON.parse(req.query.config);
+            } catch(e) {
+                err = new Error('Invalid config parameter, should be a valid JSON');
+            }
+        }
+
+        return callback(err, templateParams);
+    });
+};
+
+MapController.prototype.create = function(req, res, prepareConfigFn) {
+    var self = this;
+
+    var mapConfig;
+
+    step(
+        function setupParams(){
+            self.req2params(req, this);
+        },
+        prepareConfigFn,
+        function beforeLayergroupCreate(err, requestMapConfig) {
+            assert.ifError(err);
+            var next = this;
+            self.namedLayersAdapter.getLayers(req.context.user, requestMapConfig.layers, self.pgConnection,
+                function(err, layers, datasource) {
+                    if (err) {
+                        return next(err);
+                    }
+
+                    if (layers) {
+                        requestMapConfig.layers = layers;
+                    }
+                    return next(null, requestMapConfig, datasource);
+                }
+            );
+        },
+        function createLayergroup(err, requestMapConfig, datasource) {
+            assert.ifError(err);
+            mapConfig = new MapConfig(requestMapConfig, datasource || Datasource.EmptyDatasource());
+            self.mapBackend.createLayergroup(
+                mapConfig, req.params,
+                new CreateLayergroupMapConfigProvider(mapConfig, req.context.user, self.userLimitsApi, req.params),
+                this
+            );
+        },
+        function afterLayergroupCreate(err, layergroup) {
+            assert.ifError(err);
+            self.afterLayergroupCreate(req, res, mapConfig, layergroup, this);
+        },
+        function finish(err, layergroup) {
+            if (err) {
+                self.sendError(req, res, err, 'ANONYMOUS LAYERGROUP');
+            } else {
+                res.set('X-Layergroup-Id', layergroup.layergroupid);
+                self.send(req, res, layergroup, 200);
+            }
+        }
+    );
+};
+
+MapController.prototype.instantiateTemplate = function(req, res, prepareParamsFn) {
+    var self = this;
+
+    var cdbuser = req.context.user;
+
+    var mapConfigProvider;
+    var mapConfig;
+
+    step(
+        function setupParams(){
+            self.req2params(req, this);
+        },
+        function getTemplateParams() {
+            prepareParamsFn(this);
+        },
+        function getTemplate(err, templateParams) {
+            assert.ifError(err);
+            mapConfigProvider = new NamedMapMapConfigProvider(
+                self.templateMaps,
+                self.pgConnection,
+                self.userLimitsApi,
+                self.queryTablesApi,
+                self.namedLayersAdapter,
+                cdbuser,
+                req.params.template_id,
+                templateParams,
+                req.query.auth_token,
+                req.params
+            );
+            mapConfigProvider.getMapConfig(this);
+        },
+        function createLayergroup(err, mapConfig_, rendererParams/*, context*/) {
+            assert.ifError(err);
+            mapConfig = mapConfig_;
+            self.mapBackend.createLayergroup(
+                mapConfig, rendererParams,
+                new CreateLayergroupMapConfigProvider(mapConfig, cdbuser, self.userLimitsApi, rendererParams),
+                this
+            );
+        },
+        function afterLayergroupCreate(err, layergroup) {
+            assert.ifError(err);
+            self.afterLayergroupCreate(req, res, mapConfig, layergroup, this);
+        },
+        function finishTemplateInstantiation(err, layergroup) {
+            if (err) {
+                self.sendError(req, res, err, 'NAMED MAP LAYERGROUP');
+            } else {
+                var templateHash = self.templateMaps.fingerPrint(mapConfigProvider.template).substring(0, 8);
+                layergroup.layergroupid = cdbuser + '@' + templateHash + '@' + layergroup.layergroupid;
+
+                res.set('X-Layergroup-Id', layergroup.layergroupid);
+                self.surrogateKeysCache.tag(res, new NamedMapsCacheEntry(cdbuser, mapConfigProvider.getTemplateName()));
+
+                self.send(req, res, layergroup, 200);
+            }
+        }
+    );
+};
+
+
+MapController.prototype.afterLayergroupCreate = function(req, res, mapconfig, layergroup, callback) {
+    var self = this;
+
+    var username = req.context.user;
+
+    var tasksleft = 2; // redis key and affectedTables
+    var errors = [];
+
+    var done = function(err) {
+        if ( err ) {
+            errors.push('' + err);
+        }
+        if ( ! --tasksleft ) {
+            err = errors.length ? new Error(errors.join('\n')) : null;
+            callback(err, layergroup);
+        }
+    };
+
+    // include in layergroup response the variables in serverMedata
+    // those variables are useful to send to the client information
+    // about how to reach this server or information about it
+    _.extend(layergroup, global.environment.serverMetadata);
+
+    // Don't wait for the mapview count increment to
+    // take place before proceeding. Error will be logged
+    // asynchronously
+    this.metadataBackend.incMapviewCount(username, mapconfig.obj().stat_tag, function(err) {
+        if (req.profiler) {
+            req.profiler.done('incMapviewCount');
+        }
+        if ( err ) {
+            global.logger.log("ERROR: failed to increment mapview count for user '" + username + "': " + err);
+        }
+        done();
+    });
+
+    var sql = mapconfig.getLayers().map(function(layer) {
+        return layer.options.sql;
+    }).join(';');
+
+    var dbName = req.params.dbname;
+    var layergroupId = layergroup.layergroupid;
+
+    step(
+        function checkCachedAffectedTables() {
+            return self.layergroupAffectedTables.hasAffectedTables(dbName, layergroupId);
+        },
+        function getAffectedTablesAndLastUpdatedTime(err, hasCache) {
+            assert.ifError(err);
+            if (hasCache) {
+                var next = this;
+                var affectedTables = self.layergroupAffectedTables.get(dbName, layergroupId);
+                self.queryTablesApi.getLastUpdatedTime(username, affectedTables, function(err, lastUpdatedTime) {
+                    if (err) {
+                        return next(err);
+                    }
+                    return next(null, { affectedTables: affectedTables, lastUpdatedTime: lastUpdatedTime });
+                });
+            } else {
+                self.queryTablesApi.getAffectedTablesAndLastUpdatedTime(username, sql, this);
+            }
+        },
+        function handleAffectedTablesAndLastUpdatedTime(err, result) {
+            if (req.profiler) {
+                req.profiler.done('queryTablesAndLastUpdated');
+            }
+            assert.ifError(err);
+            self.layergroupAffectedTables.set(dbName, layergroupId, result.affectedTables);
+
+            // last update for layergroup cache buster
+            layergroup.layergroupid = layergroup.layergroupid + ':' + result.lastUpdatedTime;
+            layergroup.last_updated = new Date(result.lastUpdatedTime).toISOString();
+
+            if (req.method === 'GET') {
+                var tableCacheEntry = new TablesCacheEntry(dbName, result.affectedTables);
+                var ttl = global.environment.varnish.layergroupTtl || 86400;
+                res.set('Cache-Control', 'public,max-age='+ttl+',must-revalidate');
+                res.set('Last-Modified', (new Date()).toUTCString());
+                res.set('X-Cache-Channel', tableCacheEntry.getCacheChannel());
+                if (result.affectedTables && result.affectedTables.length > 0) {
+                    self.surrogateKeysCache.tag(res, tableCacheEntry);
+                }
+            }
+
+            return null;
+        },
+        function finish(err) {
+            done(err);
+        }
+    );
+};
--- a/lib/cartodb/controllers/named_maps.js
+++ b/lib/cartodb/controllers/named_maps.js
@@ -0,0 +1,281 @@
+var step = require('step');
+var assert = require('assert');
+var _ = require('underscore');
+var NamedMapsCacheEntry = require('../cache/model/named_maps_entry');
+
+var util = require('util');
+var BaseController = require('./base');
+
+var cors = require('../middleware/cors');
+var userMiddleware = require('../middleware/user');
+
+var TablesCacheEntry = require('../cache/model/database_tables_entry');
+
+function NamedMapsController(authApi, pgConnection, namedMapProviderCache, tileBackend, previewBackend,
+                             surrogateKeysCache, tablesExtentApi, metadataBackend) {
+    BaseController.call(this, authApi, pgConnection);
+
+    this.namedMapProviderCache = namedMapProviderCache;
+    this.tileBackend = tileBackend;
+    this.previewBackend = previewBackend;
+    this.surrogateKeysCache = surrogateKeysCache;
+    this.tablesExtentApi = tablesExtentApi;
+    this.metadataBackend = metadataBackend;
+}
+
+util.inherits(NamedMapsController, BaseController);
+
+module.exports = NamedMapsController;
+
+NamedMapsController.prototype.register = function(app) {
+    app.get(app.base_url_templated +
+        '/:template_id/:layer/:z/:x/:y.(:format)', cors(), userMiddleware,
+        this.tile.bind(this));
+
+    app.get(app.base_url_mapconfig +
+        '/static/named/:template_id/:width/:height.:format', cors(), userMiddleware,
+        this.staticMap.bind(this));
+};
+
+NamedMapsController.prototype.sendResponse = function(req, res, resource, headers, namedMapProvider) {
+    this.surrogateKeysCache.tag(res, new NamedMapsCacheEntry(req.context.user, namedMapProvider.getTemplateName()));
+    res.set('Content-Type', headers['content-type'] || headers['Content-Type'] || 'image/png');
+    res.set('Cache-Control', 'public,max-age=7200,must-revalidate');
+
+    var self = this;
+
+    var dbName = req.params.dbname;
+    step(
+        function getAffectedTablesAndLastUpdatedTime() {
+            namedMapProvider.getAffectedTablesAndLastUpdatedTime(this);
+        },
+        function sendResponse(err, result) {
+            req.profiler.done('affectedTables');
+            if (err) {
+                global.logger.log('ERROR generating cache channel: ' + err);
+            }
+            if (!result || !!result.affectedTables) {
+                // we increase cache control as we can invalidate it
+                res.set('Cache-Control', 'public,max-age=31536000');
+
+                var lastModifiedDate;
+                if (Number.isFinite(result.lastUpdatedTime)) {
+                    lastModifiedDate = new Date(result.lastUpdatedTime);
+                } else {
+                    lastModifiedDate = new Date();
+                }
+                res.set('Last-Modified', lastModifiedDate.toUTCString());
+
+                var tablesCacheEntry = new TablesCacheEntry(dbName, result.affectedTables);
+                res.set('X-Cache-Channel', tablesCacheEntry.getCacheChannel());
+                if (result.affectedTables.length > 0) {
+                    self.surrogateKeysCache.tag(res, tablesCacheEntry);
+                }
+            }
+            self.send(req, res, resource, 200);
+        }
+    );
+};
+
+NamedMapsController.prototype.tile = function(req, res) {
+    var self = this;
+
+    var cdbUser = req.context.user;
+
+    var namedMapProvider;
+    step(
+        function reqParams() {
+            self.req2params(req, this);
+        },
+        function getNamedMapProvider(err) {
+            assert.ifError(err);
+            self.namedMapProviderCache.get(
+                cdbUser,
+                req.params.template_id,
+                req.query.config,
+                req.query.auth_token,
+                req.params,
+                this
+            );
+        },
+        function getTile(err, _namedMapProvider) {
+            assert.ifError(err);
+            namedMapProvider = _namedMapProvider;
+            self.tileBackend.getTile(namedMapProvider, req.params, this);
+        },
+        function handleImage(err, tile, headers, stats) {
+            if (req.profiler) {
+                req.profiler.add(stats);
+            }
+            if (err) {
+                self.sendError(req, res, err, 'NAMED_MAP_TILE');
+            } else {
+                self.sendResponse(req, res, tile, headers, namedMapProvider);
+            }
+        }
+    );
+};
+
+NamedMapsController.prototype.staticMap = function(req, res) {
+    var self = this;
+
+    var cdbUser = req.context.user;
+
+    var format = req.params.format === 'jpg' ? 'jpeg' : 'png';
+    req.params.format = 'png';
+    req.params.layer = 'all';
+
+    var namedMapProvider;
+    step(
+        function reqParams() {
+            self.req2params(req, this);
+        },
+        function getNamedMapProvider(err) {
+            assert.ifError(err);
+            self.namedMapProviderCache.get(
+                cdbUser,
+                req.params.template_id,
+                req.query.config,
+                req.query.auth_token,
+                req.params,
+                this
+            );
+        },
+        function prepareImageOptions(err, _namedMapProvider) {
+            assert.ifError(err);
+            namedMapProvider = _namedMapProvider;
+            self.getStaticImageOptions(cdbUser, namedMapProvider, this);
+        },
+        function getImage(err, imageOpts) {
+            assert.ifError(err);
+
+            var width = +req.params.width;
+            var height = +req.params.height;
+
+            if (!_.isUndefined(imageOpts.zoom) && imageOpts.center) {
+                self.previewBackend.getImage(
+                    namedMapProvider, format, width, height, imageOpts.zoom, imageOpts.center, this);
+            } else {
+                self.previewBackend.getImage(
+                    namedMapProvider, format, width, height, imageOpts.bounds, this);
+            }
+        },
+        function incrementMapViews(err, image, headers, stats) {
+            assert.ifError(err);
+
+            var next = this;
+            namedMapProvider.getMapConfig(function(mapConfigErr, mapConfig) {
+                self.metadataBackend.incMapviewCount(cdbUser, mapConfig.obj().stat_tag, function(sErr) {
+                    if (err) {
+                        global.logger.log("ERROR: failed to increment mapview count for user '%s': %s", cdbUser, sErr);
+                    }
+                    next(err, image, headers, stats);
+                });
+            });
+        },
+        function handleImage(err, image, headers, stats) {
+            if (req.profiler) {
+                req.profiler.done('render-' + format);
+                req.profiler.add(stats || {});
+            }
+
+            if (err) {
+                self.sendError(req, res, err, 'STATIC_VIZ_MAP');
+            } else {
+                self.sendResponse(req, res, image, headers, namedMapProvider);
+            }
+        }
+    );
+};
+
+var DEFAULT_ZOOM_CENTER = {
+    zoom: 1,
+    center: {
+        lng: 0,
+        lat: 0
+    }
+};
+
+NamedMapsController.prototype.getStaticImageOptions = function(cdbUser, namedMapProvider, callback) {
+    var self = this;
+
+    step(
+        function getTemplate() {
+            namedMapProvider.getTemplate(this);
+        },
+        function handleTemplateView(err, template) {
+            assert.ifError(err);
+
+            if (template.view) {
+                var zoomCenter = templateZoomCenter(template.view);
+                if (zoomCenter) {
+                    return zoomCenter;
+                }
+
+                var bounds = templateBounds(template.view);
+                if (bounds) {
+                    return bounds;
+                }
+            }
+
+            return false;
+        },
+        function estimateBoundsIfNoImageOpts(err, imageOpts) {
+            if (imageOpts) {
+                return imageOpts;
+            }
+
+            var next = this;
+            namedMapProvider.getAffectedTablesAndLastUpdatedTime(function(err, affectedTablesAndLastUpdate) {
+                if (err) {
+                    return next(null);
+                }
+
+                var affectedTables = affectedTablesAndLastUpdate.affectedTables || [];
+
+                if (affectedTables.length === 0) {
+                    return next(null);
+                }
+
+                self.tablesExtentApi.getBounds(cdbUser, affectedTables, function(err, result) {
+                    return next(null, result);
+                });
+            });
+
+        },
+        function returnCallback(err, imageOpts) {
+            return callback(err, imageOpts || DEFAULT_ZOOM_CENTER);
+        }
+    );
+};
+
+function templateZoomCenter(view) {
+    if (!_.isUndefined(view.zoom) && view.center) {
+        return {
+            zoom: view.zoom,
+            center: view.center
+        };
+    }
+    return false;
+}
+
+function templateBounds(view) {
+    if (view.bounds) {
+        var hasAllBounds = _.every(['west', 'south', 'east', 'north'], function(prop) {
+            return Number.isFinite(view.bounds[prop]);
+        });
+        if (hasAllBounds) {
+            return {
+                bounds: {
+                    west: view.bounds.west,
+                    south: view.bounds.south,
+                    east: view.bounds.east,
+                    north: view.bounds.north
+                }
+            };
+        } else {
+            return false;
+        }
+    }
+    return false;
+}
--- a/lib/cartodb/controllers/named_maps_admin.js
+++ b/lib/cartodb/controllers/named_maps_admin.js
@@ -0,0 +1,202 @@
+var step = require('step');
+var assert = require('assert');
+var templateName = require('../backends/template_maps').templateName;
+
+var util = require('util');
+var BaseController = require('./base');
+
+var cors = require('../middleware/cors');
+var userMiddleware = require('../middleware/user');
+
+
+/**
+ * @param {AuthApi} authApi
+ * @param {PgConnection} pgConnection
+ * @param {TemplateMaps} templateMaps
+ * @constructor
+ */
+function NamedMapsAdminController(authApi, pgConnection, templateMaps) {
+    BaseController.call(this, authApi, pgConnection);
+
+    this.authApi = authApi;
+    this.templateMaps = templateMaps;
+}
+
+util.inherits(NamedMapsAdminController, BaseController);
+
+module.exports = NamedMapsAdminController;
+
+NamedMapsAdminController.prototype.register = function(app) {
+    app.post(app.base_url_templated, cors(), userMiddleware, this.create.bind(this));
+    app.put(app.base_url_templated + '/:template_id', cors(), userMiddleware, this.update.bind(this));
+    app.get(app.base_url_templated + '/:template_id', cors(), userMiddleware, this.retrieve.bind(this));
+    app.delete(app.base_url_templated + '/:template_id', cors(), userMiddleware, this.destroy.bind(this));
+    app.get(app.base_url_templated, cors(), userMiddleware, this.list.bind(this));
+    app.options(app.base_url_templated + '/:template_id', cors('Content-Type'));
+};
+
+NamedMapsAdminController.prototype.create = function(req, res) {
+    var self = this;
+
+    var cdbuser = req.context.user;
+
+    step(
+        function checkPerms(){
+            self.authApi.authorizedByAPIKey(cdbuser, req, this);
+        },
+        function addTemplate(err, authenticated) {
+            assert.ifError(err);
+            ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');
+            ifInvalidContentType(req, 'template POST data must be of type application/json');
+            var cfg = req.body;
+            self.templateMaps.addTemplate(cdbuser, cfg, this);
+        },
+        function prepareResponse(err, tpl_id){
+            assert.ifError(err);
+            return { template_id: tpl_id };
+        },
+        finishFn(self, req, res, 'POST TEMPLATE')
+    );
+};
+
+NamedMapsAdminController.prototype.update = function(req, res) {
+    var self = this;
+
+    var cdbuser = req.context.user;
+    var template;
+    var tpl_id;
+    step(
+        function checkPerms(){
+            self.authApi.authorizedByAPIKey(cdbuser, req, this);
+        },
+        function updateTemplate(err, authenticated) {
+            assert.ifError(err);
+            ifUnauthenticated(authenticated, 'Only authenticated user can update templated maps');
+            ifInvalidContentType(req, 'template PUT data must be of type application/json');
+
+            template = req.body;
+            tpl_id = templateName(req.params.template_id);
+            self.templateMaps.updTemplate(cdbuser, tpl_id, template, this);
+        },
+        function prepareResponse(err){
+            assert.ifError(err);
+
+            return { template_id: tpl_id };
+        },
+        finishFn(self, req, res, 'PUT TEMPLATE')
+    );
+};
+
+NamedMapsAdminController.prototype.retrieve = function(req, res) {
+    var self = this;
+
+    if (req.profiler) {
+        req.profiler.start('windshaft-cartodb.get_template');
+    }
+
+    var cdbuser = req.context.user;
+    var tpl_id;
+    step(
+        function checkPerms(){
+            self.authApi.authorizedByAPIKey(cdbuser, req, this);
+        },
+        function getTemplate(err, authenticated) {
+            assert.ifError(err);
+            ifUnauthenticated(authenticated, 'Only authenticated users can get template maps');
+
+            tpl_id = templateName(req.params.template_id);
+            self.templateMaps.getTemplate(cdbuser, tpl_id, this);
+        },
+        function prepareResponse(err, tpl_val) {
+            assert.ifError(err);
+            if ( ! tpl_val ) {
+                err = new Error("Cannot find template '" + tpl_id + "' of user '" + cdbuser + "'");
+                err.http_status = 404;
+                throw err;
+            }
+            // auth_id was added by ourselves,
+            // so we remove it before returning to the user
+            delete tpl_val.auth_id;
+            return { template: tpl_val };
+        },
+        finishFn(self, req, res, 'GET TEMPLATE')
+    );
+};
+
+NamedMapsAdminController.prototype.destroy = function(req, res) {
+    var self = this;
+
+    if (req.profiler) {
+        req.profiler.start('windshaft-cartodb.delete_template');
+    }
+
+    var cdbuser = req.context.user;
+    var tpl_id;
+    step(
+        function checkPerms(){
+            self.authApi.authorizedByAPIKey(cdbuser, req, this);
+        },
+        function deleteTemplate(err, authenticated) {
+            assert.ifError(err);
+            ifUnauthenticated(authenticated, 'Only authenticated users can delete template maps');
+
+            tpl_id = templateName(req.params.template_id);
+            self.templateMaps.delTemplate(cdbuser, tpl_id, this);
+        },
+        function prepareResponse(err/*, tpl_val*/){
+            assert.ifError(err);
+            return '';
+        },
+        finishFn(self, req, res, 'DELETE TEMPLATE', 204)
+    );
+};
+
+NamedMapsAdminController.prototype.list = function(req, res) {
+    var self = this;
+    if ( req.profiler ) {
+        req.profiler.start('windshaft-cartodb.get_template_list');
+    }
+
+    var cdbuser = req.context.user;
+
+    step(
+        function checkPerms(){
+            self.authApi.authorizedByAPIKey(cdbuser, req, this);
+        },
+        function listTemplates(err, authenticated) {
+            assert.ifError(err);
+            ifUnauthenticated(authenticated, 'Only authenticated user can list templated maps');
+
+            self.templateMaps.listTemplates(cdbuser, this);
+        },
+        function prepareResponse(err, tpl_ids){
+            assert.ifError(err);
+            return { template_ids: tpl_ids };
+        },
+        finishFn(self, req, res, 'GET TEMPLATE LIST')
+    );
+};
+
+function finishFn(controller, req, res, description, status) {
+    return function finish(err, response){
+        if (err) {
+            controller.sendError(req, res, err, description);
+        } else {
+            controller.send(req, res, response, status || 200);
+        }
+    };
+}
+
+function ifUnauthenticated(authenticated, description) {
+    if (!authenticated) {
+        var err = new Error(description);
+        err.http_status = 403;
+        throw err;
+    }
+}
+
+function ifInvalidContentType(req, description) {
+    if (!req.is('application/json')) {
+        throw new Error(description);
+    }
+}
--- a/lib/cartodb/controllers/server_info.js
+++ b/lib/cartodb/controllers/server_info.js
@@ -0,0 +1,56 @@
+var windshaft = require('windshaft');
+var HealthCheck = require('../monitoring/health_check');
+
+var WELCOME_MSG = "This is the CartoDB Maps API, " +
+    "see the documentation at http://docs.cartodb.com/cartodb-platform/maps-api.html";
+
+
+var versions = {
+    windshaft: windshaft.version,
+    grainstore: windshaft.grainstore.version(),
+    node_mapnik: windshaft.mapnik.version,
+    mapnik: windshaft.mapnik.versions.mapnik,
+    windshaft_cartodb: require('../../../package.json').version
+};
+
+function ServerInfoController() {
+    this.healthConfig = global.environment.health || {};
+    this.healthCheck = new HealthCheck(global.environment.disabled_file);
+}
+
+module.exports = ServerInfoController;
+
+ServerInfoController.prototype.register = function(app) {
+    app.get('/health', this.health.bind(this));
+    app.get('/', this.welcome.bind(this));
+    app.get('/version', this.version.bind(this));
+};
+
+ServerInfoController.prototype.welcome = function(req, res) {
+    res.status(200).send(WELCOME_MSG);
+};
+
+ServerInfoController.prototype.version = function(req, res) {
+    res.status(200).send(versions);
+};
+
+ServerInfoController.prototype.health = function(req, res) {
+    if (!!this.healthConfig.enabled) {
+        var startTime = Date.now();
+        this.healthCheck.check(function(err) {
+            var ok = !err;
+            var response = {
+                enabled: true,
+                ok: ok,
+                elapsed: Date.now() - startTime
+            };
+            if (err) {
+                response.err = err.message;
+            }
+            res.status(ok ? 200 : 503).send(response);
+
+        });
+    } else {
+        res.status(200).send({enabled: false, ok: true});
+    }
+};
--- a/lib/cartodb/log4js_rollbar.js
+++ b/lib/cartodb/log4js_rollbar.js
@@ -1,49 +0,0 @@
-var rollbar = require("rollbar");
-
-/**
- * Rollbar Appender. Sends logging events to Rollbar using node-rollbar 
- *
- * @param config object with rollbar configuration data
- * {
- *   token: 'your-secret-token',
- *   options: node-rollbar options
- * }
- */
-function rollbarAppender(config) {
-
-  var opt = config.options;
-	rollbar.init(opt.token, opt.options);
-	
-	return function(loggingEvent) {
-/*
-For logger.trace('one','two','three'):
-{ startTime: Wed Mar 12 2014 16:27:40 GMT+0100 (CET),
-  categoryName: '[default]',
-  data: [ 'one', 'two', 'three' ],
-  level: { level: 5000, levelStr: 'TRACE' },
-  logger: { category: '[default]', _events: { log: [Object] } } }
-*/
-
-    // Levels:
-    // TRACE  5000
-    // DEBUG 10000
-    // INFO  20000
-    // WARN  30000
-    // ERROR 40000
-    // FATAL 50000
-    //
-    // We only log error and higher errors
-    //
-    if ( loggingEvent.level.level < 40000 ) return;
-
-    rollbar.reportMessage(loggingEvent.data);
-	};
-}
-
-function configure(config) {
-	return rollbarAppender(config);
-}
-
-exports.name      = "rollbar";
-exports.appender  = rollbarAppender;
-exports.configure = configure;
--- a/lib/cartodb/middleware/cors.js
+++ b/lib/cartodb/middleware/cors.js
@@ -0,0 +1,11 @@
+module.exports = function cors(extraHeaders) {
+    return function(req, res, next) {
+        var baseHeaders = "X-Requested-With, X-Prototype-Version, X-CSRF-Token";
+        if(extraHeaders) {
+            baseHeaders += ", " + extraHeaders;
+        }
+        res.set("Access-Control-Allow-Origin", "*");
+        res.set("Access-Control-Allow-Headers", baseHeaders);
+        next();
+    };
+};
--- a/lib/cartodb/middleware/user.js
+++ b/lib/cartodb/middleware/user.js
@@ -0,0 +1,7 @@
+var CdbRequest = require('../models/cdb_request');
+var cdbRequest = new CdbRequest();
+
+module.exports = function userMiddleware(req, res, next) {
+    req.context.user = cdbRequest.userByReq(req);
+    next();
+};
--- a/lib/cartodb/models/cdb_request.js
+++ b/lib/cartodb/models/cdb_request.js
@@ -0,0 +1,25 @@
+function CdbRequest() {
+    this.RE_USER_FROM_HOST = new RegExp(global.environment.user_from_host ||
+            '^([^\\.]+)\\.' // would extract "strk" from "strk.cartodb.com"
+    );
+}
+
+module.exports = CdbRequest;
+
+
+CdbRequest.prototype.userByReq = function(req) {
+    var host = req.headers.host || '';
+    if (req.params.user) {
+        return req.params.user;
+    }
+    var mat = host.match(this.RE_USER_FROM_HOST);
+    if ( ! mat ) {
+        global.logger.error("Pattern '%s' does not match hostname '%s'", this.RE_USER_FROM_HOST, host);
+        return;
+    }
+    if ( mat.length !== 2 ) {
+        global.logger.error("Pattern '%s' gave unexpected matches against '%s': %s", this.RE_USER_FROM_HOST, host, mat);
+        return;
+    }
+    return mat[1];
+};
--- a/lib/cartodb/models/layergroup_token.js
+++ b/lib/cartodb/models/layergroup_token.js
@@ -0,0 +1,29 @@
+/**
+ * @param {String} token might match the following pattern: {user}@{tpl_id}@{token}:{cache_buster}
+ */
+function parse(token) {
+    var signer, cacheBuster;
+
+    var tokenSplit = token.split(':');
+
+    token = tokenSplit[0];
+    if (tokenSplit.length > 1) {
+        cacheBuster = tokenSplit[1];
+    }
+
+    tokenSplit = token.split('@');
+    if ( tokenSplit.length > 1 ) {
+        signer = tokenSplit.shift();
+        if ( tokenSplit.length > 1 ) {
+            /*var template_hash = */tokenSplit.shift(); // unused
+        }
+        token = tokenSplit.shift();
+    }
+
+    return {
+        token: token,
+        signer: signer,
+        cacheBuster: cacheBuster
+    };
+}
+module.exports.parse = parse;
--- a/lib/cartodb/models/mapconfig/create_layergroup_provider.js
+++ b/lib/cartodb/models/mapconfig/create_layergroup_provider.js
@@ -0,0 +1,48 @@
+var assert = require('assert');
+var step = require('step');
+
+var MapStoreMapConfigProvider = require('./map_store_provider');
+
+/**
+ * @param {MapConfig} mapConfig
+ * @param {String} user
+ * @param {UserLimitsApi} userLimitsApi
+ * @param {Object} params
+ * @constructor
+ * @type {CreateLayergroupMapConfigProvider}
+ */
+function CreateLayergroupMapConfigProvider(mapConfig, user, userLimitsApi, params) {
+    this.mapConfig = mapConfig;
+    this.user = user;
+    this.userLimitsApi = userLimitsApi;
+    this.params = params;
+    this.cacheBuster = params.cache_buster || 0;
+}
+
+module.exports = CreateLayergroupMapConfigProvider;
+
+CreateLayergroupMapConfigProvider.prototype.getMapConfig = function(callback) {
+    var self = this;
+    var context = {};
+    step(
+        function prepareContextLimits() {
+            self.userLimitsApi.getRenderLimits(self.user, this);
+        },
+        function handleRenderLimits(err, renderLimits) {
+            assert.ifError(err);
+            context.limits = renderLimits;
+            return null;
+        },
+        function finish(err) {
+            return callback(err, self.mapConfig, self.params, context);
+        }
+    );
+};
+
+CreateLayergroupMapConfigProvider.prototype.getKey = MapStoreMapConfigProvider.prototype.getKey;
+
+CreateLayergroupMapConfigProvider.prototype.getCacheBuster = MapStoreMapConfigProvider.prototype.getCacheBuster;
+
+CreateLayergroupMapConfigProvider.prototype.filter = MapStoreMapConfigProvider.prototype.filter;
+
+CreateLayergroupMapConfigProvider.prototype.createKey = MapStoreMapConfigProvider.prototype.createKey;
--- a/lib/cartodb/models/mapconfig/map_store_provider.js
+++ b/lib/cartodb/models/mapconfig/map_store_provider.js
@@ -0,0 +1,77 @@
+var _ = require('underscore');
+var assert = require('assert');
+var dot = require('dot');
+var step = require('step');
+
+/**
+ * @param {MapStore} mapStore
+ * @param {String} user
+ * @param {UserLimitsApi} userLimitsApi
+ * @param {Object} params
+ * @constructor
+ * @type {MapStoreMapConfigProvider}
+ */
+function MapStoreMapConfigProvider(mapStore, user, userLimitsApi, params) {
+    this.mapStore = mapStore;
+    this.user = user;
+    this.userLimitsApi = userLimitsApi;
+    this.params = params;
+    this.token = params.token;
+    this.cacheBuster = params.cache_buster || 0;
+}
+
+module.exports = MapStoreMapConfigProvider;
+
+MapStoreMapConfigProvider.prototype.getMapConfig = function(callback) {
+    var self = this;
+    var context = {};
+    step(
+        function prepareContextLimits() {
+            self.userLimitsApi.getRenderLimits(self.user, this);
+        },
+        function handleRenderLimits(err, renderLimits) {
+            assert.ifError(err);
+            context.limits = renderLimits;
+            return null;
+        },
+        function loadMapConfig(err) {
+            assert.ifError(err);
+            self.mapStore.load(self.token, this);
+        },
+        function finish(err, mapConfig) {
+            return callback(err, mapConfig, self.params, context);
+        }
+    );
+};
+
+MapStoreMapConfigProvider.prototype.getKey = function() {
+    return this.createKey(false);
+};
+
+MapStoreMapConfigProvider.prototype.getCacheBuster = function() {
+    return this.cacheBuster;
+};
+
+MapStoreMapConfigProvider.prototype.filter = function(key) {
+    var regex = new RegExp('^' + this.createKey(true) + '.*');
+    return key && key.match(regex);
+};
+
+// Configure bases for cache keys suitable for string interpolation
+var baseKey   = '{{=it.dbname}}:{{=it.token}}';
+var rendererKey = baseKey + ':{{=it.dbuser}}:{{=it.format}}:{{=it.layer}}:{{=it.scale_factor}}';
+
+var baseKeyTpl = dot.template(baseKey);
+var rendererKeyTpl = dot.template(rendererKey);
+
+MapStoreMapConfigProvider.prototype.createKey = function(base) {
+    var tplValues = _.defaults({}, this.params, {
+        dbname: '',
+        token: '',
+        dbuser: '',
+        format: '',
+        layer: '',
+        scale_factor: 1
+    });
+    return (base) ? baseKeyTpl(tplValues) : rendererKeyTpl(tplValues);
+};
--- a/lib/cartodb/models/mapconfig/named_map_provider.js
+++ b/lib/cartodb/models/mapconfig/named_map_provider.js
@@ -0,0 +1,266 @@
+var _ = require('underscore');
+var assert = require('assert');
+var crypto = require('crypto');
+var dot = require('dot');
+var step = require('step');
+var MapConfig = require('windshaft').model.MapConfig;
+var templateName = require('../../backends/template_maps').templateName;
+
+/**
+ * @constructor
+ * @type {NamedMapMapConfigProvider}
+ */
+function NamedMapMapConfigProvider(templateMaps, pgConnection, userLimitsApi, queryTablesApi, namedLayersAdapter,
+                                   owner, templateId, config, authToken, params) {
+    this.templateMaps = templateMaps;
+    this.pgConnection = pgConnection;
+    this.userLimitsApi = userLimitsApi;
+    this.queryTablesApi = queryTablesApi;
+    this.namedLayersAdapter = namedLayersAdapter;
+
+    this.owner = owner;
+    this.templateName = templateName(templateId);
+    this.config = config;
+    this.authToken = authToken;
+    this.params = params;
+
+    this.cacheBuster = Date.now();
+
+    // use template after call to mapConfig
+    this.template = null;
+
+    this.affectedTablesAndLastUpdate = null;
+
+    // providing
+    this.err = null;
+    this.mapConfig = null;
+    this.rendererParams = null;
+    this.context = {};
+}
+
+module.exports = NamedMapMapConfigProvider;
+
+NamedMapMapConfigProvider.prototype.getMapConfig = function(callback) {
+    if (!!this.err || this.mapConfig !== null) {
+        return callback(this.err, this.mapConfig, this.rendererParams, this.context);
+    }
+
+    var self = this;
+
+    var mapConfig = null;
+    var datasource = null;
+    var rendererParams;
+
+    step(
+        function getTemplate() {
+            self.getTemplate(this);
+        },
+        function prepareParams(err, tpl) {
+            assert.ifError(err);
+
+            self.template = tpl;
+
+            var templateParams = {};
+            if (self.config) {
+                try {
+                    templateParams = _.isString(self.config) ? JSON.parse(self.config) : self.config;
+                } catch (e) {
+                    throw new Error('malformed config parameter, should be a valid JSON');
+                }
+            }
+
+            return templateParams;
+        },
+        function instantiateTemplate(err, templateParams) {
+            assert.ifError(err);
+            return self.templateMaps.instance(self.template, templateParams);
+        },
+        function prepareLayergroup(err, _mapConfig) {
+            assert.ifError(err);
+            var next = this;
+            self.namedLayersAdapter.getLayers(self.owner, _mapConfig.layers, self.pgConnection,
+                function(err, layers, datasource) {
+                    if (err) {
+                        return next(err);
+                    }
+
+                    if (layers) {
+                        _mapConfig.layers = layers;
+                    }
+                    return next(null, _mapConfig, datasource);
+                }
+            );
+        },
+        function beforeLayergroupCreate(err, _mapConfig, _datasource) {
+            assert.ifError(err);
+            mapConfig = _mapConfig;
+            datasource = _datasource;
+            rendererParams = _.extend({}, self.params, {
+                user: self.owner
+            });
+            self.setDBParams(self.owner, rendererParams, this);
+        },
+        function prepareContextLimits(err) {
+            assert.ifError(err);
+            self.userLimitsApi.getRenderLimits(self.owner, this);
+        },
+        function cacheAndReturnMapConfig(err, renderLimits) {
+            self.err = err;
+            self.mapConfig = (mapConfig === null) ? null : new MapConfig(mapConfig, datasource);
+            self.rendererParams = rendererParams;
+            self.context.limits = renderLimits || {};
+            return callback(self.err, self.mapConfig, self.rendererParams, self.context);
+        }
+    );
+};
+
+NamedMapMapConfigProvider.prototype.getTemplate = function(callback) {
+    var self = this;
+
+    if (!!this.err || this.template !== null) {
+        return callback(this.err, this.template);
+    }
+
+    step(
+        function getTemplate() {
+            self.templateMaps.getTemplate(self.owner, self.templateName, this);
+        },
+        function checkExists(err, tpl) {
+            assert.ifError(err);
+            if (!tpl) {
+                var notFoundErr = new Error(
+                        "Template '" + self.templateName + "' of user '" + self.owner + "' not found"
+                );
+                notFoundErr.http_status = 404;
+                throw notFoundErr;
+            }
+            return tpl;
+        },
+        function checkAuthorized(err, tpl) {
+            assert.ifError(err);
+
+            var authorized = false;
+            try {
+                authorized = self.templateMaps.isAuthorized(tpl, self.authToken);
+            } catch (err) {
+                // we catch to add http_status
+                var authorizationFailedErr = new Error('Failed to authorize template');
+                authorizationFailedErr.http_status = 403;
+                throw authorizationFailedErr;
+            }
+            if ( ! authorized ) {
+                var unauthorizedErr = new Error('Unauthorized template instantiation');
+                unauthorizedErr.http_status = 403;
+                throw unauthorizedErr;
+            }
+
+            return tpl;
+        },
+        function cacheAndReturnTemplate(err, template) {
+            self.err = err;
+            self.template = template;
+            return callback(self.err, self.template);
+        }
+    );
+};
+
+NamedMapMapConfigProvider.prototype.getKey = function() {
+    return this.createKey(false);
+};
+
+NamedMapMapConfigProvider.prototype.getCacheBuster = function() {
+    return this.cacheBuster;
+};
+
+NamedMapMapConfigProvider.prototype.reset = function() {
+    this.template = null;
+
+    this.affectedTablesAndLastUpdate = null;
+
+    this.err = null;
+    this.mapConfig = null;
+
+    this.cacheBuster = Date.now();
+};
+
+NamedMapMapConfigProvider.prototype.filter = function(key) {
+    var regex = new RegExp('^' + this.createKey(true) + '.*');
+    return key && key.match(regex);
+};
+
+// Configure bases for cache keys suitable for string interpolation
+var baseKey = '{{=it.dbname}}:{{=it.owner}}:{{=it.templateName}}';
+var rendererKey = baseKey + ':{{=it.authToken}}:{{=it.configHash}}:{{=it.format}}:{{=it.layer}}:{{=it.scale_factor}}';
+
+var baseKeyTpl = dot.template(baseKey);
+var rendererKeyTpl = dot.template(rendererKey);
+
+NamedMapMapConfigProvider.prototype.createKey = function(base) {
+    var tplValues = _.defaults({}, this.params, {
+        dbname: '',
+        owner: this.owner,
+        templateName: this.templateName,
+        authToken: this.authToken || '',
+        configHash: configHash(this.config),
+        layer: '',
+        scale_factor: 1
+    });
+    return (base) ? baseKeyTpl(tplValues) : rendererKeyTpl(tplValues);
+};
+
+function configHash(config) {
+    if (!config) {
+        return '';
+    }
+    return crypto.createHash('md5').update(JSON.stringify(config)).digest('hex').substring(0,8);
+}
+
+module.exports.configHash = configHash;
+
+NamedMapMapConfigProvider.prototype.setDBParams = function(cdbuser, params, callback) {
+    var self = this;
+    step(
+        function setAuth() {
+            self.pgConnection.setDBAuth(cdbuser, params, this);
+        },
+        function setConn(err) {
+            assert.ifError(err);
+            self.pgConnection.setDBConn(cdbuser, params, this);
+        },
+        function finish(err) {
+            callback(err);
+        }
+    );
+};
+
+NamedMapMapConfigProvider.prototype.getTemplateName = function() {
+    return this.templateName;
+};
+
+NamedMapMapConfigProvider.prototype.getAffectedTablesAndLastUpdatedTime = function(callback) {
+    var self = this;
+
+    if (this.affectedTablesAndLastUpdate !== null) {
+        return callback(null, this.affectedTablesAndLastUpdate);
+    }
+
+    step(
+        function getMapConfig() {
+            self.getMapConfig(this);
+        },
+        function getSql(err, mapConfig) {
+            assert.ifError(err);
+            return mapConfig.getLayers().map(function(layer) {
+                return layer.options.sql;
+            }).join(';');
+        },
+        function getAffectedTables(err, sql) {
+            assert.ifError(err);
+            self.queryTablesApi.getAffectedTablesAndLastUpdatedTime(self.owner, sql, this);
+        },
+        function finish(err, result) {
+            self.affectedTablesAndLastUpdate = result;
+            return callback(err, result);
+        }
+    );
+};
--- a/lib/cartodb/models/mapconfig_named_layers_adapter.js
+++ b/lib/cartodb/models/mapconfig_named_layers_adapter.js
@@ -0,0 +1,124 @@
+var queue = require('queue-async');
+var _ = require('underscore');
+var Datasource = require('windshaft').model.Datasource;
+
+function MapConfigNamedLayersAdapter(templateMaps) {
+    this.templateMaps = templateMaps;
+}
+
+module.exports = MapConfigNamedLayersAdapter;
+
+MapConfigNamedLayersAdapter.prototype.getLayers = function(username, layers, dbMetadata, callback) {
+    var self = this;
+
+    if (!layers) {
+        return callback(null);
+    }
+
+    var adaptLayersQueue = queue(layers.length);
+
+    function adaptLayer(layer, done) {
+        if (isNamedTypeLayer(layer)) {
+
+            if (!layer.options.name) {
+                return done(new Error('Missing Named Map `name` in layer options'));
+            }
+
+            var templateName = layer.options.name;
+            var templateConfigParams = layer.options.config || {};
+            var templateAuthTokens = layer.options.auth_tokens;
+
+            self.templateMaps.getTemplate(username, templateName, function(err,  template) {
+                if (err || !template) {
+                    return done(new Error("Template '" + templateName + "' of user '" + username + "' not found"));
+                }
+
+                if (self.templateMaps.isAuthorized(template, templateAuthTokens)) {
+                    var nestedNamedLayers = template.layergroup.layers.filter(function(layer) {
+                        return layer.type === 'named';
+                    });
+
+                    if (nestedNamedLayers.length > 0) {
+                        var nestedNamedMapsError = new Error('Nested named layers are not allowed');
+                        // nestedNamedMapsError.http_status = 400;
+                        return done(nestedNamedMapsError);
+                    }
+
+                    try {
+                        var templateLayergroupConfig = self.templateMaps.instance(template, templateConfigParams);
+                        return done(null, {
+                            datasource: true,
+                            layers: templateLayergroupConfig.layers
+                        });
+                    } catch (err) {
+                        return done(err);
+                    }
+                } else {
+                    var unauthorizedError = new Error("Unauthorized '" + templateName + "' template instantiation");
+                    unauthorizedError.http_status = 403;
+                    return done(unauthorizedError);
+                }
+            });
+
+        } else {
+            return done(null, {
+                datasource: false,
+                layers: [layer]
+            });
+        }
+    }
+
+    var datasourceBuilder = new Datasource.Builder();
+
+    function layersAdaptQueueFinish(err, layersResults) {
+        if (err) {
+            return callback(err);
+        }
+
+        if (!layersResults || layersResults.length === 0) {
+            return callback(new Error('Missing layers array from layergroup config'));
+        }
+
+        var layers = [],
+            currentLayerIndex = 0;
+
+        layersResults.forEach(function(layersResult) {
+
+            layersResult.layers.forEach(function(layer) {
+                layers.push(layer);
+                if (layersResult.datasource) {
+                    datasourceBuilder.withLayerDatasource(currentLayerIndex, {
+                        user: dbAuth.dbuser
+                    });
+                }
+                currentLayerIndex++;
+            });
+
+        });
+
+        return callback(null, layers, datasourceBuilder.build());
+    }
+
+
+    var dbAuth = {};
+
+    if (_.some(layers, isNamedTypeLayer)) {
+        // Lazy load dbAuth
+        dbMetadata.setDBAuth(username, dbAuth, function(err) {
+            if (err) {
+                return callback(err);
+            }
+            layers.forEach(function(layer) {
+                adaptLayersQueue.defer(adaptLayer, layer);
+            });
+            adaptLayersQueue.awaitAll(layersAdaptQueueFinish);
+        });
+    } else {
+        return callback(null, layers, datasourceBuilder.build());
+    }
+
+};
+
+function isNamedTypeLayer(layer) {
+    return layer.type === 'named';
+}
--- a/lib/cartodb/monitoring/health_check.js
+++ b/lib/cartodb/monitoring/health_check.js
@@ -0,0 +1,19 @@
+var fs = require('fs');
+
+function HealthCheck(disableFile) {
+    this.disableFile = disableFile;
+}
+
+module.exports = HealthCheck;
+
+
+HealthCheck.prototype.check = function(callback) {
+    fs.readFile(this.disableFile, function handleDisabledFile(err, data) {
+        var disabledError = null;
+        if (!err) {
+            disabledError = new Error(data || 'Unknown error');
+            disabledError.http_status = 503;
+        }
+        return callback(disabledError);
+    });
+};
--- a/lib/cartodb/server.js
+++ b/lib/cartodb/server.js
@@ -0,0 +1,311 @@
+var express = require('express');
+var bodyParser = require('body-parser');
+var RedisPool = require('redis-mpool');
+var cartodbRedis = require('cartodb-redis');
+var _ = require('underscore');
+
+var controller = require('./controllers');
+
+var SurrogateKeysCache = require('./cache/surrogate_keys_cache');
+var NamedMapsCacheEntry = require('./cache/model/named_maps_entry');
+var VarnishHttpCacheBackend = require('./cache/backend/varnish_http');
+var FastlyCacheBackend = require('./cache/backend/fastly');
+
+var StatsClient = require('./stats/client');
+var Profiler = require('./stats/profiler_proxy');
+var RendererStatsReporter = require('./stats/reporter/renderer');
+
+var windshaft = require('windshaft');
+var mapnik = windshaft.mapnik;
+
+var TemplateMaps = require('./backends/template_maps.js');
+var QueryTablesApi = require('./api/query_tables_api');
+var UserLimitsApi = require('./api/user_limits_api');
+var AuthApi = require('./api/auth_api');
+var LayergroupAffectedTablesCache = require('./cache/layergroup_affected_tables');
+var NamedMapProviderCache = require('./cache/named_map_provider_cache');
+var PgQueryRunner = require('./backends/pg_query_runner');
+var PgConnection = require('./backends/pg_connection');
+
+var timeoutErrorTilePath = __dirname + '/../../assets/render-timeout-fallback.png';
+var timeoutErrorTile = require('fs').readFileSync(timeoutErrorTilePath, {encoding: null});
+
+
+module.exports = function(serverOptions) {
+    // Make stats client globally accessible
+    global.statsClient = StatsClient.getInstance(serverOptions.statsd);
+
+    var redisPool = new RedisPool(_.defaults(global.environment.redis, {
+        name: 'windshaft:server',
+        unwatchOnRelease: false,
+        noReadyCheck: true
+    }));
+
+    redisPool.on('status', function(status) {
+        var keyPrefix = 'windshaft.redis-pool.' + status.name + '.db' + status.db + '.';
+        global.statsClient.gauge(keyPrefix + 'count', status.count);
+        global.statsClient.gauge(keyPrefix + 'unused', status.unused);
+        global.statsClient.gauge(keyPrefix + 'waiting', status.waiting);
+    });
+
+    var metadataBackend = cartodbRedis({pool: redisPool});
+    var pgConnection = new PgConnection(metadataBackend);
+    var pgQueryRunner = new PgQueryRunner(pgConnection);
+    var queryTablesApi = new QueryTablesApi(pgQueryRunner);
+    var userLimitsApi = new UserLimitsApi(metadataBackend, {
+        limits: {
+            cacheOnTimeout: serverOptions.renderer.mapnik.limits.cacheOnTimeout || false,
+            render: serverOptions.renderer.mapnik.limits.render || 0
+        }
+    });
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var surrogateKeysCache = new SurrogateKeysCache(surrogateKeysCacheBackends(serverOptions));
+
+    function invalidateNamedMap (owner, templateName) {
+        var startTime = Date.now();
+        surrogateKeysCache.invalidate(new NamedMapsCacheEntry(owner, templateName), function(err) {
+            var logMessage = JSON.stringify({
+                username: owner,
+                type: 'named_map_invalidation',
+                elapsed: Date.now() - startTime,
+                error: !!err ? JSON.stringify(err.message) : undefined
+            });
+            if (err) {
+                global.logger.warn(logMessage);
+            } else {
+                global.logger.info(logMessage);
+            }
+        });
+    }
+    ['update', 'delete'].forEach(function(eventType) {
+        templateMaps.on(eventType, invalidateNamedMap);
+    });
+
+    serverOptions.grainstore.mapnik_version = mapnikVersion(serverOptions);
+
+    validateOptions(serverOptions);
+
+    bootstrapFonts(serverOptions);
+
+    // initialize express server
+    var app = bootstrap(serverOptions);
+    // Extend windshaft with all the elements of the options object
+    _.extend(app, serverOptions);
+
+    var mapStore  = new windshaft.storage.MapStore({
+        pool: redisPool,
+        expire_time: serverOptions.grainstore.default_layergroup_ttl
+    });
+
+    var onTileErrorStrategy;
+    if (global.environment.enabledFeatures.onTileErrorStrategy !== false) {
+        onTileErrorStrategy = function onTileErrorStrategy$TimeoutTile(err, tile, headers, stats, format, callback) {
+            if (err && err.message === 'Render timed out' && format === 'png') {
+                return callback(null, timeoutErrorTile, { 'Content-Type': 'image/png' }, {});
+            } else {
+                return callback(err, tile, headers, stats);
+            }
+        };
+    }
+
+    var rendererFactory = new windshaft.renderer.Factory({
+        onTileErrorStrategy: onTileErrorStrategy,
+        mapnik: {
+            redisPool: redisPool,
+            grainstore: serverOptions.grainstore,
+            mapnik: serverOptions.renderer.mapnik
+        },
+        http: serverOptions.renderer.http
+    });
+
+    // initialize render cache
+    var rendererCacheOpts = _.defaults(serverOptions.renderCache || {}, {
+        ttl: 60000, // 60 seconds TTL by default
+        statsInterval: 60000 // reports stats every milliseconds defined here
+    });
+    var rendererCache = new windshaft.cache.RendererCache(rendererFactory, rendererCacheOpts);
+    var rendererStatsReporter = new RendererStatsReporter(rendererCache, rendererCacheOpts.statsInterval);
+    rendererStatsReporter.start();
+
+    var attributesBackend = new windshaft.backend.Attributes(mapStore);
+    var previewBackend = new windshaft.backend.Preview(rendererCache);
+    var tileBackend = new windshaft.backend.Tile(rendererCache);
+    var mapValidatorBackend = new windshaft.backend.MapValidator(tileBackend, attributesBackend);
+    var mapBackend = new windshaft.backend.Map(rendererCache, mapStore, mapValidatorBackend);
+
+    var layergroupAffectedTablesCache = new LayergroupAffectedTablesCache();
+    app.layergroupAffectedTablesCache = layergroupAffectedTablesCache;
+
+    var namedMapProviderCache = new NamedMapProviderCache(templateMaps, pgConnection, userLimitsApi, queryTablesApi);
+    ['update', 'delete'].forEach(function(eventType) {
+        templateMaps.on(eventType, namedMapProviderCache.invalidate.bind(namedMapProviderCache));
+    });
+
+    var authApi = new AuthApi(pgConnection, metadataBackend, mapStore, templateMaps);
+
+    var TablesExtentApi = require('./api/tables_extent_api');
+    var tablesExtentApi = new TablesExtentApi(pgQueryRunner);
+
+    /*******************************************************************************************************************
+     * Routing
+     ******************************************************************************************************************/
+
+    new controller.Layergroup(
+        authApi,
+        pgConnection,
+        mapStore,
+        tileBackend,
+        previewBackend,
+        attributesBackend,
+        surrogateKeysCache,
+        userLimitsApi,
+        queryTablesApi,
+        layergroupAffectedTablesCache
+    ).register(app);
+
+    new controller.Map(
+        authApi,
+        pgConnection,
+        templateMaps,
+        mapBackend,
+        metadataBackend,
+        queryTablesApi,
+        surrogateKeysCache,
+        userLimitsApi,
+        layergroupAffectedTablesCache
+    ).register(app);
+
+    new controller.NamedMaps(
+        authApi,
+        pgConnection,
+        namedMapProviderCache,
+        tileBackend,
+        previewBackend,
+        surrogateKeysCache,
+        tablesExtentApi,
+        metadataBackend
+    ).register(app);
+
+    new controller.NamedMapsAdmin(authApi, pgConnection, templateMaps).register(app);
+
+    new controller.ServerInfo().register(app);
+
+    /*******************************************************************************************************************
+     * END Routing
+     ******************************************************************************************************************/
+
+    return app;
+};
+
+function validateOptions(opts) {
+    if (!_.isString(opts.base_url) || !_.isString(opts.base_url_mapconfig) || !_.isString(opts.base_url_templated)) {
+        throw new Error("Must initialise server with: 'base_url'/'base_url_mapconfig'/'base_url_templated' URLs");
+    }
+
+    // Be nice and warn if configured mapnik version is != instaled mapnik version
+    if (mapnik.versions.mapnik !== opts.grainstore.mapnik_version) {
+        console.warn('WARNING: detected mapnik version (' + mapnik.versions.mapnik + ')' +
+            ' != configured mapnik version (' + opts.grainstore.mapnik_version + ')');
+    }
+}
+
+function bootstrapFonts(opts) {
+    // Set carto renderer configuration for MMLStore
+    opts.grainstore.carto_env = opts.grainstore.carto_env || {};
+    var cenv = opts.grainstore.carto_env;
+    cenv.validation_data = cenv.validation_data || {};
+    if ( ! cenv.validation_data.fonts ) {
+        mapnik.register_system_fonts();
+        mapnik.register_default_fonts();
+        cenv.validation_data.fonts = _.keys(mapnik.fontFiles());
+    }
+}
+
+function bootstrap(opts) {
+    var app;
+    if (_.isObject(opts.https)) {
+        // use https if possible
+        app = express.createServer(opts.https);
+    } else {
+        // fall back to http by default
+        app = express();
+    }
+    app.enable('jsonp callback');
+    app.disable('x-powered-by');
+    app.disable('etag');
+    app.use(bodyParser.json());
+
+    app.use(function bootstrap$prepareRequestResponse(req, res, next) {
+        req.context = req.context || {};
+        req.profiler = new Profiler({
+            statsd_client: global.statsClient,
+            profile: opts.useProfiler
+        });
+
+        if (global.environment && global.environment.api_hostname) {
+            res.set('X-Served-By-Host', global.environment.api_hostname);
+        }
+
+        next();
+    });
+
+    // temporary measure until we upgrade to newer version expressjs so we can check err.status
+    app.use(function(err, req, res, next) {
+        if (err) {
+            if (err.name === 'SyntaxError') {
+                res.status(400).json({ errors: [err.name + ': ' + err.message] });
+            } else {
+                next(err);
+            }
+        } else {
+            next();
+        }
+    });
+
+    setupLogger(app, opts);
+
+    return app;
+}
+
+function setupLogger(app, opts) {
+    if (global.log4js && opts.log_format) {
+        var loggerOpts = {
+            // Allowing for unbuffered logging is mainly
+            // used to avoid hanging during unit testing.
+            // TODO: provide an explicit teardown function instead,
+            //       releasing any event handler or timer set by
+            //       this component.
+            buffer: !opts.unbuffered_logging,
+            // optional log format
+            format: opts.log_format
+        };
+        app.use(global.log4js.connectLogger(global.log4js.getLogger(), _.defaults(loggerOpts, {level: 'info'})));
+    }
+}
+
+function surrogateKeysCacheBackends(serverOptions) {
+    var cacheBackends = [];
+
+    if (serverOptions.varnish_purge_enabled) {
+        cacheBackends.push(
+            new VarnishHttpCacheBackend(serverOptions.varnish_host, serverOptions.varnish_http_port)
+        );
+    }
+
+    if (serverOptions.fastly &&
+        !!serverOptions.fastly.enabled && !!serverOptions.fastly.apiKey && !!serverOptions.fastly.serviceId) {
+        cacheBackends.push(
+            new FastlyCacheBackend(serverOptions.fastly.apiKey, serverOptions.fastly.serviceId)
+        );
+    }
+
+    return cacheBackends;
+}
+
+function mapnikVersion(opts) {
+    return opts.grainstore.mapnik_version || mapnik.versions.mapnik;
+}
--- a/lib/cartodb/server_options.js
+++ b/lib/cartodb/server_options.js
@@ -1,34 +1,34 @@
-var   _          = require('underscore')
-    , Step       = require('step')
-    , cartoData  = require('cartodb-redis')(global.environment.redis)
-    , Cache      = require('./cache_validator')
-    , QueryTablesApi   = require('./api/query_tables_api')
-    , crypto     = require('crypto')
-    , LZMA       = require('lzma').LZMA;
-  ;
+var os = require('os');
+var _ = require('underscore');

-// This is for backward compatibility with 1.3.3
-if ( _.isUndefined(global.environment.sqlapi.domain) ) {
-  // Only use "host" as "domain" if it contains alphanumeric characters
-  var host = global.environment.sqlapi.host;
-  if ( host && host.match(/[a-zA-Z]/) ) {
-    global.environment.sqlapi.domain = host;
-  }
+var rendererConfig = _.defaults(global.environment.renderer || {}, {
+    cache_ttl: 60000, // milliseconds
+    statsInterval: 60000,
+    mapnik: {
+        poolSize: 8,
+        metatile: 2,
+        bufferSize: 64,
+        snapToGrid: false,
+        clipByBox2d: false,
+        limits: {}
+    },
+    http: {}
+});
+
+// Perform keyword substitution in statsd
+// See https://github.com/CartoDB/Windshaft-cartodb/issues/153
+if ( global.environment.statsd ) {
+    if ( global.environment.statsd.prefix ) {
+        var host_token = os.hostname().split('.').reverse().join('.');
+        global.environment.statsd.prefix = global.environment.statsd.prefix.replace(/:host/, host_token);
+    }
 }

-module.exports = function(){
-
-    var lzmaWorker = new LZMA();
-
-    var queryTablesApi = new QueryTablesApi();
-
-    var rendererConfig = _.defaults(global.environment.renderer || {}, {
-      cache_ttl: 60000, // milliseconds
-      metatile: 4,
-      bufferSize: 64
-    });
-
-    var me = {
+module.exports = {
+    bind: {
+        port: global.environment.port,
+        host: global.environment.host
+    },
        // This is for inline maps and table maps
        base_url: global.environment.base_url_legacy || '/tiles/:table',

@@ -42,6 +42,8 @@ module.exports = function(){
        //
        base_url_mapconfig: global.environment.base_url_detached || '(?:/maps|/tiles/layergroup)',

+        base_url_templated: global.environment.base_url_templated || '(?:/maps/named|/tiles/template)',
+
        grainstore: {
          map: {
            // TODO: allow to specify in configuration
@@ -51,776 +53,28 @@ module.exports = function(){
          cachedir: global.environment.millstone.cache_basedir,
          mapnik_version: global.environment.mapnik_version,
          mapnik_tile_format: global.environment.mapnik_tile_format || 'png',
-          default_layergroup_ttl: global.environment.mapConfigTTL || 7200, 
-          gc_prob: 0.01 // @deprecated since Windshaft-1.8.0
-        },
-        mapnik: {
-          poolSize: rendererConfig.poolSize,
-          metatile: rendererConfig.metatile,
-          bufferSize: rendererConfig.bufferSize
+          default_layergroup_ttl: global.environment.mapConfigTTL || 7200
        },
        statsd: global.environment.statsd,
        renderCache: {
-          ttl: rendererConfig.cache_ttl
+            ttl: rendererConfig.cache_ttl,
+            statsInterval: rendererConfig.statsInterval
        },
-        redis: global.environment.redis,
+        renderer: {
+            mapnik: rendererConfig.mapnik,
+            torque: rendererConfig.torque,
+            http: rendererConfig.http
+        },
+        // Do not send unwatch on release. See http://github.com/CartoDB/Windshaft-cartodb/issues/161
+        redis: _.extend(global.environment.redis, {unwatchOnRelease: false}),
        enable_cors: global.environment.enable_cors,
        varnish_host: global.environment.varnish.host,
        varnish_port: global.environment.varnish.port,
+        varnish_http_port: global.environment.varnish.http_port,
        varnish_secret: global.environment.varnish.secret,
+        varnish_purge_enabled: global.environment.varnish.purge_enabled,
+        fastly: global.environment.fastly || {},
        cache_enabled: global.environment.cache_enabled,
        log_format: global.environment.log_format,
        useProfiler: global.environment.useProfiler
-    };
-    
-    // Do not send unwatch on release
-    // See http://github.com/CartoDB/Windshaft-cartodb/issues/161
-    me.redis.unwatchOnRelease = false;
-
-/* This whole block is about generating X-Cache-Channel { */
-
-    // TODO: review lifetime of elements of this cache
-    // NOTE: by-token indices should only be dropped when
-    //       the corresponding layegroup is dropped, because
-    //       we have no SQL after layer creation.
-    me.channelCache = {};
-
-    me.buildCacheChannel = function (dbName, tableNames){
-      return dbName + ':' + tableNames.join(',');
-    };
-
-    me.generateMD5 = function(data){
-        var hash = crypto.createHash('md5');
-        hash.update(data);
-        return hash.digest('hex');
-    };
-
-    me.generateCacheChannel = function(app, req, callback){
-
-      // Build channelCache key
-      var dbName = req.params.dbname;
-      var cacheKey = [ dbName ];
-      if ( req.params.token ) cacheKey.push(req.params.token);
-      else if ( req.params.sql ) cacheKey.push( me.generateMD5(req.params.sql) );
-      cacheKey = cacheKey.join(':');
-
-      var that = this;
-
-      Step (
-        function checkCached() {
-          if ( me.channelCache.hasOwnProperty(cacheKey) ) {
-            callback(null, me.channelCache[cacheKey]);
-            return;
-          }
-          return null;
-        },
-        function extractSQL(err) {
-          if ( err ) throw err;
-
-          if ( req.params.token ) {
-            // TODO: cached cache channel for token-based access should
-            //       be constructed at renderer cache creation time
-            // See http://github.com/CartoDB/Windshaft-cartodb/issues/152
-            if ( ! app.mapStore ) {
-              throw new Error('missing channel cache for token ' + req.params.token);
-            }
-            var next = this;
-            var mapStore = app.mapStore;
-            Step(
-              function loadFromStore() {
-                mapStore.load(req.params.token, this);
-              },
-              function getSQL(err, mapConfig) {
-                if (req.profiler) req.profiler.done('mapStore_load');
-                if ( err ) throw err;
-                var sql = [];
-                _.each(mapConfig.obj().layers, function(lyr) {
-                  sql.push(lyr.options.sql);
-                });
-                sql = sql.join(';');
-                return sql;
-              },
-              function finish(err, sql) {
-                next(err, sql);
-              }
-            );
-            return;
-          }
-
-          if ( ! req.params.sql ) {
-            return null; // no sql
-          }
-
-          // We have sql, and no token...
-
-          // strip out windshaft/mapnik inserted sql if present
-          var sql = req.params.sql.match(/^\((.*)\)\sas\scdbq$/);
-          sql = (sql != null) ? sql[1] : req.params.sql;
-
-          return sql;
-        },
-        function findAffectedTables(err, sql) {
-          if ( err ) throw err;
-          if ( ! sql ) {
-            if ( ! req.params.table ) {
-              throw new Error("this request doesn't need an X-Cache-Channel generated");
-            }
-            return [req.params.table];
-          }
-          var user, key;
-          var next = this;
-          Step (
-            function findUserKey() {
-              if ( req.params.hasOwnProperty('_authorizedBySigner') ) {
-                user = req.params._authorizedBySigner;
-                cartoData.getUserMapKey(user, this);
-              } else {
-                user = that.userByReq(req);
-                key = req.params.map_key || req.params.api_key;
-                return null;
-              }
-            },
-            function getAffected(err, data) {
-              if ( err ) throw err;
-              if ( data ) {
-                if ( req.profiler ) req.profiler.done('getSignerMapKey');
-                key = data;
-              }
-              queryTablesApi.getAffectedTablesInQuery(user, {
-                  user: req.params.dbuser,
-                  pass: req.params.dbpass,
-                  host: req.params.dbhost,
-                  port: req.params.dbport,
-                  dbname: req.params.dbname,
-                  api_key: key
-              }, sql, this); // in addCacheChannel
-            },
-            function finish(err, data) {
-              next(err,data);
-            }
-          );
-        },
-        function buildCacheChannel(err, tableNames) {
-          if ( err ) throw err;
-          if (req.profiler && ! req.params.table ) {
-            req.profiler.done('affectedTables');
-          }
-
-          var dbName     = req.params.dbname;
-          var cacheChannel = me.buildCacheChannel(dbName,tableNames);
-          // store for caching from me.generateCacheChannel
-          // (not worth when table was specified in params)
-          if ( ! req.params.table ) {
-            me.channelCache[cacheKey] = cacheChannel;
-          }
-          return cacheChannel;
-        },
-        function finish(err, cacheChannel) {
-          callback(err, cacheChannel);
-        }
-      );
-    };
-
-    // Set the cache chanel info to invalidate the cache on the frontend server
-    //
-    // @param req The request object.
-    //            The function will have no effect unless req.res exists.
-    //            It is expected that req.params contains 'table' and 'dbname'
-    //
-    // @param cb function(err, channel) will be called when ready.
-    //           the channel parameter will be null if nothing was added
-    //
-    me.addCacheChannel = function(app, req, cb) {
-        // skip non-GET requests, or requests for which there's no response
-        if ( req.method != 'GET' || ! req.res ) { cb(null, null); return; }
-        if (req.profiler) req.profiler.start('addCacheChannel');
-        var res = req.res;
-        var cache_policy = req.query.cache_policy;
-        if ( req.params.token ) cache_policy = 'persist';
-        if ( cache_policy == 'persist' ) {
-          res.header('Cache-Control', 'public,max-age=31536000'); // 1 year
-        } else {
-          var ttl = global.environment.varnish.ttl || 86400;
-          res.header('Cache-Control', 'no-cache,max-age='+ttl+',must-revalidate, public');
-        }
-
-        // Set Last-Modified header
-        var lastUpdated;
-        if ( req.params.cache_buster ) {
-          // Assuming cache_buster is a timestamp
-          // FIXME: store lastModified in the cache channel instead
-          lastUpdated = new Date(parseInt(req.params.cache_buster));
-        } else {
-          lastUpdated = new Date();
-        }
-        res.header('Last-Modified', lastUpdated.toUTCString());
-
-        me.generateCacheChannel(app, req, function(err, channel){
-            if (req.profiler) req.profiler.done('generateCacheChannel');
-            if (req.profiler) req.profiler.end();
-            if ( ! err ) {
-              res.header('X-Cache-Channel', channel);
-              cb(null, channel);
-            } else {
-              console.log('ERROR generating cache channel: ' + ( err.message ? err.message : err ));
-              // TODO: evaluate if we should bubble up the error instead
-              cb(null, 'ERROR');
-            }
-        });
-    };
-
-    me.afterLayergroupCreate = function(req, mapconfig, response, callback) {
-        var token = response.layergroupid;
-
-        var username = this.userByReq(req);
-
-        var tasksleft = 2; // redis key and affectedTables
-        var errors = [];
-
-        var done = function(err) {
-          if ( err ) {
-            errors.push('' + err);
-          }
-          if ( ! --tasksleft ) {
-            err = errors.length ? new Error(errors.join('\n')) : null;
-            callback(err);
-          }
-        };
-
-        // include in layergroup response the variables in serverMedata
-        // those variables are useful to send to the client information
-        // about how to reach this server or information about it
-        var serverMetadata = global.environment.serverMetadata;
-        if (serverMetadata) {
-          _.extend(response, serverMetadata);
-        }
-
-        // Don't wait for the mapview count increment to
-        // take place before proceeding. Error will be logged
-        // asyncronously
-        cartoData.incMapviewCount(username, mapconfig.stat_tag, function(err) {
-          if (req.profiler) req.profiler.done('incMapviewCount');
-          if ( err ) console.log("ERROR: failed to increment mapview count for user '" + username + "': " + err);
-          done();
-        });
-
-        var sql = [];
-        _.each(mapconfig.layers, function(lyr) {
-          sql.push(lyr.options.sql);
-        });
-        sql = sql.join(';');
-
-        var dbName = req.params.dbname;
-        var usr    = this.userByReq(req);
-        var key    = req.params.map_key || req.params.api_key;
-
-        var cacheKey = dbName + ':' + token;
-
-        Step(
-            function getAffectedTablesAndLastUpdatedTime() {
-                queryTablesApi.getAffectedTablesAndLastUpdatedTime(usr, {
-                    user: req.params.dbuser,
-                    pass: req.params.dbpass,
-                    host: req.params.dbhost,
-                    port: req.params.dbport,
-                    dbname: req.params.dbname,
-                    api_key: key
-                }, sql, this);
-            },
-            function handleAffectedTablesAndLastUpdatedTime(err, result) {
-                if (req.profiler) req.profiler.done('queryTablesAndLastUpdated');
-                if ( err ) throw err;
-                var cacheChannel = me.buildCacheChannel(dbName, result.affectedTables);
-                me.channelCache[cacheKey] = cacheChannel;
-
-                if (req.res && req.method == 'GET') {
-                    var res = req.res;
-                    if ( req.query && req.query.cache_policy == 'persist' ) {
-                        res.header('Cache-Control', 'public,max-age=31536000'); // 1 year
-                    } else {
-                        var ttl = global.environment.varnish.ttl || 86400;
-                        res.header('Cache-Control', 'public,max-age='+ttl+',must-revalidate');
-                    }
-                    res.header('Last-Modified', (new Date()).toUTCString());
-                    res.header('X-Cache-Channel', cacheChannel);
-                }
-
-                // last update for layergroup cache buster
-                response.layergroupid = response.layergroupid + ':' + result.lastUpdatedTime;
-                response.last_updated = new Date(result.lastUpdatedTime).toISOString();
-                return null;
-            },
-            function finish(err) {
-                done(err);
-            }
-        );
-    };
-
-/* X-Cache-Channel generation } */
-
-    me.re_userFromHost = new RegExp(
-      global.environment.user_from_host ||
-      '^([^\\.]+)\\.' // would extract "strk" from "strk.cartodb.com"
-    );
-
-    me.userByReq = function(req) {
-      var host = req.headers.host;
-      var mat = host.match(this.re_userFromHost);
-      if ( ! mat ) {
-        console.error("ERROR: user pattern '" + this.re_userFromHost
-          + "' does not match hostname '" + host + "'");
-        return;
-      }
-      // console.log("Matches: "); console.dir(mat);
-      if ( ! mat.length === 2 ) {
-        console.error("ERROR: pattern '" + this.re_userFromHost
-          + "' gave unexpected matches against '" + host + "': " + mat);
-        return;
-      }
-      return mat[1];
-    };
-
-    // Set db authentication parameters to those of the given username
-    //
-    // @param username the cartodb username, mapped to a database username
-    //                 via CartodbRedis metadata records
-    //
-    // @param params the parameters to set auth options into
-    //               added params are: "dbuser" and "dbpassword"
-    //
-    // @param callback function(err) 
-    //
-    me.setDBAuth = function(username, params, callback) {
-
-      var user_params = {};
-      var auth_user = global.environment.postgres_auth_user;
-      var auth_pass = global.environment.postgres_auth_pass;
-      Step(
-        function getId() {
-          cartoData.getUserId(username, this);
-        },
-        function(err, user_id) {
-          if (err) throw err;
-          user_params['user_id'] = user_id;
-          var dbuser = _.template(auth_user, user_params);
-          _.extend(params, {dbuser:dbuser});
-
-          // skip looking up user_password if postgres_auth_pass
-          // doesn't contain the "user_password" label 
-          if (!auth_pass || ! auth_pass.match(/\buser_password\b/) ) return null;
-
-          cartoData.getUserDBPass(username, this);
-        },
-        function(err, user_password) {
-          if (err) throw err;
-          user_params['user_password'] = user_password;
-          if ( auth_pass ) {
-            var dbpass = _.template(auth_pass, user_params);
-            _.extend(params, {dbpassword:dbpass});
-          }
-          return true;
-        },
-        function finish(err) {
-          callback(err); 
-        }
-      );
-    };
-
-    // Set db connection parameters to those for the given username
-    //
-    // @param dbowner cartodb username of database owner,
-    //                mapped to a database username
-    //                via CartodbRedis metadata records
-    //
-    // @param params the parameters to set connection options into
-    //               added params are: "dbname", "dbhost"
-    //
-    // @param callback function(err) 
-    //
-    me.setDBConn = function(dbowner, params, callback) {
-      // Add default database connection parameters
-      // if none given
-      _.defaults(params, {
-        dbuser: global.environment.postgres.user,
-        dbpassword: global.environment.postgres.password,
-        dbhost: global.environment.postgres.host,
-        dbport: global.environment.postgres.port
-      });
-      Step(
-        function getConnectionParams() {
-            cartoData.getUserDBConnectionParams(dbowner, this);
-        },
-        function extendParams(err, dbParams){
-            if (err) throw err;
-            // we don't want null values or overwrite a non public user
-            if (params.dbuser != 'publicuser' || !dbParams.dbuser) {
-                delete dbParams.dbuser;
-            }
-            if ( dbParams ) _.extend(params, dbParams);
-            return null;
-        },
-        function finish(err) {
-          callback(err);
-        }
-      );
-    };
-
-
-    // Check if a request is authorized by a signer
-    //
-    // Any existing signature for the given request will verified
-    // for authorization to this specific request (may require auth_token)
-    // See https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps
-    //
-    // @param req express request object
-    // @param callback function(err, signed_by) signed_by will be
-    //                 null if the request is not signed by anyone
-    //                 or will be a string cartodb username otherwise.
-    //                 
-    me.authorizedBySigner = function(req, callback)
-    {
-      if ( ! req.params.token || ! req.params.signer ) {
-        //console.log("No signature provided"); // debugging
-        callback(null, null); // no signer requested
-        return;
-      }
-
-      var signer = req.params.signer;
-      var layergroup_id = req.params.token;
-      var auth_token = req.params.auth_token;
-
-      //console.log("Checking authorization from signer " + signer + " for resource " + layergroup_id + " with auth_token " + auth_token);
-
-      me.signedMaps.isAuthorized(signer, layergroup_id, auth_token,
-        function(err, authorized) {
-          callback(err, authorized ? signer : null);
-        });
-    };
-
-    // Check if a request is authorized by api_key
-    //
-    // @param req express request object
-    // @param callback function(err, authorized) 
-    //        NOTE: authorized is expected to be 0 or 1 (integer)
-    //                 
-    me.authorizedByAPIKey = function(req, callback)
-    {
-        var givenKey = req.query.api_key || req.query.map_key;
-        if ( ! givenKey && req.body ) {
-          // check also in request body
-          givenKey = req.body.api_key || req.body.map_key;
-        }
-        if ( ! givenKey ) {
-          callback(null, 0); // no api key, no authorization...
-          return;
-        }
-        //console.log("given ApiKey: " + givenKey);
-        var user = me.userByReq(req);
-        Step(
-          function (){
-              cartoData.getUserMapKey(user, this);
-          },
-          function checkApiKey(err, val){
-              if (err) throw err;
-              return ( val && givenKey == val ) ? 1 : 0;
-          },
-          function finish(err, authorized) {
-              callback(err, authorized);
-          }
-        );
-    };
-
-    /**
-     * Check access authorization
-     *
-     * @param req - standard req object. Importantly contains table and host information
-     * @param callback function(err, allowed) is access allowed not?
-     */
-    me.authorize = function(req, callback) {
-        var that = this;
-        var user = me.userByReq(req);
-
-        Step(
-            function (){
-                that.authorizedByAPIKey(req, this);
-            },
-            function checkApiKey(err, authorized){
-                if (req.profiler) req.profiler.done('authorizedByAPIKey');
-                if (err) throw err;
-
-                // if not authorized by api_key, continue 
-                if (authorized !== 1)  {
-                  // not authorized by api_key, 
-                  // check if authorized by signer
-                  that.authorizedBySigner(req, this);
-                  return;
-                }
-
-                _.extend(req.params, { _authorizedByApiKey: true });
-
-                // authorized by api key, login as the given username and stop
-                that.setDBAuth(user, req.params, function(err) {
-                  callback(err, true); // authorized (or error)
-                });
-            },
-            function checkSignAuthorized(err, signed_by){
-                if (err) throw err;
-                if (req.profiler) {
-                  if ( req.params._authorizedByApiKey ) {
-                    req.profiler.done('setDBAuth');
-                  } else {
-                    req.profiler.done('authorizedBySigner');
-                  }
-                }
-
-                if ( ! signed_by ) {
-                  // request not authorized by signer.
-  
-                  // if table was given, continue to check table privacy
-                  if ( req.params.table ) return null;
-
-                  // if no signer name was given, let dbparams and
-                  // PostgreSQL do the rest.
-                  // 
-                  if ( ! req.params.signer ) {
-                    callback(null, true); // authorized so far
-                    return;
-                  }
-
-                  // if signer name was given, return no authorization
-                  callback(null, false); 
-                  return;
-                }
-
-                // Authorized by "signed_by" !
-                _.extend(req.params, { _authorizedBySigner: signed_by });
-                that.setDBAuth(signed_by, req.params, function(err) {
-                  if (req.profiler) req.profiler.done('setDBAuth');
-                  callback(err, true); // authorized (or error)
-                });
-            },
-            function getDatabase(err){
-                if (err) throw err;
-                // NOTE: only used to get to table privacy
-                cartoData.getUserDBName(user, this);
-            },
-            function getPrivacy(err, dbname){
-                if (err) throw err;
-                if (req.profiler) req.profiler.done('tablePrivacy_getUserDBName');
-                cartoData.getTablePrivacy(dbname, req.params.table, this);
-            },
-            function(err, privacy){
-                if (req.profiler) req.profiler.done('getTablePrivacy');
-                callback(err, privacy !== "0");
-            }
-        );
-    };
-
-    /**
-     * Whitelist input and get database name & default geometry type from
-     * subdomain/user metadata held in CartoDB Redis
-     * @param req - standard express request obj. Should have host & table
-     * @param callback
-     */
-    me.req2params = function(req, callback){
-
-        if ( req.query.lzma ) {
-
-          // TODO: check ?
-          //console.log("type of req.query.lzma is " + typeof(req.query.lzma));
-
-          // Decode (from base64)
-          var lzma = (new Buffer(req.query.lzma, 'base64').toString('binary')).split('').map(function(c) { return c.charCodeAt(0) - 128 });
-
-          // Decompress
-          lzmaWorker.decompress(
-            lzma,
-            function(result) {
-              if (req.profiler) req.profiler.done('LZMA decompress');
-              try {
-                delete req.query.lzma;
-                _.extend(req.query, JSON.parse(result));
-                me.req2params(req, callback);
-              } catch (err) {
-                callback(new Error('Error parsing lzma as JSON: ' + err));
-              }
-            },
-            function(percent) { // progress
-              //console.log("LZMA decompression " + percent + "%");
-            }
-          );
-          return;
-        }
-
-        // Whitelist query parameters and attach format
-        var good_query = ['sql', 'geom_type', 'cache_buster', 'cache_policy', 'callback', 'interactivity', 'map_key', 'api_key', 'auth_token', 'style', 'style_version', 'style_convert', 'config' ];
-        var bad_query  = _.difference(_.keys(req.query), good_query);
-
-        _.each(bad_query, function(key){ delete req.query[key]; });
-        req.params =  _.extend({}, req.params); // shuffle things as request is a strange array/object
-
-        var user = me.userByReq(req);
-
-        if ( req.params.token ) {
-          //console.log("Request parameters include token " + req.params.token);
-          var tksplit = req.params.token.split(':');
-          req.params.token = tksplit[0];
-          if ( tksplit.length > 1 ) req.params.cache_buster= tksplit[1];
-          tksplit = req.params.token.split('@');
-          if ( tksplit.length > 1 ) {
-            req.params.signer = tksplit.shift();
-            if ( ! req.params.signer ) req.params.signer = user;
-            else if ( req.params.signer != user ) {
-              var err = new Error('Cannot use map signature of user "' + req.params.signer + '" on database of user "' + user + '"');
-              err.http_status = 403;
-              callback(err);
-              return;
-            }
-            if ( tksplit.length > 1 ) {
-              var template_hash = tksplit.shift(); // unused
-            }
-            req.params.token = tksplit.shift(); 
-            //console.log("Request for token " + req.params.token + " with signature from " + req.params.signer);
-          }
-        }
-
-        // bring all query values onto req.params object
-        _.extend(req.params, req.query);
-
-        // for cartodb, ensure interactivity is cartodb_id or user specified
-        req.params.interactivity = req.params.interactivity || 'cartodb_id';
-
-        var that = this;
-
-        if (req.profiler) req.profiler.done('req2params.setup');
-
-        Step(
-            function getPrivacy(){
-                me.authorize(req, this);
-            },
-            function gatekeep(err, authorized){
-                if (req.profiler) req.profiler.done('authorize');
-                if(err) throw err;
-                if(!authorized) {
-                  err = new Error("Sorry, you are unauthorized (permission denied)");
-                  err.http_status = 403;
-                  throw err;
-                }
-                return null;
-            },
-            function getDatabase(err){
-                if(err) throw err;
-                that.setDBConn(user, req.params, this);
-            },
-            function getGeometryType(err){
-                if (req.profiler) req.profiler.done('setDBConn');
-                if (err) throw err;
-                if ( ! req.params.table ) return null;
-                cartoData.getTableGeometryType(req.params.dbname, req.params.table, this);
-            },
-            function finishSetup(err, data){
-                if ( err ) { callback(err, req); return; }
-
-                if (!_.isNull(data))
-                    _.extend(req.params, {geom_type: data});
-
-                // Add default database connection parameters
-                // if none given
-                _.defaults(req.params, {
-                  dbuser: global.environment.postgres.user,
-                  dbpassword: global.environment.postgres.password,
-                  dbhost: global.environment.postgres.host,
-                  dbport: global.environment.postgres.port
-                });
-
-                callback(null, req);
-            }
-        );
-    };
-
-    /**
-     * Little helper method to get the current list of infowindow variables and return to client
-     * @param req
-     * @param callback
-     */
-    me.getInfowindow = function(req, callback){
-        var that = this;
-        var user = me.userByReq(req);
-
-        Step(
-            function(){
-                // TODO: if this step really needed ?
-                that.req2params(req, this);
-            },
-            function getDatabase(err){
-                if (err) throw err;
-                cartoData.getUserDBName(user, this);
-            },
-            function getInfowindow(err, dbname){
-                if (err) throw err;
-                cartoData.getTableInfowindow(dbname, req.params.table, this);
-            },
-            function(err, data){
-                callback(err, data);
-            }
-        );
-    };
-
-    /**
-     * Little helper method to get map metadata and return to client
-     * @param req
-     * @param callback
-     */
-    me.getMapMetadata = function(req, callback){
-        var that = this;
-        var user = me.userByReq(req);
-
-        Step(
-            function(){
-                // TODO: if this step really needed ?
-                that.req2params(req, this);
-            },
-            function getDatabase(err){
-                if (err) throw err;
-                cartoData.getUserDBName(user, this);
-            },
-            function getMapMetadata(err, dbname){
-                if (err) throw err;
-                cartoData.getTableMapMetadata(dbname, req.params.table, this);
-            },
-            function(err, data){
-                callback(err, data);
-            }
-        );
-    };
-
-    /**
-     * Helper to clear out tile cache on request
-     * @param req
-     * @param callback
-     */
-    me.flushCache = function(req, Cache, callback){
-        var that = this;
-
-        Step(
-            function getParams(){
-                // this is mostly to compute req.params.dbname
-                that.req2params(req, this);
-            },
-            function flushInternalCache(err){
-                // TODO: implement this, see
-                // http://github.com/Vizzuality/Windshaft-cartodb/issues/73
-                return true;
-            },
-            function flushVarnishCache(err){
-                if (err) { callback(err); return; }
-                if(Cache) {
-                  Cache.invalidate_db(req.params.dbname, req.params.table);
-                }
-                callback(null, true);
-            }
-        );
-    };
-
-    return me;
 };
--- a/lib/cartodb/signed_maps.js
+++ b/lib/cartodb/signed_maps.js
@@ -1,397 +0,0 @@
-var crypto    = require('crypto');
-var Step      = require('step');
-var _         = require('underscore');
-
-var debug = global.environment ? global.environment.debug : undefined;
-
-// Class handling map signatures and user certificates
-//
-// See https://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps
-//
-// @param redis_pool an instance of a "redis-mpool"
-//        See https://github.com/CartoDB/node-redis-mpool
-//        Needs version 0.x.x of the API.
-//
-function SignedMaps(redis_pool) {
-  this.redis_pool = redis_pool;
-
-  // Database containing signatures
-  // TODO: allow configuring ?
-  // NOTE: currently it is the same as
-  //       the one containing layergroups
-  this.db_signatures = 0;
-
-  //
-  // Map signatures in redis are reference to signature certificates
-  // We have the following datastores:
-  //
-  //  1. User certificates: set of per-user authorization certificates
-  //  2. Map signatures: set of per-map certificate references 
-  //  3. Certificate applications: set of per-certificate signed maps
-
-  // User certificates (HASH:crt_id->crt_val)
-  this.key_map_crt = "map_crt|<%= signer %>";
-
-  // Map signatures (SET:crt_id)
-  this.key_map_sig = "map_sig|<%= signer %>|<%= map_id %>";
-  
-  // Certificates applications (SET:map_id)
-  //
-  // Everytime a map is signed, the map identifier (layergroup_id)
-  // is added to this set. The purpose of this set is to drop
-  // all map signatures when a certificate is removed
-  //
-  this.key_crt_sig = "crt_sig|<%= signer %>|<%= crt_id %>";
-
-};
-
-var o = SignedMaps.prototype;
-
-//--------------- PRIVATE METHODS --------------------------------
-
-o._acquireRedis = function(callback) {
-  this.redis_pool.acquire(this.db_signatures, callback);
-};
-
-o._releaseRedis = function(client) {
-  this.redis_pool.release(this.db_signatures, client);
-};
-
-/**
- * Internal function to communicate with redis
- *
- * @param redisFunc - the redis function to execute
- * @param redisArgs - the arguments for the redis function in an array
- * @param callback - function to pass results too.
- */
-o._redisCmd = function(redisFunc, redisArgs, callback) {
-  var redisClient;
-  var that = this;
-  var db = that.db_signatures;
-
-  Step(
-    function getRedisClient() {
-      that.redis_pool.acquire(db, this);
-    },
-    function executeQuery(err, data) {
-      if ( err ) throw err;
-      redisClient = data;
-      redisArgs.push(this);
-      redisClient[redisFunc.toUpperCase()].apply(redisClient, redisArgs);
-    },
-    function releaseRedisClient(err, data) {
-      if ( ! _.isUndefined(redisClient) ) that.redis_pool.release(db, redisClient);
-      callback(err, data);
-    }
-  );
-};
-
-o._getAuthMethod = function(auth) {
-  return auth.method || 'open';
-};
-
-//--------------- PUBLIC API -------------------------------------
-
-/// Check formal validity of a certificate
-//
-/// Return an Error instance if invalid, null otherwise
-///
-o.checkInvalidCertificate = function(cert) {
-  //console.log("Checking cert: "); console.dir(cert);
-  if ( cert.version !== "0.0.1" ) {
-    return new Error("Unsupported certificate version " + cert.version);
-  }
-
-  if ( ! cert.auth ) {
-console.log("Cert is : "); console.dir(cert);
-    return new Error("No certificate authorization");
-  }
-
-  var method = this._getAuthMethod(cert.auth);
-
-  switch ( method ) {
-    case 'open':
-      break;
-    case 'token':
-      if ( ! _.isArray(cert.auth.valid_tokens) )
-        return new Error("Invalid 'token' authentication: missing valid_tokens");
-      if ( ! cert.auth.valid_tokens.length )
-        return new Error("Invalid 'token' authentication: no valid_tokens");
-      break;
-    default:
-      return new Error("Unsupported authentication method: " + cert.auth.method);
-      break;
-  }
-
-  return null; // all valid
-}
-
-// Check if the given certificate authorizes waiver of "auth"
-o.authorizedByCert = function(cert, auth) {
-  auth = _.isArray(auth) ? auth : [auth];
-
-  var err = this.checkInvalidCertificate(cert);
-  if ( err ) throw err;
-
-  var method = this._getAuthMethod(cert.auth);
-
-  // Open authentication certificates are always authorized
-  if ( method === 'open' ) return true;
-
-  // Token based authentication requires valid token
-  if ( method === 'token' ) {
-    return _.intersection(cert.auth.valid_tokens, auth).length > 0;
-  }
-
-  throw new Error("Unsupported authentication method: " + cert.auth.method);
-};
-
-// Check if shown credential are authorized to access a map
-// by the given signer.
-//
-// @param signer a signer name (cartodb username)
-// @param map_id a layergroup_id
-// @param auth an authentication token, or undefined if none
-//                    (can still be authorized by signature)
-//
-// @param callback function(Error, Boolean)
-//
-o.isAuthorized = function(signer, map_id, auth, callback) {
-  var that = this;
-  var redisClient;
-  var db = that.db_signatures;
-  var authorized = false;
-  var certificate_id_list;
-  var missing_certificates = [];
-  if ( debug ) {
-    console.log("Check auth from signer '" + signer + "' on map '" + map_id + "' with auth '" + auth + "'");
-  }
-  Step(
-    function getRedisClient() {
-      that.redis_pool.acquire(db, this);
-    },
-    function getMapSignatures(err, client) {
-      if ( err ) throw err;
-      redisClient = client;
-      var map_sig_key = _.template(that.key_map_sig, {signer:signer, map_id:map_id});
-      redisClient.SMEMBERS(map_sig_key, this);
-      //that._redisCmd('SMEMBERS', [ map_sig_key ], this);
-    },
-    function getCertificates(err, crt_lst) {
-      if ( err ) throw err;
-      if ( debug ) {
-        console.log("Map '" + map_id + "' is signed by " + crt_lst.length + " certificates of user '" + signer);
-      }
-      certificate_id_list = crt_lst;
-      if ( ! crt_lst.length ) {
-        // No certs, avoid calling redis with short args list.
-        // Next step expects a list of certificate values so
-        // we directly send the empty list.
-        return crt_lst;
-      }
-      var map_crt_key = _.template(that.key_map_crt, {signer:signer});
-      //that._redisCmd('HMGET', [ map_crt_key ].concat(crt_lst), this);
-      redisClient.HMGET(map_crt_key, crt_lst, this);
-    },
-    function checkCertificates(err, certs) {
-      if ( err ) throw err;
-      for (var i=0; i<certs.length; ++i) {
-        var crt_id = certificate_id_list[i];
-        if ( _.isNull(certs[i]) ) {
-          missing_certificates.push(crt_id);
-          continue;
-        }
-        var cert;
-        try {
-          //console.log("cert " + crt_id + ": " + certs[i]);
-          cert = JSON.parse(certs[i]);
-          authorized = that.authorizedByCert(cert, auth);
-        } catch (err) {
-          console.log("Certificate " + certificate_id_list[i] + " by user '" + signer + "' is malformed: " + err);
-          continue;
-        }
-        if ( authorized ) {
-          if ( debug ) {
-            console.log("Access to map '" + map_id + "' authorized by cert '"
-                        + certificate_id_list[i] + "' of user '" + signer + "'");
-          }
-          //console.dir(cert);
-          break; // no need to further check certs
-        }
-      }
-      return null;
-    },
-    function finish(err) {
-      if ( missing_certificates.length ) {
-        console.log("WARNING: map '" + map_id + "' is signed by '" + signer
-          + "' with " + missing_certificates.length
-          + " missing certificates: "
-          + missing_certificates + " (TODO: give cleanup instructions)");
-      }
-      if ( redisClient ) that.redis_pool.release(db, redisClient);
-      callback(err, authorized);
-    }
-  );
-};
-
-// Add an authorization certificate from a user.
-//
-// @param signer a signer name (cartodb username)
-// @param cert certificate object, see
-//             http://github.com/CartoDB/Windshaft-cartodb/wiki/Signed-maps
-//
-// @param callback function(err, crt_id) return certificate id
-//
-// TODO: allow for requesting error when certificate already exists ?
-//
-o.addCertificate = function(signer, cert, callback) {
-  var crt_val = JSON.stringify(cert);
-  var crt_id = crypto.createHash('md5').update(crt_val).digest('hex');
-
-  var usr_crt_key = _.template(this.key_map_crt, {signer:signer});
-  this._redisCmd('HSET', [ usr_crt_key, crt_id, crt_val ], function(err, created) {
-    // NOTE: created would be 0 if the field already existed, 1 otherwise
-    callback(err, crt_id);
-  });
-};
-
-// Remove an authorization certificate of a user, also removing
-// any signature made with the certificate.
-//
-// @param signer a signer name (cartodb username)
-// @param crt_id certificate identifier, as returned by addCertificate
-// @param callback function(err)
-//
-o.delCertificate = function(signer, crt_id, callback) {
-  var db = this.db_signatures;
-  var crt_sig_key = _.template(this.key_crt_sig, {signer:signer, crt_id:crt_id});
-  var signed_map_list;
-  var redis_client;
-  var that = this;
-  Step (
-    function getRedisClient() {
-      that._acquireRedis(this);
-    },
-    function removeCertificate(err, data) {
-      if ( err ) throw err;
-      redis_client = data;
-      // Remove the certificate (would be enough to stop authorizing uses)
-      var usr_crt_key = _.template(that.key_map_crt, {signer:signer});
-      redis_client.HDEL(usr_crt_key, crt_id, this);
-    },
-    function getMapSignatures(err, deleted) {
-      if ( err ) throw err;
-      if ( ! deleted ) {
-        // debugging (how can this be possible?)
-        console.log("WARNING: authorization certificate '" + crt_id
-          + "' by user '" + signer + "' did not exist on delete request");
-      }
-      // Get all signatures by this certificate
-      redis_client.SMEMBERS(crt_sig_key, this);
-    },
-    function delMapSignaturesReference(err, map_id_list) {
-      if ( err ) throw err;
-      signed_map_list = map_id_list;
-      if ( debug ) {
-        console.log("Certificate '" + crt_id + "' from user '" + signer
-          + "' was used to sign " + signed_map_list.length + " maps");
-      }
-      redis_client.DEL(crt_sig_key, this);
-    },
-    function delMapSignatures(err) {
-      if ( err ) throw err;
-      var crt_sig_key = _.template(that.key_crt_sig, {signer:signer, crt_id:crt_id});
-      var tx = redis_client.MULTI();
-      for (var i=0; i<signed_map_list.length; ++i) {
-        var map_id = signed_map_list[i];
-        var map_sig_key = _.template(that.key_map_sig, {signer:signer, map_id:map_id});
-        //console.log("Queuing removal of '" + crt_id + "' from '" + map_sig_key + "'");
-        tx.SREM( map_sig_key, crt_id )
-      }
-      tx.EXEC(this);
-    },
-    function reportTransaction(err, rets) {
-      if ( err ) throw err;
-      if ( debug ) {
-        for (var i=0; i<signed_map_list.length; ++i) {
-          var ret = rets[i];
-          if ( ! ret ) {
-            console.log("No signature with certificate '" + crt_id
-              + "' of user '" + signer + "' found in map '"
-              + signed_map_list[i] + "'");
-          } else {
-            console.log("Signature with certificate '" + crt_id
-              + "' of user '" + signer + "' removed from map '"
-              + signed_map_list[i] + "'");
-          }
-        }
-      }
-      return null;
-    },
-    function finish(err) {
-      if ( ! _.isUndefined(redis_client) ) {
-        that._releaseRedis(redis_client);
-      }
-      callback(err);
-    }
-  );
-};
-
-// Sign a map with a certificate reference
-//
-// @param signer a signer name (cartodb username)
-// @param map_id a layergroup_id
-// @param crt_id signature certificate identifier
-//
-// @param callback function(Error) 
-//
-o.signMap = function(signer, map_id, crt_id, callback) {
-  var that = this;
-  Step(
-    function addMapSignature() {
-      var map_sig_key = _.template(that.key_map_sig, {signer:signer, map_id:map_id});
-      if ( debug ) {
-        console.log("Adding " + crt_id + " to " + map_sig_key);
-      }
-      that._redisCmd('SADD', [ map_sig_key, crt_id ], this);
-    },
-    function addCertificateUsage(err) {
-      // Add the map to the set of maps signed by the given cert
-      if ( err ) throw err;
-      var crt_sig_key = _.template(that.key_crt_sig, {signer:signer, crt_id:crt_id});
-      that._redisCmd('SADD', [ crt_sig_key, map_id ], this);
-    },
-    function finish(err) {
-      callback(err);
-    }
-  );
-};
-
-// Sign a map with a full certificate
-//
-// @param signer a signer name (cartodb username)
-// @param map_id a layergroup_id
-// @param cert_id signature certificate identifier
-//
-// @param callback function(Error, String) return certificate id
-//
-o.addSignature = function(signer, map_id, cert, callback) {
-  var that = this;
-  var certificate_id;
-  Step(
-    function addCertificate() {
-      that.addCertificate(signer, cert, this);
-    },
-    function signMap(err, cert_id) {
-      if ( err ) throw err;
-      if ( ! cert_id ) throw new Error("addCertificate returned no certificate id");
-      certificate_id = cert_id;
-      that.signMap(signer, map_id, cert_id, this);
-    },
-    function finish(err) {
-      callback(err, certificate_id);
-    }
-  );
-};
-
-module.exports = SignedMaps;
--- a/lib/cartodb/sql/sql_api.js
+++ b/lib/cartodb/sql/sql_api.js
@@ -1,66 +0,0 @@
-var _       = require('underscore'),
-    request = require('request');
-
-module.exports.query = function (username, api_key, sql, callback) {
-    var api = global.environment.sqlapi;
-
-    // build up api string
-    var sqlapihostname = username;
-    if ( api.domain ) sqlapihostname += '.' + api.domain;
-
-    var sqlapi = api.protocol + '://';
-    if ( api.host && api.host != api.domain ) sqlapi += api.host;
-    else sqlapi += sqlapihostname;
-    sqlapi += ':' + api.port + '/api/' + api.version + '/sql';
-
-    var qs  = { q: sql };
-
-    // add api_key if given
-    if (_.isString(api_key) && api_key != '') { qs.api_key = api_key; }
-
-    // call sql api
-    //
-    // NOTE: using POST to avoid size limits:
-    // See http://github.com/CartoDB/Windshaft-cartodb/issues/111
-    //
-    // NOTE: uses "host" header to allow IP based specification
-    //       of sqlapi address (and avoid a DNS lookup)
-    //
-    // NOTE: allows for keeping up to "maxConnections" concurrent
-    //       sockets opened per SQL-API host.
-    // See http://nodejs.org/api/http.html#http_agent_maxsockets
-    //
-    var maxSockets = global.environment.maxConnections || 128;
-    var maxGetLen = api.max_get_sql_length || 2048;
-    var maxSQLTime = api.timeout || 100; // 1/10 of a second by default
-    var reqSpec = {
-        url:sqlapi,
-        json:true,
-        headers:{host: sqlapihostname}
-        // http://nodejs.org/api/http.html#http_agent_maxsockets
-        ,pool:{maxSockets:maxSockets}
-        // timeout in milliseconds
-        ,timeout:maxSQLTime
-    };
-    if ( sql.length > maxGetLen ) {
-        reqSpec.method = 'POST';
-        reqSpec.body = qs;
-    } else {
-        reqSpec.method = 'GET';
-        reqSpec.qs = qs;
-    }
-    request(reqSpec, function(err, res, body) {
-        if (err){
-            console.log('ERROR connecting to SQL API on ' + sqlapi + ': ' + err);
-            callback(err);
-            return;
-        }
-        if (res.statusCode != 200) {
-            var msg = res.body.error ? res.body.error : res.body;
-            callback(new Error(msg));
-            console.log('unexpected response status (' + res.statusCode + ') for sql query: ' + sql + ': ' + msg);
-            return;
-        }
-        callback(null, body.rows);
-    });
-};
--- a/lib/cartodb/stats/client.js
+++ b/lib/cartodb/stats/client.js
@@ -0,0 +1,73 @@
+var _ = require('underscore');
+var debug = require('debug')('windshaft:stats_client');
+var StatsD = require('node-statsd').StatsD;
+
+module.exports = {
+    /**
+     * Returns an StatsD instance or an stub object that replicates the StatsD public interface so there is no need to
+     * keep checking if the stats_client is instantiated or not.
+     *
+     * The first call to this method implies all future calls will use the config specified in the very first call.
+     *
+     * TODO: It's far from ideal to use make this a singleton, improvement desired.
+     * We proceed this way to be able to use StatsD from several places sharing one single StatsD instance.
+     *
+     * @param config Configuration for StatsD, if undefined it will return an stub
+     * @returns {StatsD|Object}
+     */
+    getInstance: function(config) {
+
+        if (!this.instance) {
+
+            var instance;
+
+            if (config) {
+                instance = new StatsD(config);
+                instance.last_error = { msg: '', count: 0 };
+                instance.socket.on('error', function (err) {
+                    var last_err = instance.last_error;
+                    var last_msg = last_err.msg;
+                    var this_msg = '' + err;
+                    if (this_msg !== last_msg) {
+                        debug("statsd client socket error: " + err);
+                        instance.last_error.count = 1;
+                        instance.last_error.msg = this_msg;
+                    } else {
+                        ++last_err.count;
+                        if (!last_err.interval) {
+                            instance.last_error.interval = setInterval(function () {
+                                var count = instance.last_error.count;
+                                if (count > 1) {
+                                    debug("last statsd client socket error repeated " + count + " times");
+                                    instance.last_error.count = 1;
+                                    clearInterval(instance.last_error.interval);
+                                    instance.last_error.interval = null;
+                                }
+                            }, 1000);
+                        }
+                    }
+                });
+            } else {
+                var stubFunc = function (stat, value, sampleRate, callback) {
+                    if (_.isFunction(callback)) {
+                        callback(null, 0);
+                    }
+                };
+                instance = {
+                    timing: stubFunc,
+                    increment: stubFunc,
+                    decrement: stubFunc,
+                    gauge: stubFunc,
+                    unique: stubFunc,
+                    set: stubFunc,
+                    sendAll: stubFunc,
+                    send: stubFunc
+                };
+            }
+
+            this.instance = instance;
+        }
+
+        return this.instance;
+    }
+};
--- a/lib/cartodb/stats/profiler_proxy.js
+++ b/lib/cartodb/stats/profiler_proxy.js
@@ -0,0 +1,53 @@
+var Profiler = require('step-profiler');
+
+/**
+ * Proxy to encapsulate node-step-profiler module so there is no need to check if there is an instance
+ */
+function ProfilerProxy(opts) {
+    this.profile = !!opts.profile;
+
+    this.profiler = null;
+    if (!!opts.profile) {
+        this.profiler = new Profiler({statsd_client: opts.statsd_client});
+    }
+}
+
+ProfilerProxy.prototype.done = function(what) {
+    if (this.profile) {
+        this.profiler.done(what);
+    }
+};
+
+ProfilerProxy.prototype.end = function() {
+    if (this.profile) {
+        this.profiler.end();
+    }
+};
+
+ProfilerProxy.prototype.start = function(what) {
+    if (this.profile) {
+        this.profiler.start(what);
+    }
+};
+
+ProfilerProxy.prototype.add = function(what) {
+    if (this.profile) {
+        this.profiler.add(what || {});
+    }
+};
+
+ProfilerProxy.prototype.sendStats = function() {
+    if (this.profile) {
+        this.profiler.sendStats();
+    }
+};
+
+ProfilerProxy.prototype.toString = function() {
+    return this.profile ? this.profiler.toString() : "";
+};
+
+ProfilerProxy.prototype.toJSONString = function() {
+    return this.profile ? this.profiler.toJSONString() : "{}";
+};
+
+module.exports = ProfilerProxy;
--- a/lib/cartodb/stats/reporter/renderer.js
+++ b/lib/cartodb/stats/reporter/renderer.js
@@ -0,0 +1,82 @@
+//  - Reports stats about:
+//    * Total number of renderers
+//    * For mapnik renderers:
+//      - the mapnik-pool status: count, unused and waiting
+//      - the internally cached objects: png and grid
+
+var _ = require('underscore');
+
+function RendererStatsReporter(rendererCache, statsInterval) {
+    this.rendererCache = rendererCache;
+    this.statsInterval = statsInterval || 6e4;
+    this.renderersStatsIntervalId = null;
+}
+
+module.exports = RendererStatsReporter;
+
+RendererStatsReporter.prototype.start = function() {
+    var self = this;
+    this.renderersStatsIntervalId = setInterval(function() {
+        var rendererCacheEntries = self.rendererCache.renderers;
+
+        if (!rendererCacheEntries) {
+            return null;
+        }
+
+        global.statsClient.gauge('windshaft.rendercache.count', _.keys(rendererCacheEntries).length);
+
+        var renderersStats = _.reduce(rendererCacheEntries, function(_rendererStats, cacheEntry) {
+                var stats = cacheEntry.renderer && cacheEntry.renderer.getStats && cacheEntry.renderer.getStats();
+                if (!stats) {
+                    return _rendererStats;
+                }
+
+                _rendererStats.pool.count += stats.pool.count;
+                _rendererStats.pool.unused += stats.pool.unused;
+                _rendererStats.pool.waiting += stats.pool.waiting;
+
+                _rendererStats.cache.grid += stats.cache.grid;
+                _rendererStats.cache.png += stats.cache.png;
+
+                return _rendererStats;
+            },
+            {
+                pool: {
+                    count: 0,
+                    unused: 0,
+                    waiting: 0
+                },
+                cache: {
+                    png: 0,
+                    grid: 0
+                }
+            }
+        );
+
+        global.statsClient.gauge('windshaft.mapnik-cache.png', renderersStats.cache.png);
+        global.statsClient.gauge('windshaft.mapnik-cache.grid', renderersStats.cache.grid);
+
+        global.statsClient.gauge('windshaft.mapnik-pool.count', renderersStats.pool.count);
+        global.statsClient.gauge('windshaft.mapnik-pool.unused', renderersStats.pool.unused);
+        global.statsClient.gauge('windshaft.mapnik-pool.waiting', renderersStats.pool.waiting);
+    }, this.statsInterval);
+
+    this.rendererCache.on('err', rendererCacheErrorListener);
+    this.rendererCache.on('gc', gcTimingListener);
+};
+
+function rendererCacheErrorListener() {
+    global.statsClient.increment('windshaft.rendercache.error');
+}
+
+function gcTimingListener(gcTime) {
+    global.statsClient.timing('windshaft.rendercache.gc', gcTime);
+}
+
+RendererStatsReporter.prototype.stop = function() {
+    this.rendererCache.removeListener('err', rendererCacheErrorListener);
+    this.rendererCache.removeListener('gc', gcTimingListener);
+
+    clearInterval(this.renderersStatsIntervalId);
+    this.renderersStatsIntervalId = null;
+};
--- a/lib/cartodb/template_maps.js
+++ b/lib/cartodb/template_maps.js
@@ -1,608 +0,0 @@
-var crypto  = require('crypto'),
-    Step    = require('step'),
-    _       = require('underscore'),
-    dot     = require('dot');
-
-// Class handling map templates
-//
-// See http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps
-//
-// @param redis_pool an instance of a "redis-mpool"
-//        See https://github.com/CartoDB/node-redis-mpool
-//        Needs version 0.x.x of the API.
-//
-// @param signed_maps an instance of a "signed_maps" class,
-//        See signed_maps.js
-//
-// @param opts TemplateMap options. Supported elements:
-//    'max_user_templates' limit on the number of per-user
-//
-// 
-function TemplateMaps(redis_pool, signed_maps, opts) {
-  this.redis_pool = redis_pool;
-  this.signed_maps = signed_maps;
-  this.opts = opts || {};
-
-  // Database containing templates
-  // TODO: allow configuring ?
-  // NOTE: currently it is the same as
-  //       the one containing layergroups
-  this.db_signatures = 0;
-
-  //
-  // Map templates are owned by a user that specifies access permissions
-  // for their instances.
-  // 
-  // We have the following datastores:
-  //
-  //  1. User templates: set of per-user map templates
-  //     NOTE: each template would have an associated auth
-  //           reference, see signed_maps.js
-
-  // User templates (HASH:tpl_id->tpl_val)
-  this.key_usr_tpl = dot.template("map_tpl|{{=it.owner}}");
-
-  // User template locks (HASH:tpl_id->ctime)
-  this.key_usr_tpl_lck = dot.template("map_tpl|{{=it.owner}}|locks");
-
-  this.lock_ttl = this.opts['lock_ttl'] || 5000;
-}
-
-var o = TemplateMaps.prototype;
-
-//--------------- PRIVATE METHODS --------------------------------
-
-o._userTemplateLimit = function() {
-  return this.opts['max_user_templates'] || 0;
-};
-
-o._acquireRedis = function(callback) {
-  this.redis_pool.acquire(this.db_signatures, callback);
-};
-
-o._releaseRedis = function(client) {
-  this.redis_pool.release(this.db_signatures, client);
-};
-
-/**
- * Internal function to communicate with redis
- *
- * @param redisFunc - the redis function to execute
- * @param redisArgs - the arguments for the redis function in an array
- * @param callback - function to pass results too.
- */
-o._redisCmd = function(redisFunc, redisArgs, callback) {
-  var redisClient;
-  var that = this;
-  var db = that.db_signatures;
-
-  Step(
-    function getRedisClient() {
-      that.redis_pool.acquire(db, this);
-    },
-    function executeQuery(err, data) {
-      if ( err ) throw err;
-      redisClient = data;
-      redisArgs.push(this);
-      redisClient[redisFunc.toUpperCase()].apply(redisClient, redisArgs);
-    },
-    function releaseRedisClient(err, data) {
-      if ( ! _.isUndefined(redisClient) ) that.redis_pool.release(db, redisClient);
-      callback(err, data);
-    }
-  );
-};
-
-// @param callback function(err, obtained)
-o._obtainTemplateLock = function(owner, tpl_id, callback) {
-    var that = this,
-        lockKey = this.key_usr_tpl_lck({owner:owner});
-    Step (
-        function obtainLock() {
-            that._redisCmd('HGET', [lockKey, tpl_id], this);
-        },
-        function checkLock(err, lockTime) {
-            if (err) { throw err; }
-
-            var _newLockTime = Date.now();
-            if (!lockTime || ((_newLockTime - lockTime) > that.lock_ttl)) {
-                that._redisCmd('HSET', [lockKey, tpl_id, _newLockTime], this);
-            } else {
-                throw new Error("Template '" + tpl_id + "' of user '" + owner + "' is locked");
-            }
-        },
-        function finish(err, hsetValue) {
-            callback(err, !!hsetValue);
-        }
-    );
-};
-
-// @param callback function(err, deleted)
-o._releaseTemplateLock = function(owner, tpl_id, callback) {
-    this._redisCmd('HDEL', [this.key_usr_tpl_lck({owner:owner}), tpl_id], callback);
-};
-
-var _reValidIdentifier = /^[a-zA-Z][0-9a-zA-Z_]*$/;
-o._checkInvalidTemplate = function(template) {
-  if ( template.version != '0.0.1' ) {
-    return new Error("Unsupported template version " + template.version);
-  }
-  var tplname = template.name;
-  if ( ! tplname ) {
-    return new Error("Missing template name");
-  }
-  if ( ! tplname.match(_reValidIdentifier) ) {
-    return new Error("Invalid characters in template name '" + tplname + "'");
-  }
-
-  var placeholders = template.placeholders || {};
-
-  var placeholderKeys = Object.keys(placeholders);
-  for (var i = 0, len = placeholderKeys.length; i < len; i++) {
-      var placeholderKey = placeholderKeys[i];
-
-      if (!placeholderKey.match(_reValidIdentifier)) {
-          return new Error("Invalid characters in placeholder name '" + placeholderKey + "'");
-      }
-      if ( ! placeholders[placeholderKey].hasOwnProperty('default') ) {
-          return new Error("Missing default for placeholder '" + placeholderKey + "'");
-      }
-      if ( ! placeholders[placeholderKey].hasOwnProperty('type') ) {
-          return new Error("Missing type for placeholder '" + placeholderKey + "'");
-      }
-  }
-
-  // Check certificate validity
-  var cert = this.getTemplateCertificate(template);
-  var err = this.signed_maps.checkInvalidCertificate(cert);
-  if ( err ) return err;
-
-  // TODO: run more checks over template format ?
-};
-
-//--------------- PUBLIC API -------------------------------------
-
-// Extract a signature certificate from a template
-//
-// The certificate will be ready to be passed to
-// SignedMaps.addCertificate or SignedMaps.authorizedByCert
-//
-o.getTemplateCertificate = function(template) {
-  return {
-      version: '0.0.1',
-      template_id: template.name,
-      auth: template.auth
-  };
-};
-
-// Add a template
-//
-// NOTE: locks user+template_name or fails
-//
-// @param owner cartodb username of the template owner
-//
-// @param template layergroup template, see
-//        http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps#template-format
-//
-// @param callback function(err, tpl_id) 
-//        Return template identifier (only valid for given user)
-//
-o.addTemplate = function(owner, template, callback) {
-  var invalidError = this._checkInvalidTemplate(template);
-  if ( invalidError ) {
-    callback(invalidError);
-    return;
-  }
-  var tplname = template.name;
-
-  // Procedure:
-  //
-  // - Check against limit
-  // 0. Obtain a lock for user+template_name, fail if impossible
-  // 1. Check no other template exists with the same name
-  // 2. Install certificate extracted from template, extending
-  //    it to contain a name to properly salt things out.
-  // 3. Modify the template object to reference certificate by id
-  // 4. Install template
-  // 5. Release lock
-  //
-  //
-
-  var usr_tpl_key = this.key_usr_tpl({owner:owner});
-  var gotLock = false;
-  var that = this;
-  var limit = that._userTemplateLimit();
-  Step(
-    function checkLimit() {
-      if ( ! limit ) return 0;
-      that._redisCmd('HLEN', [ usr_tpl_key ], this);
-    },
-    // try to obtain a lock
-    function obtainLock(err, len) {
-      if ( err ) throw err;
-      if ( limit && len >= limit ) {
-        throw new Error("User '" + owner + "' reached limit on number of templates (" + len + "/" + limit + ")");
-      }
-      that._obtainTemplateLock(owner, tplname, this);
-    },
-    function getExistingTemplate(err, locked) {
-      if ( err ) throw err;
-      if ( ! locked ) {
-        // Already locked
-        throw new Error("Template '" + tplname + "' of user '" + owner + "' is locked");
-      }
-      gotLock = true;
-      that._redisCmd('HEXISTS', [ usr_tpl_key, tplname ], this);
-    },
-    function installCertificate(err, exists) {
-      if ( err ) throw err;
-      if ( exists ) {
-        throw new Error("Template '" + tplname + "' of user '" + owner + "' already exists"); 
-      }
-      var cert = that.getTemplateCertificate(template);
-      that.signed_maps.addCertificate(owner, cert, this);
-    },
-    function installTemplate(err, crt_id) {
-      if ( err ) throw err;
-      template.auth_id = crt_id;
-      var tpl_val = JSON.stringify(template);
-      that._redisCmd('HSET', [ usr_tpl_key, tplname, tpl_val ], this);
-    },
-    function releaseLock(err, newfield) {
-      if ( ! err && ! newfield ) {
-        console.log("ERROR: addTemplate overridden existing template '"
-          + tplname + "' of '" + owner
-          + "' -- HSET returned " + overridden + ": someone added it without locking ?");
-        // TODO: how to recover this ?!
-      }
-
-      if ( err && ! gotLock ) throw err;
-
-      // release the lock
-      var next = this;
-      that._releaseTemplateLock(owner, tplname, function(e, d) {
-        if ( e ) {
-          console.log("Error removing lock on template '" + tplname
-            + "' of user '" + owner + "': " + e);
-        } else if ( ! d ) {
-          console.log("ERROR: lock on template '" + tplname
-            + "' of user '" + owner + "' externally removed during insert!");
-        }
-        next(err);
-      });
-    },
-    function finish(err) {
-      callback(err, tplname);
-    }
-  );
-};
-
-// Delete a template
-//
-// NOTE: locks user+template_name or fails
-//
-// Also deletes associated authentication certificate, which
-// in turn deletes all instance signatures
-//
-// @param owner cartodb username of the template owner
-//
-// @param tpl_id template identifier as returned
-//        by addTemplate or listTemplates
-//
-// @param callback function(err)
-//
-o.delTemplate = function(owner, tpl_id, callback) {
-  var usr_tpl_key = this.key_usr_tpl({owner:owner});
-  var gotLock = false;
-  var that = this;
-  Step(
-    // try to obtain a lock
-    function obtainLock() {
-      that._obtainTemplateLock(owner, tpl_id, this);
-    },
-    function getExistingTemplate(err, locked) {
-      if ( err ) throw err;
-      if ( ! locked ) {
-        // Already locked
-        throw new Error("Template '" + tpl_id + "' of user '" + owner + "' is locked");
-      }
-      gotLock = true;
-      that._redisCmd('HGET', [ usr_tpl_key, tpl_id ], this);
-    },
-    function delCertificate(err, tplval) {
-      if ( err ) throw err;
-      if ( ! tplval ) {
-        throw new Error("Template '" + tpl_id + "' of user '" + owner + "' does not exist"); 
-      }
-      var tpl = JSON.parse(tplval);
-      if ( ! tpl.auth_id ) {
-        // not sure this is an error, in case we'll ever
-        // allow unsigned templates...
-        console.log("ERROR: installed template '" + tpl_id
-            + "' of user '" + owner + "' has no auth_id reference: "); console.dir(tpl);
-        return null;
-      }
-      var next = this;
-      that.signed_maps.delCertificate(owner, tpl.auth_id, function(err) {
-        if ( err ) {
-          var msg = "ERROR: could not delete certificate '"
-                  + tpl.auth_id + "' associated with template '"
-                  + tpl_id + "' of user '" + owner + "': " + err;
-          // I'm actually not sure we want this event to be fatal
-          // (avoiding a deletion of the template itself) 
-          next(new Error(msg));
-        } else {
-          next();
-        }
-      });
-    },
-    function delTemplate(err) {
-      if ( err ) throw err;
-      that._redisCmd('HDEL', [ usr_tpl_key, tpl_id ], this);
-    },
-    function releaseLock(err, deleted) {
-      if ( ! err && ! deleted ) {
-          console.log("ERROR: template '" + tpl_id
-            + "' of user '" + owner + "' externally removed during delete!");
-      }
-
-      if ( ! gotLock ) {
-        if ( err ) throw err;
-        return null;
-      }
-
-      // release the lock
-      var next = this;
-      that._releaseTemplateLock(owner, tpl_id, function(e, d) {
-        if ( e ) {
-          console.log("Error removing lock on template '" + tpl_id
-            + "' of user '" + owner + "': " + e);
-        } else if ( ! d ) {
-          console.log("ERROR: lock on template '" + tpl_id
-            + "' of user '" + owner + "' externally removed during delete!");
-        }
-        next(err);
-      });
-    },
-    function finish(err) {
-      callback(err);
-    }
-  );
-};
-
-// Update a template
-//
-// NOTE: locks user+template_name or fails
-//
-// Also deletes and re-creates associated authentication certificate,
-// which in turn deletes all instance signatures
-//
-// @param owner cartodb username of the template owner
-//
-// @param tpl_id template identifier as returned by addTemplate
-//
-// @param template layergroup template, see
-//        http://github.com/CartoDB/Windshaft-cartodb/wiki/Template-maps#template-format
-//
-// @param callback function(err)
-//        
-o.updTemplate = function(owner, tpl_id, template, callback) {
-
-  var invalidError = this._checkInvalidTemplate(template);
-  if ( invalidError ) {
-    callback(invalidError);
-    return;
-  }
-
-  var tplname = template.name;
-
-  if ( tpl_id != tplname ) {
-    callback(new Error("Cannot update name of a map template ('" + tpl_id + "' != '" + tplname + "')"));
-    return;
-  }
-
-  var usr_tpl_key = this.key_usr_tpl({owner:owner});
-  var gotLock = false;
-  var that = this;
-  Step(
-    // try to obtain a lock
-    function obtainLock() {
-      that._obtainTemplateLock(owner, tpl_id, this);
-    },
-    function getExistingTemplate(err, locked) {
-      if ( err ) throw err;
-      if ( ! locked ) {
-        // Already locked
-        throw new Error("Template '" + tpl_id + "' of user '" + owner + "' is locked");
-      }
-      gotLock = true;
-      that._redisCmd('HGET', [ usr_tpl_key, tpl_id ], this);
-    },
-    function delOldCertificate(err, tplval) {
-      if ( err ) throw err;
-      if ( ! tplval ) {
-        throw new Error("Template '" + tpl_id + "' of user '"
-                         + owner +"' does not exist");
-      }
-      var tpl = JSON.parse(tplval);
-      if ( ! tpl.auth_id ) {
-        // not sure this is an error, in case we'll ever
-        // allow unsigned templates...
-        console.log("ERROR: installed template '" + tpl_id
-            + "' of user '" + owner + "' has no auth_id reference: "); console.dir(tpl);
-        return null;
-      }
-      var next = this;
-      that.signed_maps.delCertificate(owner, tpl.auth_id, function(err) {
-        if ( err ) {
-          var msg = "ERROR: could not delete certificate '"
-                  + tpl.auth_id + "' associated with template '"
-                  + tpl_id + "' of user '" + owner + "': " + err;
-          // I'm actually not sure we want this event to be fatal
-          // (avoiding a deletion of the template itself) 
-          next(new Error(msg));
-        } else {
-          next();
-        }
-      });
-    },
-    function installNewCertificate(err) {
-      if ( err ) throw err;
-      var cert = that.getTemplateCertificate(template);
-      that.signed_maps.addCertificate(owner, cert, this);
-    },
-    function updTemplate(err, crt_id) {
-      if ( err ) throw err;
-      template.auth_id = crt_id;
-      var tpl_val = JSON.stringify(template);
-      that._redisCmd('HSET', [ usr_tpl_key, tplname, tpl_val ], this);
-    },
-    function releaseLock(err, newfield) {
-      if ( ! err && newfield ) {
-          console.log("ERROR: template '" + tpl_id
-            + "' of user '" + owner + "' externally removed during update!");
-      }
-
-      if ( ! gotLock ) {
-        if ( err ) throw err;
-        return null;
-      }
-
-      // release the lock
-      var next = this;
-      that._releaseTemplateLock(owner, tpl_id, function(e, d) {
-        if ( e ) {
-          console.log("Error removing lock on template '" + tpl_id
-            + "' of user '" + owner + "': " + e);
-        } else if ( ! d ) {
-          console.log("ERROR: lock on template '" + tpl_id
-            + "' of user '" + owner + "' externally removed during update!");
-        }
-        next(err);
-      });
-    },
-    function finish(err) {
-      callback(err);
-    }
-  );
-};
-
-// List user templates
-//
-// @param owner cartodb username of the templates owner
-//
-// @param callback function(err, tpl_id_list)
-//        Returns a list of template identifiers
-// 
-o.listTemplates = function(owner, callback) {
-    this._redisCmd('HKEYS', [ this.key_usr_tpl({owner:owner}) ], callback);
-};
-
-// Get a templates
-//
-// @param owner cartodb username of the template owner
-//
-// @param tpl_id template identifier as returned
-//        by addTemplate or listTemplates
-//
-// @param callback function(err, template)
-//        Return full template definition
-//
-o.getTemplate = function(owner, tpl_id, callback) {
-  var that = this;
-  Step(
-    function getTemplate() {
-      that._redisCmd('HGET', [ that.key_usr_tpl({owner:owner}), tpl_id ], this);
-    },
-    function parseTemplate(err, tpl_val) {
-      if ( err ) throw err;
-      // Should we strip auth_id ?
-      return JSON.parse(tpl_val);
-    },
-    function finish(err, tpl) {
-      callback(err, tpl);
-    }
-  );
-};
-
-// Perform placeholder substitutions on a template
-//
-// @param template a template object (will not be modified)
-//
-// @param params an object containing named subsitution parameters
-//        Only the ones found in the template's placeholders object
-//        will be used, with missing ones taking default values.
-//
-// @returns a layergroup configuration 
-//
-// @throws Error on malformed template or parameter
-//
-var _reNumber = /^([-+]?[\d\.]?\d+([eE][+-]?\d+)?)$/,
-    _reCSSColorName = /^[a-zA-Z]+$/,
-    _reCSSColorVal = /^#[0-9a-fA-F]{3,6}$/;
-
-_replaceVars = function(str, params) {
-  //return _.template(str, params); // lazy way, possibly dangerous 
-  // Construct regular expressions for each param
-    Object.keys(params).forEach(function(k) {
-        str = str.replace(new RegExp("<%=\\s*" + k + "\\s*%>", "g"), params[k]);
-    });
-    return str;
-};
-o.instance = function(template, params) {
-  var all_params = {};
-  var phold = template.placeholders || {};
-  Object.keys(phold).forEach(function(k) {
-    var val = params.hasOwnProperty(k) ? params[k] : phold[k].default;
-    var type = phold[k].type;
-    // properly escape
-    if ( type === 'sql_literal' ) {
-      // duplicate any single-quote
-      val = val.replace(/'/g, "''");
-    }
-    else if ( type === 'sql_ident' ) {
-      // duplicate any double-quote
-      val = val.replace(/"/g, '""');
-    }
-    else if ( type === 'number' ) {
-      // check it's a number
-      if ( typeof(val) !== 'number' && ! val.match(_reNumber) ) {
-        throw new Error("Invalid number value for template parameter '"
-          + k + "': " + val);
-      }
-    }
-    else if ( type === 'css_color' ) {
-      // check it only contains letters or
-      // starts with # and only contains hexdigits
-      if ( ! val.match(_reCSSColorName) && ! val.match(_reCSSColorVal) ) {
-        throw new Error("Invalid css_color value for template parameter '"
-          + k + "': " + val);
-      }
-    }
-    else {
-      // NOTE: should be checked at template create/update time
-      throw new Error("Invalid placeholder type '" + type + "'");
-    }
-    all_params[k] = val;
-  });
-
-  // NOTE: we're deep-cloning the layergroup here
-  var layergroup = JSON.parse(JSON.stringify(template.layergroup));
-  for (var i=0; i<layergroup.layers.length; ++i) {
-    var lyropt = layergroup.layers[i].options;
-    if ( lyropt.cartocss ) lyropt.cartocss = _replaceVars(lyropt.cartocss, all_params);
-    if ( lyropt.sql) lyropt.sql = _replaceVars(lyropt.sql, all_params);
-    // Anything else ?
-  }
-  return layergroup;
-};
-
-// Return a fingerPrint of the object
-o.fingerPrint = function(template) {
-  return crypto.createHash('md5')
-    .update(JSON.stringify(template))
-    .digest('hex')
-  ;
-};
-
-module.exports = TemplateMaps;
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
    "private": true,
    "name": "windshaft-cartodb",
-    "version": "1.18.2",
+    "version": "2.18.0",
    "description": "A map tile server for CartoDB",
    "keywords": [
      "cartodb"
@@ -22,26 +22,40 @@
      "Sandro Santilli <strk@vizzuality.com>"
    ],
    "dependencies": {
-        "node-varnish": "https://github.com/Vizzuality/node-varnish/tarball/0.3.0",
+        "express": "~4.13.3",
+        "body-parser": "~1.14.0",
+        "debug": "~2.2.0",
+        "step-profiler": "~0.2.1",
+        "node-statsd": "~0.0.7",
        "underscore"  : "~1.6.0",
        "dot": "~1.0.2",
-        "windshaft": "https://github.com/CartoDB/Windshaft/tarball/0.28.1",
-        "step": "~0.0.5",
-        "request": "~2.9.203",
-        "cartodb-redis": "https://github.com/CartoDB/node-cartodb-redis/tarball/0.11.0",
-        "cartodb-psql": "https://github.com/CartoDB/node-cartodb-psql/tarball/0.4.0",
-        "redis-mpool": "https://github.com/CartoDB/node-redis-mpool/tarball/0.1.0",
+        "windshaft": "~1.5.0",
+        "step": "~0.0.6",
+        "queue-async": "~1.0.7",
+        "request": "~2.62.0",
+        "cartodb-redis": "~0.13.0",
+        "cartodb-psql": "~0.4.0",
+        "fastly-purge": "~1.0.1",
+        "redis-mpool": "~0.4.0",
+        "lru-cache": "2.6.5",
        "lzma": "~1.3.7",
-        "log4js": "~0.6.17",
-        "rollbar": "~0.3.13"
+        "log4js": "https://github.com/CartoDB/log4js-node/tarball/cdb"
    },
    "devDependencies": {
+        "istanbul": "~0.3.6",
        "mocha": "~1.21.4",
+        "nock": "~2.11.0",
+        "jshint": "~2.6.0",
        "redis": "~0.8.6",
        "strftime": "~0.8.2",
        "semver": "~1.1.4"
    },
    "scripts": {
-        "test": "make check"
+        "preinstall": "make pre-install",
+        "test": "make test-all"
+    },
+    "engines": {
+        "node": ">=0.8 <0.11",
+        "npm": ">=1.2.1"
    }
 }
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -4,6 +4,7 @@ OPT_CREATE_REDIS=yes # create the redis test environment
 OPT_CREATE_PGSQL=yes # create the PostgreSQL test environment
 OPT_DROP_REDIS=yes   # drop the redis test environment
 OPT_DROP_PGSQL=yes   # drop the PostgreSQL test environment
+OPT_COVERAGE=no      # run tests with coverage

 export PGAPPNAME=cartodb_tiler_tester

@@ -23,7 +24,10 @@ cleanup() {
        return;
      fi
    fi
+    redis-cli -p ${REDIS_PORT} info stats
+    redis-cli -p ${REDIS_PORT} info keyspace
    echo "Killing test redis pid ${PID_REDIS}"
+    #kill ${PID_REDIS_MONITOR}
    kill ${PID_REDIS}
  fi
  if test x"$OPT_DROP_PGSQL" = xyes; then
@@ -69,6 +73,10 @@ while [ -n "$1" ]; do
                OPT_CREATE_REDIS=no
                shift
                continue
+        elif test "$1" = "--with-coverage"; then
+                OPT_COVERAGE=yes
+                shift
+                continue
        # This is kept for backward compatibility
        elif test "$1" = "--nocreate"; then
                OPT_CREATE_REDIS=no
@@ -85,6 +93,7 @@ if [ -z "$1" ]; then
        echo "Options:" >&2
        echo " --nocreate   do not create the test environment on start" >&2
        echo " --nodrop     do not drop the test environment on exit" >&2
+        echo " --with-coverage   use istanbul to determine code coverage" >&2
        exit 1
 fi

@@ -112,8 +121,16 @@ cd -

 PATH=node_modules/.bin/:$PATH

-echo "Running tests"
-mocha -t 10000 -u tdd ${MOCHA_OPTS} ${TESTS}
+#redis-cli -p ${REDIS_PORT} monitor > /tmp/windshaft-cartodb.redis.log &
+#PID_REDIS_MONITOR=$!
+
+if test x"$OPT_COVERAGE" = xyes; then
+  echo "Running tests with coverage"
+  ./node_modules/.bin/istanbul cover node_modules/.bin/_mocha -- -u tdd -t 5000 ${TESTS}
+else
+  echo "Running tests"
+  mocha -u tdd -t 5000 ${TESTS}
+fi
 ret=$?

 cleanup
--- a/scripts/check-node-canvas.sh
+++ b/scripts/check-node-canvas.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [[ "$OSTYPE" == "darwin"* ]]; then
+    CAIRO_PKG_CONFIG=`pkg-config cairo --cflags-only-I 2> /dev/null`
+    RESULT=$?
+
+    if [[ ${RESULT} -ne 0 ]]; then
+        echo "###################################################################################"
+        echo "#                            PREINSTALL HOOK ERROR                                #"
+        echo "#---------------------------------------------------------------------------------#"
+        echo "#                                                                                 #"
+        echo "# node-canvas install error: some packages required by 'cairo' are not found      #"
+        echo "#                                                                                 #"
+        echo -e "# Use '\033[1mmake all\033[0m', it will take care of common/known issues                        #"
+        echo "#                                                                                 #"
+        echo "# As an alternative try:                                                          #"
+        echo "# Try to 'export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/opt/X11/lib/pkgconfig' #"
+        echo "#                                                                                 #"
+        echo "# If problems persist visit: https://github.com/Automattic/node-canvas/wiki       #"
+        echo "#                                                                                 #"
+        echo "###################################################################################"
+        exit 1
+    fi
+fi
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [[ "$OSTYPE" == "darwin"* ]]; then
+    export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/opt/X11/lib/pkgconfig
+fi
+
+npm install
--- a/scripts/lzma2config.js
+++ b/scripts/lzma2config.js
@@ -0,0 +1,18 @@
+if (process.argv.length !== 3) {
+    console.error('Usage: node %s lzma_string', __filename);
+    process.exit(1);
+}
+
+var LZMA = require('lzma').LZMA;
+var lzmaWorker = new LZMA();
+var lzmaInput = decodeURIComponent(process.argv[2]);
+var lzmaBuffer = new Buffer(lzmaInput, 'base64')
+    .toString('binary')
+    .split('')
+    .map(function(c) {
+        return c.charCodeAt(0) - 128
+    });
+
+lzmaWorker.decompress(lzmaBuffer, function(result) {
+    console.log(JSON.stringify(JSON.parse(JSON.parse(result).config), null, 4));
+});
--- a/test/acceptance/cache/surrogate_keys_invalidation.js
+++ b/test/acceptance/cache/surrogate_keys_invalidation.js
@@ -0,0 +1,317 @@
+var testHelper = require('../../support/test_helper');
+
+var assert      = require('../../support/assert');
+var step        = require('step');
+var FastlyPurge = require('fastly-purge');
+var _ = require('underscore');
+
+var NamedMapsCacheEntry = require(__dirname + '/../../../lib/cartodb/cache/model/named_maps_entry');
+var CartodbWindshaft = require(__dirname + '/../../../lib/cartodb/server');
+
+
+describe('templates surrogate keys', function() {
+
+    var serverOptions = require('../../../lib/cartodb/server_options');
+
+    // Enable Varnish purge for tests
+    var varnishHost = serverOptions.varnish_host;
+    serverOptions.varnish_host = '127.0.0.1';
+    var varnishPurgeEnabled = serverOptions.varnish_purge_enabled;
+    serverOptions.varnish_purge_enabled = true;
+
+    var fastlyConfig = serverOptions.fastly;
+    var FAKE_FASTLY_API_KEY = 'fastly-api-key';
+    var FAKE_FASTLY_SERVICE_ID = 'fake-service-id';
+    serverOptions.fastly = {
+        enabled: true,
+        // the fastly api key
+        apiKey: FAKE_FASTLY_API_KEY,
+        // the service that will get surrogate key invalidation
+        serviceId: FAKE_FASTLY_SERVICE_ID
+    };
+
+    var server = new CartodbWindshaft(serverOptions);
+
+    var templateOwner = 'localhost';
+    var templateName = 'acceptance';
+    var expectedTemplateId = templateName;
+    var template = {
+        version: '0.0.1',
+        name: templateName,
+        auth: {
+            method: 'open'
+        },
+        layergroup:  {
+            version: '1.2.0',
+            layers: [
+                {
+                    options: {
+                        sql: 'select 1 cartodb_id, null::geometry as the_geom_webmercator',
+                        cartocss: '#layer { marker-fill:blue; }',
+                        cartocss_version: '2.3.0'
+                    }
+                }
+            ]
+        }
+    };
+    var templateUpdated = _.extend({}, template, {layergroup: {layers: [{
+        type: 'plain',
+        options: {
+            color: 'red'
+        }
+    }]} });
+    var expectedBody = { template_id: expectedTemplateId };
+
+    var varnishHttpUrl = [
+        'http://', serverOptions.varnish_host, ':', serverOptions.varnish_http_port
+    ].join('');
+
+    var cacheEntryKey = new NamedMapsCacheEntry(templateOwner, templateName).key();
+    var invalidationMatchHeader = '\\b' + cacheEntryKey + '\\b';
+    var fastlyPurgePath = '/service/' + FAKE_FASTLY_SERVICE_ID + '/purge/' + cacheEntryKey;
+
+    var nock = require('nock');
+    nock.enableNetConnect(/(127.0.0.1:5555|cartocdn.com)/);
+
+    after(function(done) {
+        serverOptions.varnish_purge_enabled = false;
+        serverOptions.varnish_host = varnishHost;
+        serverOptions.varnish_purge_enabled = varnishPurgeEnabled;
+
+        serverOptions.fastly = fastlyConfig;
+
+        nock.restore();
+        done();
+    });
+
+    function createTemplate(callback) {
+        var postTemplateRequest = {
+            url: '/api/v1/map/named?api_key=1234',
+            method: 'POST',
+            headers: {
+                host: templateOwner,
+                'Content-Type': 'application/json'
+            },
+            data: JSON.stringify(template)
+        };
+
+        step(
+            function postTemplate() {
+                var next = this;
+                assert.response(server,
+                    postTemplateRequest,
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        next(null, res);
+                    }
+                );
+            },
+            function rePostTemplate(err, res) {
+                if (err) {
+                    throw err;
+                }
+                var parsedBody = JSON.parse(res.body);
+                assert.deepEqual(parsedBody, expectedBody);
+                return true;
+            },
+            function finish(err) {
+                callback(err);
+            }
+        );
+    }
+
+    it("invalidates surrogate keys on template update", function(done) {
+
+        var scope = nock(varnishHttpUrl)
+            .intercept('/key', 'PURGE')
+            .matchHeader('Invalidation-Match', invalidationMatchHeader)
+            .reply(204, '');
+
+        var fastlyScope = nock(FastlyPurge.FASTLY_API_ENDPOINT)
+            .post(fastlyPurgePath)
+            .matchHeader('Fastly-Key', FAKE_FASTLY_API_KEY)
+            .matchHeader('Accept', 'application/json')
+            .reply(200, {
+                status:'ok'
+            });
+
+        step(
+            function createTemplateToUpdate() {
+                createTemplate(this);
+            },
+            function putValidTemplate(err) {
+                if (err) {
+                    throw err;
+                }
+                var updateTemplateRequest = {
+                    url: '/api/v1/map/named/' + expectedTemplateId + '/?api_key=1234',
+                    method: 'PUT',
+                    headers: {
+                        host: templateOwner,
+                        'Content-Type': 'application/json'
+                    },
+                    data: JSON.stringify(templateUpdated)
+                };
+                var next = this;
+                assert.response(server,
+                    updateTemplateRequest,
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        setTimeout(function() {
+                            next(null, res);
+                        }, 50);
+                    }
+                );
+            },
+            function checkValidUpdate(err, res) {
+                if (err) {
+                    throw err;
+                }
+                var parsedBody = JSON.parse(res.body);
+                assert.deepEqual(parsedBody, expectedBody);
+
+                assert.equal(scope.pendingMocks().length, 0);
+                assert.equal(fastlyScope.pendingMocks().length, 0);
+
+                return null;
+            },
+            function finish(err) {
+                if ( err ) {
+                    return done(err);
+                }
+                testHelper.deleteRedisKeys({'map_tpl|localhost': 0}, done);
+            }
+        );
+    });
+
+    it("invalidates surrogate on template deletion", function(done) {
+
+        var scope = nock(varnishHttpUrl)
+            .intercept('/key', 'PURGE')
+            .matchHeader('Invalidation-Match', invalidationMatchHeader)
+            .reply(204, '');
+
+        var fastlyScope = nock(FastlyPurge.FASTLY_API_ENDPOINT)
+            .post(fastlyPurgePath)
+            .matchHeader('Fastly-Key', FAKE_FASTLY_API_KEY)
+            .matchHeader('Accept', 'application/json')
+            .reply(200, {
+                status:'ok'
+            });
+
+        step(
+            function createTemplateToDelete() {
+                createTemplate(this);
+            },
+            function deleteValidTemplate(err) {
+                if (err) {
+                    throw err;
+                }
+                var deleteTemplateRequest = {
+                    url: '/api/v1/map/named/' + expectedTemplateId + '/?api_key=1234',
+                    method: 'DELETE',
+                    headers: {
+                        host: templateOwner,
+                        'Content-Type': 'application/json'
+                    }
+                };
+                var next = this;
+                assert.response(server,
+                    deleteTemplateRequest,
+                    {
+                        status: 204
+                    },
+                    function(res) {
+                        setTimeout(function() {
+                            next(null, res);
+                        }, 50);
+                    }
+                );
+            },
+            function checkValidUpdate(err) {
+                if (err) {
+                    throw err;
+                }
+
+                assert.equal(scope.pendingMocks().length, 0);
+                assert.equal(fastlyScope.pendingMocks().length, 0);
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+    });
+
+    it("should update template even if surrogate key invalidation fails", function(done) {
+
+        var scope = nock(varnishHttpUrl)
+            .intercept('/key', 'PURGE')
+            .matchHeader('Invalidation-Match', invalidationMatchHeader)
+            .reply(503, '');
+
+        var fastlyScope = nock(FastlyPurge.FASTLY_API_ENDPOINT)
+            .post(fastlyPurgePath)
+            .matchHeader('Fastly-Key', FAKE_FASTLY_API_KEY)
+            .matchHeader('Accept', 'application/json')
+            .reply(200, {
+                status:'ok'
+            });
+
+        step(
+            function createTemplateToUpdate() {
+                createTemplate(this);
+            },
+            function putValidTemplate(err) {
+                if (err) {
+                    throw err;
+                }
+                var updateTemplateRequest = {
+                    url: '/api/v1/map/named/' + expectedTemplateId + '/?api_key=1234',
+                    method: 'PUT',
+                    headers: {
+                        host: templateOwner,
+                        'Content-Type': 'application/json'
+                    },
+                    data: JSON.stringify(templateUpdated)
+                };
+                var next = this;
+                assert.response(server,
+                    updateTemplateRequest,
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        setTimeout(function() {
+                            next(null, res);
+                        }, 50);
+                    }
+                );
+            },
+            function checkValidUpdate(err, res) {
+                if (err) {
+                    throw err;
+                }
+                var parsedBody = JSON.parse(res.body);
+                assert.deepEqual(parsedBody, expectedBody);
+
+                assert.equal(scope.pendingMocks().length, 0);
+                assert.equal(fastlyScope.pendingMocks().length, 0);
+
+                return null;
+            },
+            function finish(err) {
+                if ( err ) {
+                    return done(err);
+                }
+                testHelper.deleteRedisKeys({'map_tpl|localhost': 0}, done);
+            }
+        );
+    });
+
+});
--- a/test/acceptance/cache_validator.js
+++ b/test/acceptance/cache_validator.js
@@ -1,21 +0,0 @@
-var assert      = require('../support/assert');
-require(__dirname + '/../support/test_helper');
-var CacheValidator = require(__dirname + '/../../lib/cartodb/cache_validator');
-
-var VarnishEmu = require('../support/VarnishEmu');
-
-suite('cache_validator', function() {
-
-    test('should call purge on varnish when invalidate database', function(done) {
-        var varnish = new VarnishEmu(function(cmds) {
-            assert.ok(cmds.length == 1);        
-            assert.equal('purge obj.http.X-Cache-Channel ~ \"^test_db:(.*test_cache.*)|(table)$\"\n', cmds[0].toString('utf8'));
-            done();
-        },
-        function() {
-            CacheValidator.init('localhost', 1337);
-            CacheValidator.invalidate_db('test_db', 'test_cache');
-        });
-    });
-
-});
--- a/test/acceptance/health_check.js
+++ b/test/acceptance/health_check.js
@@ -0,0 +1,116 @@
+require(__dirname + '/../support/test_helper');
+
+var fs = require('fs');
+
+var assert = require('../support/assert');
+var CartodbWindshaft = require('../../lib/cartodb/server');
+var serverOptions = require('../../lib/cartodb/server_options');
+
+describe('health checks', function () {
+
+    function enableHealthConfig() {
+        global.environment.health = {
+            enabled: true
+        };
+    }
+
+    function disableHealthConfig() {
+        global.environment.health = {
+            enabled: false
+        };
+    }
+
+    var healthCheckRequest = {
+        url: '/health',
+        method: 'GET',
+        headers: {
+            host: 'localhost'
+        }
+    };
+
+    beforeEach(enableHealthConfig);
+    afterEach(disableHealthConfig);
+
+    var RESPONSE_OK = {
+        status: 200
+    };
+
+    var RESPONSE_FAIL = {
+        status: 503
+    };
+
+    it('returns 200 and ok=true with enabled configuration', function (done) {
+        var server = new CartodbWindshaft(serverOptions);
+
+        assert.response(server, healthCheckRequest, RESPONSE_OK, function (res, err) {
+            assert.ok(!err);
+
+            var parsed = JSON.parse(res.body);
+
+            assert.ok(parsed.enabled);
+            assert.ok(parsed.ok);
+
+            done();
+        });
+    });
+
+    it('error if disabled file exists', function(done) {
+        var errorMessage = "Maintenance";
+
+        var readFileFn = fs.readFile;
+        fs.readFile = function(filename, callback) {
+            callback(null, errorMessage);
+        };
+        var server = new CartodbWindshaft(serverOptions);
+
+        assert.response(server, healthCheckRequest, RESPONSE_FAIL, function(res, err) {
+            fs.readFile = readFileFn;
+
+            assert.ok(!err);
+            var parsed = JSON.parse(res.body);
+            assert.ok(parsed.enabled);
+            assert.ok(!parsed.ok);
+            assert.equal(parsed.err, errorMessage);
+
+            done();
+        });
+    });
+
+    it('error if disabled file exists but has no content', function(done) {
+        var readFileFn = fs.readFile;
+        fs.readFile = function(filename, callback) {
+            callback(null, '');
+        };
+        var server = new CartodbWindshaft(serverOptions);
+
+        assert.response(server, healthCheckRequest, RESPONSE_FAIL, function(res, err) {
+            fs.readFile = readFileFn;
+
+            assert.ok(!err);
+            var parsed = JSON.parse(res.body);
+            assert.ok(parsed.enabled);
+            assert.ok(!parsed.ok);
+            assert.equal(parsed.err, 'Unknown error');
+
+            done();
+        });
+    });
+
+    it('not err if disabled file does not exists', function(done) {
+        global.environment.disabled_file = '/tmp/ftreftrgtrccre';
+
+        var server = new CartodbWindshaft(serverOptions);
+
+        assert.response(server, healthCheckRequest, RESPONSE_OK, function (res, err) {
+            assert.ok(!err);
+
+            var parsed = JSON.parse(res.body);
+
+            assert.equal(parsed.enabled, true);
+            assert.equal(parsed.ok, true);
+
+            done();
+        });
+    }); 
+
+});
--- a/test/acceptance/limits.js
+++ b/test/acceptance/limits.js
@@ -0,0 +1,310 @@
+var testHelper = require('../support/test_helper');
+
+var assert = require('../support/assert');
+var _ = require('underscore');
+var redis = require('redis');
+
+var CartodbWindshaft = require('../../lib/cartodb/server');
+var serverOptions = require('../../lib/cartodb/server_options');
+
+var LayergroupToken = require('../../lib/cartodb/models/layergroup_token');
+
+describe('render limits', function() {
+
+    var layergroupUrl = '/api/v1/map';
+
+    var redisClient = redis.createClient(global.environment.redis.port);
+
+    var server;
+    var keysToDelete;
+    beforeEach(function() {
+        keysToDelete = {};
+        server = new CartodbWindshaft(serverOptions);
+        server.setMaxListeners(0);
+    });
+
+    afterEach(function(done) {
+        testHelper.deleteRedisKeys(keysToDelete, done);
+    });
+
+    var user = 'localhost';
+
+    var pointSleepSql = "SELECT pg_sleep(0.5)," +
+        " 'SRID=3857;POINT(0 0)'::geometry the_geom_webmercator, 1 cartodb_id";
+    var pointCartoCss = '#layer { marker-fill:red; }';
+    var polygonSleepSql = "SELECT pg_sleep(0.5)," +
+        " ST_Buffer('SRID=3857;POINT(0 0)'::geometry, 100000000) the_geom_webmercator, 1 cartodb_id";
+    var polygonCartoCss = '#layer { polygon-fill:red; }';
+
+    function singleLayergroupConfig(sql, cartocss) {
+        return {
+            version: '1.0.0',
+            layers: [
+                {
+                    type: 'mapnik',
+                    options: {
+                        sql: sql,
+                        cartocss: cartocss,
+                        cartocss_version: '2.0.1'
+                    }
+                }
+            ]
+        };
+    }
+
+    function createRequest(layergroup, userHost) {
+        return {
+            url: layergroupUrl,
+            method: 'POST',
+            headers: {
+                host: userHost,
+                'Content-Type': 'application/json'
+            },
+            data: JSON.stringify(layergroup)
+        };
+    }
+
+    function withRenderLimit(user, renderLimit, callback) {
+        redisClient.SELECT(5, function(err) {
+            if (err) {
+                return callback(err);
+            }
+            var userLimitsKey = 'limits:tiler:' + user;
+            redisClient.HSET(userLimitsKey, 'render', renderLimit, function(err) {
+                if (err) {
+                    return callback(err);
+                }
+                keysToDelete[userLimitsKey] = 5;
+                return callback();
+            });
+        });
+
+    }
+
+    describe('with onTileErrorStrategy DISABLED', function() {
+        var onTileErrorStrategyEnabled;
+        before(function() {
+            onTileErrorStrategyEnabled = global.environment.enabledFeatures.onTileErrorStrategy;
+            global.environment.enabledFeatures.onTileErrorStrategy = false;
+        });
+
+        after(function() {
+            global.environment.enabledFeatures.onTileErrorStrategy = onTileErrorStrategyEnabled;
+        });
+
+        it("layergroup creation fails if test tile is slow", function(done) {
+            withRenderLimit(user, 50, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(polygonSleepSql, polygonCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 400
+                    },
+                    function(res) {
+                        var parsed = JSON.parse(res.body);
+                        assert.deepEqual(parsed, { errors: [ 'Render timed out' ] });
+                        done();
+                    }
+                );
+            });
+        });
+
+        it("layergroup creation does not fail if user limit is high enough even if test tile is slow", function(done) {
+            withRenderLimit(user, 5000, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(polygonSleepSql, polygonCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        var parsed = JSON.parse(res.body);
+                        assert.ok(parsed.layergroupid);
+                        keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                        keysToDelete['user:localhost:mapviews:global'] = 5;
+                        done();
+                    }
+                );
+            });
+        });
+
+
+        it("layergroup creation works if test tile is fast but tile request fails if they are slow",  function(done) {
+            withRenderLimit(user, 50, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(pointSleepSql, pointCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        keysToDelete['map_cfg|' + LayergroupToken.parse(JSON.parse(res.body).layergroupid).token] = 0;
+                        keysToDelete['user:localhost:mapviews:global'] = 5;
+                        assert.response(server,
+                            {
+                                url: layergroupUrl + _.template('/<%= layergroupId %>/<%= z %>/<%= x %>/<%= y %>.png', {
+                                    layergroupId: JSON.parse(res.body).layergroupid,
+                                    z: 0,
+                                    x: 0,
+                                    y: 0
+                                }),
+                                method: 'GET',
+                                headers: {
+                                    host: 'localhost'
+                                },
+                                encoding: 'binary'
+                            },
+                            {
+                                status: 400
+                            },
+                            function(res) {
+                                var parsed = JSON.parse(res.body);
+                                assert.deepEqual(parsed, { errors: ['Render timed out'] });
+                                done();
+                            }
+                        );
+
+                    }
+                );
+            });
+        });
+
+        it("tile request does not fail if user limit is high enough",  function(done) {
+            withRenderLimit(user, 5000, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(pointSleepSql, pointCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        keysToDelete['map_cfg|' + LayergroupToken.parse(JSON.parse(res.body).layergroupid).token] = 0;
+                        keysToDelete['user:localhost:mapviews:global'] = 5;
+                        assert.response(server,
+                            {
+                                url: layergroupUrl + _.template('/<%= layergroupId %>/<%= z %>/<%= x %>/<%= y %>.png', {
+                                    layergroupId: JSON.parse(res.body).layergroupid,
+                                    z: 0,
+                                    x: 0,
+                                    y: 0
+                                }),
+                                method: 'GET',
+                                headers: {
+                                    host: 'localhost'
+                                },
+                                encoding: 'binary'
+                            },
+                            {
+                                status: 200,
+                                headers: {
+                                    'Content-Type': 'image/png'
+                                }
+                            },
+                            function(res, err) {
+                                done(err);
+                            }
+                        );
+
+                    }
+                );
+            });
+        });
+
+    });
+
+    describe('with onTileErrorStrategy', function() {
+
+        it("layergroup creation works even if test tile is slow", function(done) {
+            withRenderLimit(user, 50, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(polygonSleepSql, polygonCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        var parsed = JSON.parse(res.body);
+                        assert.ok(parsed.layergroupid);
+                        keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                        keysToDelete['user:localhost:mapviews:global'] = 5;
+                        done();
+                    }
+                );
+            });
+        });
+
+        it("layergroup creation and tile requests works even if they are slow but returns fallback",  function(done) {
+            withRenderLimit(user, 50, function(err) {
+                if (err) {
+                    return done(err);
+                }
+
+                var layergroup = singleLayergroupConfig(pointSleepSql, pointCartoCss);
+                assert.response(server,
+                    createRequest(layergroup, user),
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        keysToDelete['map_cfg|' + LayergroupToken.parse(JSON.parse(res.body).layergroupid).token] = 0;
+                        keysToDelete['user:localhost:mapviews:global'] = 5;
+                        assert.response(server,
+                            {
+                                url: layergroupUrl + _.template('/<%= layergroupId %>/<%= z %>/<%= x %>/<%= y %>.png', {
+                                    layergroupId: JSON.parse(res.body).layergroupid,
+                                    z: 0,
+                                    x: 0,
+                                    y: 0
+                                }),
+                                method: 'GET',
+                                headers: {
+                                    host: 'localhost'
+                                },
+                                encoding: 'binary'
+                            },
+                            {
+                                status: 200,
+                                headers: {
+                                    'Content-Type': 'image/png'
+                                }
+                            },
+                            function(res, err) {
+                                if (err) {
+                                    done(err);
+                                }
+                                assert.imageEqualsFile(res.body, './test/fixtures/render-timeout-fallback.png', 25,
+                                    function(imgErr/*, similarity*/) {
+                                        done(imgErr);
+                                    }
+                                );
+                            }
+                        );
+
+                    }
+                );
+            });
+        });
+
+    });
+
+});
--- a/test/acceptance/multilayer.js
+++ b/test/acceptance/multilayer.js
--- a/test/acceptance/multilayer_server.js
+++ b/test/acceptance/multilayer_server.js
@@ -0,0 +1,402 @@
+var testHelper = require('../support/test_helper');
+
+var assert = require('../support/assert');
+
+var _ = require('underscore');
+
+var LayergroupToken = require('../../lib/cartodb/models/layergroup_token');
+
+var PgQueryRunner = require('../../lib/cartodb/backends/pg_query_runner');
+var CartodbWindshaft = require('../../lib/cartodb/server');
+var serverOptions = require('../../lib/cartodb/server_options');
+var server = new CartodbWindshaft(serverOptions);
+server.setMaxListeners(0);
+
+describe('tests from old api translated to multilayer', function() {
+
+    var layergroupUrl = '/api/v1/map';
+
+    var keysToDelete;
+
+    beforeEach(function() {
+        keysToDelete = {};
+    });
+
+    afterEach(function(done) {
+        testHelper.deleteRedisKeys(keysToDelete, done);
+    });
+
+    var wadusSql = 'select 1 as cartodb_id, null::geometry as the_geom_webmercator';
+    var pointSql = "SELECT 'SRID=3857;POINT(0 0)'::geometry as the_geom_webmercator, 1::int as cartodb_id";
+
+    function singleLayergroupConfig(sql, cartocss) {
+        return {
+            version: '1.0.0',
+            layers: [
+                {
+                    type: 'mapnik',
+                    options: {
+                        sql: sql,
+                        cartocss: cartocss,
+                        cartocss_version: '2.0.1'
+                    }
+                }
+            ]
+        };
+    }
+
+    function createRequest(layergroup, userHost, apiKey) {
+        var url = layergroupUrl;
+        if (apiKey) {
+            url += '?api_key=' + apiKey;
+        }
+        return {
+            url: url,
+            method: 'POST',
+            headers: {
+                host: userHost || 'localhost',
+                'Content-Type': 'application/json'
+            },
+            data: JSON.stringify(layergroup)
+        };
+    }
+
+    it("layergroup creation fails if CartoCSS is bogus", function(done) {
+        var layergroup = singleLayergroupConfig(wadusSql, '#my_table3{');
+        assert.response(server,
+            createRequest(layergroup),
+            {
+                status: 400
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.errors[0].match(/^style0/));
+                assert.ok(parsed.errors[0].match(/missing closing/));
+                done();
+            }
+        );
+    });
+
+    it("multiple bad styles returns 400 with all errors", function(done) {
+        var layergroup = singleLayergroupConfig(wadusSql, '#my_table4{backgxxxxxround-color:#fff;foo:bar}');
+        assert.response(server,
+            createRequest(layergroup),
+            {
+                status: 400
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.equal(parsed.errors.length, 1);
+                assert.ok(parsed.errors[0].match(/^style0/));
+                assert.ok(parsed.errors[0].match(/Unrecognized rule: backgxxxxxround-color/));
+                assert.ok(parsed.errors[0].match(/Unrecognized rule: foo/));
+                done();
+            }
+        );
+    });
+
+    // Zoom is a special variable
+    it("Specifying zoom level in CartoCSS does not need a 'zoom' variable in SQL output", function(done) {
+        var layergroup = singleLayergroupConfig(pointSql, '#gadm4 [ zoom>=3] { marker-fill:red; }');
+
+        assert.response(server,
+            createRequest(layergroup),
+            {
+                status: 200
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.layergroupid);
+                assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                done();
+            }
+        );
+    });
+
+    // See https://github.com/CartoDB/Windshaft-cartodb/issues/88
+    it("getting a tile from a user-specific database should return an expected tile", function(done) {
+        var layergroup = singleLayergroupConfig(pointSql, '#layer { marker-fill:red; }');
+
+        var backupDBHost = global.environment.postgres.host;
+        global.environment.postgres.host = '6.6.6.6';
+
+        assert.response(server,
+            createRequest(layergroup, 'cartodb250user'),
+            {
+                status: 200
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.layergroupid);
+                assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
+
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                keysToDelete['user:cartodb250user:mapviews:global'] = 5;
+
+                global.environment.postgres.host = backupDBHost;
+                done();
+            }
+        );
+    });
+
+    // See https://github.com/CartoDB/Windshaft-cartodb/issues/89
+    it("getting a tile with a user-specific database password", function(done) {
+        var layergroup = singleLayergroupConfig(pointSql, '#layer { marker-fill:red; }');
+
+        var backupDBPass = global.environment.postgres_auth_pass;
+        global.environment.postgres_auth_pass = '<%= user_password %>';
+
+        assert.response(server,
+            createRequest(layergroup, 'cartodb250user', '4321'),
+            {
+                status: 200
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.layergroupid);
+                assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                keysToDelete['user:cartodb250user:mapviews:global'] = 5;
+
+                global.environment.postgres_auth_pass = backupDBPass;
+                done();
+            }
+        );
+    });
+
+    it("creating a layergroup from lzma param",  function(done){
+        var params = {
+            config: JSON.stringify(singleLayergroupConfig(pointSql, '#layer { marker-fill:red; }'))
+        };
+
+        testHelper.lzma_compress_to_base64(JSON.stringify(params), 1, function(err, lzma) {
+            if (err) {
+                return done(err);
+            }
+            assert.response(server,
+                {
+                    url: layergroupUrl + '?lzma=' + encodeURIComponent(lzma),
+                    method: 'GET',
+                    headers: {
+                        host: 'localhost'
+                    },
+                    encoding: 'binary'
+                },
+                {
+                    status: 200
+                },
+                function(res) {
+                    var parsed = JSON.parse(res.body);
+                    assert.ok(parsed.layergroupid);
+
+                    keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                    keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                    done();
+                }
+            );
+        });
+    });
+
+    it("creating a layergroup from lzma param, invalid json input",  function(done) {
+        var params = {
+            config: 'WADUS'
+        };
+
+        testHelper.lzma_compress_to_base64(JSON.stringify(params), 1, function(err, lzma) {
+            if (err) {
+                return done(err);
+            }
+            assert.response(server,
+                {
+                    url: layergroupUrl + '?lzma=' + encodeURIComponent(lzma),
+                    method: 'GET',
+                    headers: {
+                        host: 'localhost'
+                    },
+                    encoding: 'binary'
+                },
+                {
+                    status: 400
+                },
+                function(res) {
+                    var parsed = JSON.parse(res.body);
+                    assert.deepEqual(parsed, { errors: [ 'Unexpected token W' ] });
+
+                    done();
+                }
+            );
+        });
+    });
+
+    it("uses queries postgresql to figure affected tables in query",  function(done) {
+        var tableName = 'gadm4';
+        var expectedCacheChannel = _.template('<%= databaseName %>:public.<%= tableName %>', {
+            databaseName: _.template(global.environment.postgres_auth_user, {user_id:1}) + '_db',
+            tableName: tableName
+        });
+
+        var layergroup =  singleLayergroupConfig('select * from ' + tableName, '#gadm4 { marker-fill: red; }');
+
+        assert.response(server,
+            {
+                url: layergroupUrl + '?config=' + encodeURIComponent(JSON.stringify(layergroup)),
+                method: 'GET',
+                headers: {
+                    host: 'localhost'
+                }
+            },
+            {
+                status: 200
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.layergroupid);
+
+                assert.ok(res.headers.hasOwnProperty('x-cache-channel'));
+                assert.equal(res.headers['x-cache-channel'], expectedCacheChannel);
+
+                assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsed.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                done();
+            }
+        );
+    });
+
+    // https://github.com/CartoDB/cartodb-postgresql/issues/86
+    it.skip("should not fail with long table names because table name length limit",  function(done) {
+        var tableName = 'long_table_name_with_enough_chars_to_break_querytables_function';
+        var expectedCacheChannel = _.template('<%= databaseName %>:public.<%= tableName %>', {
+            databaseName: _.template(global.environment.postgres_auth_user, {user_id:1}) + '_db',
+            tableName: tableName
+        });
+
+        var layergroup =  singleLayergroupConfig('select * from ' + tableName, '#layer { marker-fill: red; }');
+
+        assert.response(server,
+            {
+                url: layergroupUrl + '?config=' + encodeURIComponent(JSON.stringify(layergroup)),
+                method: 'GET',
+                headers: {
+                    host: 'localhost'
+                }
+            },
+            {
+                status: 200
+            },
+            function(res) {
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.layergroupid);
+
+                assert.ok(res.headers.hasOwnProperty('x-cache-channel'));
+                assert.equal(res.headers['x-cache-channel'], expectedCacheChannel);
+
+                assert.equal(res.headers['x-layergroup-id'], parsed.layergroupid);
+
+                done();
+            }
+        );
+    });
+
+    it("creates layergroup fails when postgresql queries fail to figure affected tables in query",  function(done) {
+
+        var runQueryFn = PgQueryRunner.prototype.run;
+        PgQueryRunner.prototype.run = function(username, query, queryHandler, callback) {
+            return queryHandler(new Error('fake error message'), [], callback);
+        };
+
+        var layergroup =  singleLayergroupConfig('select * from gadm4', '#gadm4 { marker-fill: red; }');
+
+        assert.response(server,
+            {
+                url: layergroupUrl + '?config=' + encodeURIComponent(JSON.stringify(layergroup)),
+                method: 'GET',
+                headers: {
+                    host: 'localhost'
+                }
+            },
+            {
+                status: 400
+            },
+            function(res) {
+                PgQueryRunner.prototype.run = runQueryFn;
+
+                assert.ok(!res.headers.hasOwnProperty('x-cache-channel'));
+
+                // TODO when affected tables query makes the request to fail layergroup should be removed
+                keysToDelete['map_cfg|4fb7bd7008322ce66f22d20aebba1ab0'] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                var parsed = JSON.parse(res.body);
+                assert.deepEqual(parsed, {
+                    errors: ["Error: could not fetch affected tables or last updated time: fake error message"]
+                });
+
+                done();
+            }
+        );
+    });
+
+    it("tile requests works when postgresql queries fail to figure affected tables in query",  function(done) {
+        var layergroup =  singleLayergroupConfig('select * from gadm4', '#gadm4 { marker-fill: red; }');
+        assert.response(server,
+            {
+                url: layergroupUrl + '?config=' + encodeURIComponent(JSON.stringify(layergroup)),
+                method: 'GET',
+                headers: {
+                    host: 'localhost'
+                }
+            },
+            {
+                status: 200
+            },
+            function(res) {
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(JSON.parse(res.body).layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                var runQueryFn = PgQueryRunner.prototype.run;
+                PgQueryRunner.prototype.run = function(username, query, queryHandler, callback) {
+                    return queryHandler(new Error('failed to query database for affected tables'), [], callback);
+                };
+
+                // reset internal cacheChannel cache
+                server.layergroupAffectedTablesCache.cache.reset();
+
+                assert.response(server,
+                    {
+                        url: layergroupUrl + _.template('/<%= layergroupId %>/<%= z %>/<%= x %>/<%= y %>.png', {
+                            layergroupId: JSON.parse(res.body).layergroupid,
+                            z: 0,
+                            x: 0,
+                            y: 0
+                        }),
+                        method: 'GET',
+                        headers: {
+                            host: 'localhost'
+                        },
+                        encoding: 'binary'
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res) {
+                        assert.ok(!res.headers.hasOwnProperty('x-cache-channel'));
+                        PgQueryRunner.prototype.run = runQueryFn;
+                        done();
+                    }
+                );
+            }
+        );
+    });
+
+});
--- a/test/acceptance/named_layers.js
+++ b/test/acceptance/named_layers.js
@@ -0,0 +1,874 @@
+var test_helper = require('../support/test_helper');
+
+var assert = require('../support/assert');
+var CartodbWindshaft = require(__dirname + '/../../lib/cartodb/server');
+var serverOptions = require(__dirname + '/../../lib/cartodb/server_options');
+var server = new CartodbWindshaft(serverOptions);
+
+var LayergroupToken = require('../../lib/cartodb/models/layergroup_token');
+
+var RedisPool = require('redis-mpool');
+var TemplateMaps = require('../../lib/cartodb/backends/template_maps.js');
+
+var step = require('step');
+
+describe('named_layers', function() {
+    // configure redis pool instance to use in tests
+    var redisPool = new RedisPool(global.environment.redis);
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var wadusLayer = {
+        type: 'cartodb',
+        options: {
+            sql: 'select 1 cartodb_id, null::geometry the_geom_webmercator',
+            cartocss: '#layer { marker-fill: <%= color %>; }',
+            cartocss_version: '2.3.0'
+        }
+    };
+
+    var username = 'localhost';
+
+    var templateName = 'valid_template';
+    var template = {
+        version: '0.0.1',
+        name: templateName,
+        auth: {
+            method: 'open'
+        },
+        "placeholders": {
+            "color": {
+                "type": "css_color",
+                "default": "#cc3300"
+            }
+        },
+        layergroup: {
+            layers: [
+                wadusLayer,
+                wadusLayer
+            ]
+        }
+    };
+
+    var tokenAuthTemplateName = 'auth_valid_template';
+    var tokenAuthTemplate = {
+        version: '0.0.1',
+        name: tokenAuthTemplateName,
+        auth: {
+            method: 'token',
+            valid_tokens: ['valid1', 'valid2']
+        },
+        placeholders: {
+            color: {
+                "type": "css_color",
+                "default": "#cc3300"
+            }
+        },
+        layergroup: {
+            layers: [
+                wadusLayer
+            ]
+        }
+    };
+
+
+    var namedMapLayer = {
+        type: 'named',
+        options: {
+            name: templateName,
+            config: {},
+            auth_tokens: []
+        }
+    };
+
+    var nestedNamedMapTemplateName = 'nested_template';
+    var nestedNamedMapTemplate = {
+        version: '0.0.1',
+        name: nestedNamedMapTemplateName,
+        auth: {
+            method: 'open'
+        },
+        layergroup: {
+            layers: [
+                namedMapLayer
+            ]
+        }
+    };
+
+    var keysToDelete;
+
+    beforeEach(function() {
+        keysToDelete = {};
+    });
+
+    afterEach(function(done) {
+        test_helper.deleteRedisKeys(keysToDelete, done);
+    });
+
+    beforeEach(function(done) {
+        global.environment.enabledFeatures = {cdbQueryTablesFromPostgres: true};
+        templateMaps.addTemplate(username, nestedNamedMapTemplate, function(err) {
+            if (err) {
+                return done(err);
+            }
+            templateMaps.addTemplate(username, tokenAuthTemplate, function(err) {
+                if (err) {
+                    return done(err);
+                }
+                templateMaps.addTemplate(username, template, function(err) {
+                    return done(err);
+                });
+            });
+        });
+    });
+
+    afterEach(function(done) {
+        global.environment.enabledFeatures = {cdbQueryTablesFromPostgres: false};
+        templateMaps.delTemplate(username, nestedNamedMapTemplateName, function(err) {
+            if (err) {
+                return done(err);
+            }
+            templateMaps.delTemplate(username, tokenAuthTemplateName, function(err) {
+                if (err) {
+                    return done(err);
+                }
+                templateMaps.delTemplate(username, templateName, function(err) {
+                    return done(err);
+                });
+            });
+        });
+    });
+
+    it('should fail for non-existing template name', function(done) {
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: 'nonexistent'
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 400
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.deepEqual(parsedBody, { errors: ["Template 'nonexistent' of user 'localhost' not found"] });
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+    });
+
+    it('should return 403 if not properly authorized', function(done) {
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: tokenAuthTemplateName,
+                        config: {},
+                        auth_tokens: ['token1']
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 403
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.deepEqual(
+                    parsedBody,
+                    { errors: [ "Unauthorized 'auth_valid_template' template instantiation" ] }
+                );
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return 200 and layergroup if properly authorized', function(done) {
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: tokenAuthTemplateName,
+                        config: {},
+                        auth_tokens: ['valid1']
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.layergroupid);
+                assert.ok(parsedBody.last_updated);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsedBody.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return 400 for nested named map layers', function(done) {
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: nestedNamedMapTemplateName
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 400
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.deepEqual(parsedBody, { errors: [ 'Nested named layers are not allowed' ] });
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return 200 and layergroup with private tables', function(done) {
+
+        var privateTableTemplateName = 'private_table_template';
+        var privateTableTemplate = {
+            version: '0.0.1',
+            name: privateTableTemplateName,
+            auth: {
+                method: 'open'
+            },
+            layergroup: {
+                layers: [
+                    {
+                        type: 'cartodb',
+                        options: {
+                            sql: 'select * from test_table_private_1',
+                            cartocss: '#layer { marker-fill: #cc3300; }',
+                            cartocss_version: '2.3.0'
+                        }
+                    }
+                ]
+            }
+        };
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: privateTableTemplateName
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createTemplate() {
+                templateMaps.addTemplate(username, privateTableTemplate, this);
+            },
+            function createLayergroup(err) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.layergroupid);
+                assert.ok(parsedBody.last_updated);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsedBody.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                return parsedBody.layergroupid;
+            },
+            function requestTile(err, layergroupId) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map/' + layergroupId + '/0/0/0.png',
+                        method: 'GET',
+                        headers: {
+                            host: 'localhost'
+                        },
+                        encoding: 'binary'
+                    },
+                    {
+                        status: 200,
+                        headers: {
+                            'content-type': 'image/png'
+                        }
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function handleTileResponse(err, res) {
+                if (err) {
+                    throw err;
+                }
+                test_helper.checkCache(res);
+                return true;
+            },
+            function deleteTemplate(err) {
+                var next = this;
+                templateMaps.delTemplate(username, privateTableTemplateName, function(/*delErr*/) {
+                    // ignore deletion error
+                    next(err);
+                });
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return 200 and layergroup with private tables and interactivity', function(done) {
+
+        var privateTableTemplateNameInteractivity = 'private_table_template_interactivity';
+        var privateTableTemplate = {
+            "version": "0.0.1",
+            "auth": {
+                "method": "open"
+            },
+            "name": privateTableTemplateNameInteractivity,
+            "layergroup": {
+                "layers": [
+                    {
+                        "type": "cartodb",
+                        "options": {
+                            "attributes": {
+                                "columns": [
+                                    "name"
+                                ],
+                                "id": "cartodb_id"
+                            },
+                            "cartocss": "#layer { marker-fill: #cc3300; }",
+                            "cartocss_version": "2.3.0",
+                            "interactivity": "cartodb_id",
+                            "sql": "select * from test_table_private_1"
+                        }
+                    }
+                ]
+            }
+        };
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'named',
+                    options: {
+                        name: privateTableTemplateNameInteractivity
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createTemplate() {
+                templateMaps.addTemplate(username, privateTableTemplate, this);
+            },
+            function createLayergroup(err) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.layergroupid);
+                assert.ok(parsedBody.last_updated);
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsedBody.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                return parsedBody.layergroupid;
+            },
+            function requestTile(err, layergroupId) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map/' + layergroupId + '/0/0/0.png',
+                        method: 'GET',
+                        headers: {
+                            host: 'localhost'
+                        },
+                        encoding: 'binary'
+                    },
+                    {
+                        status: 200,
+                        headers: {
+                            'content-type': 'image/png'
+                        }
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function handleTileResponse(err, res) {
+                if (err) {
+                    throw err;
+                }
+                test_helper.checkCache(res);
+                return true;
+            },
+            function deleteTemplate(err) {
+                var next = this;
+                templateMaps.delTemplate(username, privateTableTemplateNameInteractivity, function(/*delErr*/) {
+                    // ignore deletion error
+                    next(err);
+                });
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return 403 when private table is accessed from non named layer', function(done) {
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'cartodb',
+                    options: {
+                        sql: 'select * from test_table_private_1',
+                        cartocss: '#layer { marker-fill: #cc3300; }',
+                        cartocss_version: '2.3.0'
+                    }
+                },
+                {
+                    type: 'named',
+                    options: {
+                        name: templateName
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 403
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.errors[0].match(/permission denied for relation test_table_private_1/));
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should return metadata for named layers', function(done) {
+
+        var layergroup =  {
+            version: '1.3.0',
+            layers: [
+                {
+                    type: 'plain',
+                    options: {
+                        color: '#fabada'
+                    }
+                },
+                {
+                    type: 'cartodb',
+                    options: {
+                        sql: 'select * from test_table',
+                        cartocss: '#layer { marker-fill: #cc3300; }',
+                        cartocss_version: '2.3.0'
+                    }
+                },
+                {
+                    type: 'named',
+                    options: {
+                        name: templateName
+                    }
+                },
+                {
+                    type: 'torque',
+                    options: {
+                        sql: "select * from test_table LIMIT 0",
+                        cartocss: "Map { -torque-frame-count:1; -torque-resolution:1; " +
+                        "-torque-aggregation-function:'count(*)'; -torque-time-attribute:'updated_at'; }"
+                    }
+                }
+            ]
+        };
+
+        step(
+            function createLayergroup() {
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        },
+                        data: JSON.stringify(layergroup)
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.metadata);
+                assert.ok(parsedBody.metadata.layers);
+                assert.equal(parsedBody.metadata.layers.length, 5);
+                assert.equal(parsedBody.metadata.layers[0].type, 'plain');
+                assert.equal(parsedBody.metadata.layers[1].type, 'mapnik');
+                assert.equal(parsedBody.metadata.layers[2].type, 'mapnik');
+                assert.equal(parsedBody.metadata.layers[3].type, 'mapnik');
+                assert.equal(parsedBody.metadata.layers[4].type, 'torque');
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsedBody.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+
+    it('should work with named tiles', function(done) {
+
+        var namedTilesTemplateName = 'named_tiles_template';
+        var namedTilesTemplate = {
+            version: '0.0.1',
+            name: namedTilesTemplateName,
+            auth: {
+                method: 'open'
+            },
+            layergroup: {
+                layers: [
+                    namedMapLayer,
+                    {
+                        type: 'mapnik',
+                        options: {
+                            sql: 'select * from test_table_private_1',
+                            cartocss: '#layer { marker-fill: #cc3300; }',
+                            cartocss_version: '2.3.0'
+                        }
+                    }
+                ]
+            }
+        };
+
+        step(
+            function createTemplate() {
+                templateMaps.addTemplate(username, namedTilesTemplate, this);
+            },
+            function createLayergroup(err) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map/named/' + namedTilesTemplateName + '?api_key=1234',
+                        method: 'POST',
+                        headers: {
+                            host: 'localhost',
+                            'Content-Type': 'application/json'
+                        }
+                    },
+                    {
+                        status: 200
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function checkLayergroup(err, response) {
+                if (err) {
+                    throw err;
+                }
+
+                var parsedBody = JSON.parse(response.body);
+                assert.ok(parsedBody.layergroupid);
+                assert.ok(parsedBody.last_updated);
+
+                assert.equal(parsedBody.metadata.layers[0].type, 'mapnik');
+                assert.equal(parsedBody.metadata.layers[1].type, 'mapnik');
+
+                keysToDelete['map_cfg|' + LayergroupToken.parse(parsedBody.layergroupid).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                return parsedBody.layergroupid;
+            },
+            function requestTile(err, layergroupId) {
+                if (err) {
+                    throw err;
+                }
+
+                var next = this;
+                assert.response(server,
+                    {
+                        url: '/api/v1/map/' + layergroupId + '/all/0/0/0.png',
+                        method: 'GET',
+                        headers: {
+                            host: 'localhost'
+                        },
+                        encoding: 'binary'
+                    },
+                    {
+                        status: 200,
+                        headers: {
+                            'content-type': 'image/png'
+                        }
+                    },
+                    function(res, err) {
+                        next(err, res);
+                    }
+                );
+            },
+            function handleTileResponse(err, res) {
+                if (err) {
+                    throw err;
+                }
+                test_helper.checkCache(res);
+                return true;
+            },
+            function deleteTemplate(err) {
+                var next = this;
+                templateMaps.delTemplate(username, namedTilesTemplateName, function(/*delErr*/) {
+                    // ignore deletion error
+                    next(err);
+                });
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+
+    });
+});
--- a/test/acceptance/named_maps_authentication.js
+++ b/test/acceptance/named_maps_authentication.js
@@ -0,0 +1,269 @@
+var test_helper = require('../support/test_helper');
+var RedisPool = require('redis-mpool');
+var querystring = require('querystring');
+
+var assert = require('../support/assert');
+var mapnik = require('windshaft').mapnik;
+var CartodbWindshaft = require(__dirname + '/../../lib/cartodb/server');
+var serverOptions = require(__dirname + '/../../lib/cartodb/server_options');
+var server = new CartodbWindshaft(serverOptions);
+var TemplateMaps = require('../../lib/cartodb/backends/template_maps.js');
+var NamedMapsCacheEntry = require('../../lib/cartodb/cache/model/named_maps_entry');
+
+describe('named maps authentication', function() {
+    // configure redis pool instance to use in tests
+    var redisPool = new RedisPool(global.environment.redis);
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var wadusLayer = {
+        type: 'cartodb',
+        options: {
+            sql: 'select 1 cartodb_id, null::geometry the_geom_webmercator',
+            cartocss: '#layer { marker-fill: <%= color %>; }',
+            cartocss_version: '2.3.0'
+        }
+    };
+
+    var username = 'localhost';
+
+    var templateName = 'valid_template';
+    var template = {
+        version: '0.0.1',
+        name: templateName,
+        auth: {
+            method: 'open'
+        },
+        "placeholders": {
+            "color": {
+                "type": "css_color",
+                "default": "#cc3300"
+            }
+        },
+        layergroup: {
+            layers: [
+                wadusLayer
+            ]
+        }
+    };
+
+    var tokenAuthTemplateName = 'auth_valid_template';
+    var tokenAuthTemplate = {
+        version: '0.0.1',
+        name: tokenAuthTemplateName,
+        auth: {
+            method: 'token',
+            valid_tokens: ['valid1', 'valid2']
+        },
+        placeholders: {
+            color: {
+                "type": "css_color",
+                "default": "#cc3300"
+            }
+        },
+        layergroup: {
+            layers: [
+                wadusLayer
+            ]
+        }
+    };
+
+
+    var namedMapLayer = {
+        type: 'named',
+        options: {
+            name: templateName,
+            config: {},
+            auth_tokens: []
+        }
+    };
+
+    var nestedNamedMapTemplateName = 'nested_template';
+    var nestedNamedMapTemplate = {
+        version: '0.0.1',
+        name: nestedNamedMapTemplateName,
+        auth: {
+            method: 'open'
+        },
+        layergroup: {
+            layers: [
+                namedMapLayer
+            ]
+        }
+    };
+
+    beforeEach(function (done) {
+        templateMaps.addTemplate(username, nestedNamedMapTemplate, function (err) {
+            if (err) {
+                return done(err);
+            }
+            templateMaps.addTemplate(username, tokenAuthTemplate, function (err) {
+                if (err) {
+                    return done(err);
+                }
+                templateMaps.addTemplate(username, template, function (err) {
+                    return done(err);
+                });
+            });
+        });
+    });
+
+    afterEach(function (done) {
+        templateMaps.delTemplate(username, nestedNamedMapTemplateName, function (err) {
+            if (err) {
+                return done(err);
+            }
+            templateMaps.delTemplate(username, tokenAuthTemplateName, function (err) {
+                if (err) {
+                    return done(err);
+                }
+                templateMaps.delTemplate(username, templateName, function (err) {
+                    return done(err);
+                });
+            });
+        });
+    });
+
+    function getNamedTile(name, z, x, y, options, callback) {
+
+        var url = '/api/v1/map/named/' + name + '/all/' + [z,x,y].join('/') + '.png';
+        if (options.params) {
+            url = url + '?' + querystring.stringify(options.params);
+        }
+        var requestOptions = {
+            url: url,
+            method: 'GET',
+            headers: {
+                host: username
+            },
+            encoding: 'binary'
+        };
+
+        var statusCode = options.status || 200;
+
+        var expectedResponse = {
+            status: statusCode,
+            headers: {
+                'Content-Type': statusCode === 200 ? 'image/png' : 'application/json; charset=utf-8'
+            }
+        };
+
+        assert.response(server,
+            requestOptions,
+            expectedResponse,
+            function (res, err) {
+                var img;
+                if (!err && res.headers['content-type'] === 'image/png') {
+                    img = mapnik.Image.fromBytes(new Buffer(res.body, 'binary'));
+                }
+                return callback(err, res, img);
+            }
+        );
+    }
+
+    describe('tiles', function() {
+        it('should return a 404 error for nonexistent template name', function (done) {
+            var nonexistentName = 'nonexistent';
+            getNamedTile(nonexistentName, 0, 0, 0, { status: 404 }, function(err, res) {
+                assert.ok(!err);
+                assert.deepEqual(
+                    JSON.parse(res.body),
+                    { errors: ["Template '" + nonexistentName + "' of user '" + username + "' not found"] }
+                );
+                done();
+            });
+        });
+
+        it('should return 403 if not properly authorized', function(done) {
+            getNamedTile(tokenAuthTemplateName, 0, 0, 0, { status: 403 }, function(err, res) {
+                assert.ok(!err);
+                assert.deepEqual(JSON.parse(res.body), { errors: ['Unauthorized template instantiation'] });
+                done();
+            });
+        });
+
+        it('should return 200 if properly authorized', function(done) {
+            getNamedTile(tokenAuthTemplateName, 0, 0, 0, { params: { auth_token: 'valid1' } }, function(err, res, img) {
+                assert.equal(img.width(), 256);
+                assert.equal(img.height(), 256);
+
+                assert.ok(!err);
+                test_helper.checkSurrogateKey(res, new NamedMapsCacheEntry(username, tokenAuthTemplateName).key());
+                done();
+            });
+        });
+    });
+
+    function getStaticMap(name, options, callback) {
+
+        var url = '/api/v1/map/static/named/' + name + '/640/480.png';
+        if (options.params) {
+            url = url + '?' + querystring.stringify(options.params);
+        }
+        var requestOptions = {
+            url: url,
+            method: 'GET',
+            headers: {
+                host: username
+            },
+            encoding: 'binary'
+        };
+
+        var statusCode = options.status || 200;
+
+        var expectedResponse = {
+            status: statusCode,
+            headers: {
+                'Content-Type': statusCode === 200 ? 'image/png' : 'application/json; charset=utf-8'
+            }
+        };
+
+        assert.response(server,
+            requestOptions,
+            expectedResponse,
+            function (res, err) {
+                var img;
+                if (!err && res.headers['content-type'] === 'image/png') {
+                    img = mapnik.Image.fromBytes(new Buffer(res.body, 'binary'));
+                }
+                return callback(err, res, img);
+            }
+        );
+    }
+    describe('static maps', function() {
+        it('should return a 404 error for nonexistent template name', function (done) {
+            var nonexistentName = 'nonexistent';
+            getStaticMap(nonexistentName, { status: 404 }, function(err, res) {
+                assert.ok(!err);
+                assert.deepEqual(
+                    JSON.parse(res.body),
+                    { errors: ["Template '" + nonexistentName + "' of user '" + username + "' not found"] }
+                );
+                done();
+            });
+        });
+
+        it('should return 403 if not properly authorized', function(done) {
+            getStaticMap(tokenAuthTemplateName, { status: 403 }, function(err, res) {
+                assert.ok(!err);
+                assert.deepEqual(JSON.parse(res.body), { errors: ['Unauthorized template instantiation'] });
+                done();
+            });
+        });
+
+        it('should return 200 if properly authorized', function(done) {
+            getStaticMap(tokenAuthTemplateName, { params: { auth_token: 'valid1' } }, function(err, res, img) {
+                assert.ok(!err);
+
+                assert.equal(img.width(), 640);
+                assert.equal(img.height(), 480);
+
+                test_helper.checkSurrogateKey(res, new NamedMapsCacheEntry(username, tokenAuthTemplateName).key());
+                test_helper.deleteRedisKeys({'user:localhost:mapviews:global': 5}, done);
+            });
+        });
+    });
+
+});
--- a/test/acceptance/named_maps_cache.js
+++ b/test/acceptance/named_maps_cache.js
@@ -0,0 +1,140 @@
+require('../support/test_helper');
+var RedisPool = require('redis-mpool');
+
+var assert = require('../support/assert');
+var mapnik = require('windshaft').mapnik;
+var CartodbWindshaft = require('../../lib/cartodb/server');
+var serverOptions = require('../../lib/cartodb/server_options');
+var server = new CartodbWindshaft(serverOptions);
+var TemplateMaps = require('../../lib/cartodb/backends/template_maps.js');
+
+describe('named maps provider cache', function() {
+    // configure redis pool instance to use in tests
+    var redisPool = new RedisPool(global.environment.redis);
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var username = 'localhost';
+    var templateName = 'template_with_color';
+
+    var IMAGE_TOLERANCE = 20;
+
+    function createTemplate(color) {
+        return {
+            version: '0.0.1',
+            name: templateName,
+            auth: {
+                method: 'open'
+            },
+            placeholders: {
+                color: {
+                    type: "css_color",
+                    default: color
+                }
+            },
+            layergroup: {
+                layers: [
+                    {
+                        type: 'mapnik',
+                        options: {
+                            sql: 'select * from populated_places_simple_reduced',
+                            cartocss: '#layer { marker-fill: <%= color %>; marker-line-color: <%= color %>; }',
+                            cartocss_version: '2.3.0'
+                        }
+                    }
+                ]
+            }
+        };
+    }
+
+    afterEach(function (done) {
+        templateMaps.delTemplate(username, templateName, done);
+    });
+
+    function getNamedTile(options, callback) {
+        if (!callback) {
+            callback = options;
+            options = {};
+        }
+
+        var url = '/api/v1/map/named/' + templateName + '/all/' + [0,0,0].join('/') + '.png';
+
+        var requestOptions = {
+            url: url,
+            method: 'GET',
+            headers: {
+                host: username
+            },
+            encoding: 'binary'
+        };
+
+        var statusCode = options.statusCode || 200;
+
+        var expectedResponse = {
+            status: statusCode,
+            headers: {
+                'Content-Type': statusCode === 200 ? 'image/png' : 'application/json; charset=utf-8'
+            }
+        };
+
+        assert.response(server, requestOptions, expectedResponse, function (res, err) {
+            var img;
+            if (statusCode === 200) {
+                img = mapnik.Image.fromBytes(new Buffer(res.body, 'binary'));
+            }
+            return callback(err, res, img);
+        });
+    }
+
+    function previewFixture(color) {
+        return './test/fixtures/provider/populated_places_simple_reduced-' + color + '.png';
+    }
+
+    var colors = ['red', 'red', 'green', 'blue'];
+    colors.forEach(function(color) {
+        it('should return an image estimating its bounds based on dataset', function (done) {
+            templateMaps.addTemplate(username, createTemplate(color), function (err) {
+                if (err) {
+                    return done(err);
+                }
+                getNamedTile(function(err, res, img) {
+                    assert.ok(!err);
+                    assert.imageIsSimilarToFile(img, previewFixture(color), IMAGE_TOLERANCE, done);
+                });
+            });
+        });
+    });
+
+    it('should fail to use template from named map provider after template deletion', function (done) {
+        var color = 'black';
+        templateMaps.addTemplate(username, createTemplate(color), function (err) {
+            if (err) {
+                return done(err);
+            }
+            getNamedTile(function(err, res, img) {
+                assert.ok(!err);
+                assert.imageIsSimilarToFile(img, previewFixture(color), IMAGE_TOLERANCE, function(err) {
+                    assert.ok(!err);
+
+                    templateMaps.delTemplate(username, templateName, function (err) {
+                        assert.ok(!err);
+
+                        getNamedTile({ statusCode: 404 }, function(err, res) {
+                            assert.ok(!err);
+                            assert.deepEqual(
+                                JSON.parse(res.body),
+                                { errors: ["Template 'template_with_color' of user 'localhost' not found"] }
+                            );
+
+                            // add template again so it's clean in afterEach
+                            templateMaps.addTemplate(username, createTemplate(color), done);
+                        });
+                    });
+                });
+            });
+        });
+    });
+
+});
--- a/test/acceptance/named_maps_static_view.js
+++ b/test/acceptance/named_maps_static_view.js
@@ -0,0 +1,166 @@
+var testHelper = require('../support/test_helper');
+var RedisPool = require('redis-mpool');
+
+var assert = require('../support/assert');
+var mapnik = require('windshaft').mapnik;
+var CartodbWindshaft = require('../../lib/cartodb/server');
+var serverOptions = require('../../lib/cartodb/server_options');
+var TemplateMaps = require('../../lib/cartodb/backends/template_maps.js');
+
+describe('named maps static view', function() {
+    // configure redis pool instance to use in tests
+    var redisPool = new RedisPool(global.environment.redis);
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var username = 'localhost';
+    var templateName = 'template_with_view';
+
+    var IMAGE_TOLERANCE = 20;
+
+    function createTemplate(view) {
+        return {
+            version: '0.0.1',
+            name: templateName,
+            auth: {
+                method: 'open'
+            },
+            placeholders: {
+                color: {
+                    type: "css_color",
+                    default: "#cc3300"
+                }
+            },
+            view: view,
+            layergroup: {
+                layers: [
+                    {
+                        type: 'mapnik',
+                        options: {
+                            sql: 'select * from populated_places_simple_reduced',
+                            cartocss: '#layer { marker-fill: <%= color %>; }',
+                            cartocss_version: '2.3.0'
+                        }
+                    }
+                ]
+            }
+        };
+    }
+
+    afterEach(function (done) {
+        templateMaps.delTemplate(username, templateName, done);
+    });
+
+    function getStaticMap(callback) {
+
+        var url = '/api/v1/map/static/named/' + templateName + '/640/480.png';
+
+        var requestOptions = {
+            url: url,
+            method: 'GET',
+            headers: {
+                host: username
+            },
+            encoding: 'binary'
+        };
+
+        var expectedResponse = {
+            status: 200,
+            headers: {
+                'Content-Type': 'image/png'
+            }
+        };
+
+        // this could be removed once named maps are invalidated, otherwise you hits the cache
+        var server = new CartodbWindshaft(serverOptions);
+
+        assert.response(server, requestOptions, expectedResponse, function (res, err) {
+            testHelper.deleteRedisKeys({'user:localhost:mapviews:global': 5}, function() {
+                return callback(err, mapnik.Image.fromBytes(new Buffer(res.body, 'binary')));
+            });
+        });
+    }
+
+    function previewFixture(version) {
+        return './test/fixtures/previews/populated_places_simple_reduced-' + version + '.png';
+    }
+
+    it('should return an image estimating its bounds based on dataset', function (done) {
+        templateMaps.addTemplate(username, createTemplate(), function (err) {
+            if (err) {
+                return done(err);
+            }
+            getStaticMap(function(err, img) {
+                assert.ok(!err);
+                assert.imageIsSimilarToFile(img, previewFixture('estimated'), IMAGE_TOLERANCE, done);
+            });
+        });
+    });
+
+    it('should return an image using view zoom + center', function (done) {
+        var view = {
+            zoom: 4,
+            center: {
+                lng: 40,
+                lat: 20
+            }
+        };
+        templateMaps.addTemplate(username, createTemplate(view), function (err) {
+            if (err) {
+                return done(err);
+            }
+            getStaticMap(function(err, img) {
+                assert.ok(!err);
+                assert.imageIsSimilarToFile(img, previewFixture('zoom-center'), IMAGE_TOLERANCE, done);
+            });
+        });
+    });
+
+    it('should return an image using view bounds', function (done) {
+        var view = {
+            bounds: {
+                west: 0,
+                south: 0,
+                east: 45,
+                north: 45
+            }
+        };
+        templateMaps.addTemplate(username, createTemplate(view), function (err) {
+            if (err) {
+                return done(err);
+            }
+            getStaticMap(function(err, img) {
+                assert.ok(!err);
+                assert.imageIsSimilarToFile(img, previewFixture('bounds'), IMAGE_TOLERANCE, done);
+            });
+        });
+    });
+
+    it('should return an image using view zoom + center when bounds are also present', function (done) {
+        var view = {
+            bounds: {
+                west: 0,
+                south: 0,
+                east: 45,
+                north: 45
+            },
+            zoom: 4,
+            center: {
+                lng: 40,
+                lat: 20
+            }
+        };
+        templateMaps.addTemplate(username, createTemplate(view), function (err) {
+            if (err) {
+                return done(err);
+            }
+            getStaticMap(function(err, img) {
+                assert.ok(!err);
+                assert.imageIsSimilarToFile(img, previewFixture('zoom-center'), IMAGE_TOLERANCE, done);
+            });
+        });
+    });
+
+});
--- a/test/acceptance/named_maps_stats.js
+++ b/test/acceptance/named_maps_stats.js
@@ -0,0 +1,110 @@
+var test_helper = require('../support/test_helper');
+var RedisPool = require('redis-mpool');
+var querystring = require('querystring');
+
+var assert = require('../support/assert');
+var mapnik = require('windshaft').mapnik;
+var CartodbWindshaft = require(__dirname + '/../../lib/cartodb/server');
+var serverOptions = require(__dirname + '/../../lib/cartodb/server_options');
+var server = new CartodbWindshaft(serverOptions);
+var TemplateMaps = require('../../lib/cartodb/backends/template_maps.js');
+var NamedMapsCacheEntry = require('../../lib/cartodb/cache/model/named_maps_entry');
+
+describe('named maps preview stats', function() {
+    var redisPool = new RedisPool(global.environment.redis);
+
+    var templateMaps = new TemplateMaps(redisPool, {
+        max_user_templates: global.environment.maxUserTemplates
+    });
+
+    var username = 'localhost';
+
+    var statTag = 'wadus_viz';
+    var templateName = 'with_stats';
+    var template = {
+        version: '0.0.1',
+        name: templateName,
+        auth: {
+            method: 'open'
+        },
+        "placeholders": {
+            "color": {
+                "type": "css_color",
+                "default": "#cc3300"
+            }
+        },
+        layergroup: {
+            stat_tag: statTag,
+            layers: [
+                {
+                    type: 'cartodb',
+                    options: {
+                        sql: 'select 1 cartodb_id, null::geometry the_geom_webmercator',
+                        cartocss: '#layer { marker-fill: <%= color %>; }',
+                        cartocss_version: '2.3.0'
+                    }
+                }
+            ]
+        }
+    };
+
+
+    beforeEach(function (done) {
+        templateMaps.addTemplate(username, template, done);
+    });
+
+    afterEach(function (done) {
+        templateMaps.delTemplate(username, templateName, done);
+    });
+
+    function getStaticMap(name, options, callback) {
+
+        var url = '/api/v1/map/static/named/' + name + '/640/480.png';
+        if (options.params) {
+            url = url + '?' + querystring.stringify(options.params);
+        }
+        var requestOptions = {
+            url: url,
+            method: 'GET',
+            headers: {
+                host: username
+            },
+            encoding: 'binary'
+        };
+
+        var statusCode = options.status || 200;
+
+        var expectedResponse = {
+            status: statusCode,
+            headers: {
+                'Content-Type': statusCode === 200 ? 'image/png' : 'application/json; charset=utf-8'
+            }
+        };
+
+        assert.response(server,
+            requestOptions,
+            expectedResponse,
+            function (res, err) {
+                var img;
+                if (!err && res.headers['content-type'] === 'image/png') {
+                    img = mapnik.Image.fromBytes(new Buffer(res.body, 'binary'));
+                }
+                return callback(err, res, img);
+            }
+        );
+    }
+
+    it('should return 200 if properly authorized', function(done) {
+        getStaticMap(templateName, { params: { auth_token: 'valid1' } }, function(err, res, img) {
+            assert.ok(!err);
+
+            assert.equal(img.width(), 640);
+            assert.equal(img.height(), 480);
+
+            test_helper.checkSurrogateKey(res, new NamedMapsCacheEntry(username, templateName).key());
+            var redisKeysToDelete = { 'user:localhost:mapviews:global': 5 };
+            redisKeysToDelete['user:localhost:mapviews:stat_tag:' + statTag] = 5;
+            test_helper.deleteRedisKeys(redisKeysToDelete, done);
+        });
+    });
+});
--- a/test/acceptance/ported/attributes.js
+++ b/test/acceptance/ported/attributes.js
@@ -0,0 +1,303 @@
+var testHelper = require('../../support/test_helper');
+
+var assert        = require('../../support/assert');
+var step          = require('step');
+var cartodbServer = require('../../../lib/cartodb/server');
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+var LayergroupToken = require('../../../lib/cartodb/models/layergroup_token');
+
+
+describe('attributes', function() {
+
+    var server = cartodbServer(PortedServerOptions);
+    server.setMaxListeners(0);
+
+    var test_mapconfig_1 =  {
+        version: '1.1.0',
+        layers: [
+            { type: 'mapnik', options: {
+                sql: "select 1 as id, 'SRID=4326;POINT(0 0)'::geometry as the_geom",
+                cartocss: '#style { }',
+                cartocss_version: '2.0.1'
+            } },
+            { type: 'mapnik', options: {
+                sql: "select 1 as i, 6 as n, 'SRID=4326;POINT(0 0)'::geometry as the_geom",
+                attributes: { id:'i', columns: ['n'] },
+                cartocss: '#style { }',
+                cartocss_version: '2.0.1'
+            } }
+        ]
+    };
+
+    function checkCORSHeaders(res) {
+        assert.equal(
+            res.headers['access-control-allow-headers'],
+            'X-Requested-With, X-Prototype-Version, X-CSRF-Token'
+        );
+        assert.equal(res.headers['access-control-allow-origin'], '*');
+    }
+
+    var keysToDelete;
+
+    beforeEach(function() {
+        keysToDelete = {};
+    });
+
+    afterEach(function(done) {
+        testHelper.deleteRedisKeys(keysToDelete, done);
+    });
+
+    var req2paramsFn;
+    before(function() {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+    });
+
+    after(function() {
+        BaseController.prototype.req2params = req2paramsFn;
+    });
+
+    it("can only be fetched from layer having an attributes spec", function(done) {
+
+            var expected_token;
+            step(
+                function do_post()
+                {
+                    var next = this;
+                    assert.response(server, {
+                        url: '/database/windshaft_test/layergroup',
+                        method: 'POST',
+                        headers: {'Content-Type': 'application/json' },
+                        data: JSON.stringify(test_mapconfig_1)
+                    }, {}, function(res, err) { next(err, res); });
+                },
+                function checkPost(err, res) {
+                    assert.ifError(err);
+                    assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+                    // CORS headers should be sent with response
+                    // from layergroup creation via POST
+                    checkCORSHeaders(res);
+                    var parsedBody = JSON.parse(res.body);
+                    if ( expected_token ) {
+                        assert.deepEqual(parsedBody, {layergroupid: expected_token, layercount: 2});
+                    } else {
+                        expected_token = parsedBody.layergroupid;
+                    }
+                    return null;
+                },
+                function do_get_attr_0(err)
+                {
+                    assert.ifError(err);
+                    var next = this;
+                    assert.response(server, {
+                        url: '/database/windshaft_test/layergroup/' + expected_token + '/0/attributes/1',
+                        method: 'GET'
+                    }, {}, function(res, err) { next(err, res); });
+                },
+                function check_error_0(err, res) {
+                    assert.ifError(err);
+                    assert.equal(
+                        res.statusCode,
+                        400,
+                        res.statusCode + ( res.statusCode !== 200 ? (': ' + res.body) : '' )
+                    );
+                    var parsed = JSON.parse(res.body);
+                    assert.equal(parsed.errors[0], "Layer 0 has no exposed attributes");
+                    return null;
+                },
+                function do_get_attr_1(err)
+                {
+                    assert.ifError(err);
+                    var next = this;
+                    assert.response(server, {
+                        url: '/database/windshaft_test/layergroup/' + expected_token + '/1/attributes/1',
+                        method: 'GET'
+                    }, {}, function(res, err) { next(err, res); });
+                },
+                function check_attr_1(err, res) {
+                    assert.ifError(err);
+                    assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+                    var parsed = JSON.parse(res.body);
+                    assert.deepEqual(parsed, {"n":6});
+                    return null;
+                },
+                function do_get_attr_1_404(err)
+                {
+                    assert.ifError(err);
+                    var next = this;
+                    assert.response(server, {
+                        url: '/database/windshaft_test/layergroup/' + expected_token + '/1/attributes/-666',
+                        method: 'GET'
+                    }, {}, function(res, err) { next(err, res); });
+                },
+                function check_attr_1_404(err, res) {
+                    assert.ifError(err);
+                    assert.equal(res.statusCode, 404, res.statusCode + ': ' + res.body);
+                    var parsed = JSON.parse(res.body);
+                    assert.ok(parsed.errors);
+                    var msg = parsed.errors[0];
+                    assert.ok(msg.match(/0 features.*identified by fid -666/), msg);
+                    return null;
+                },
+                function finish(err) {
+                    keysToDelete['map_cfg|' + LayergroupToken.parse(expected_token).token] = 0;
+                    keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                    done(err);
+                }
+            );
+        });
+
+    // See https://github.com/CartoDB/Windshaft/issues/131
+    it("are checked at map creation time", function(done) {
+
+            // clone the mapconfig test
+            var mapconfig = JSON.parse(JSON.stringify(test_mapconfig_1));
+            // append unexistant attribute name
+            mapconfig.layers[1].options.sql = 'SELECT * FROM test_table';
+            mapconfig.layers[1].options.attributes.id = 'unexistant';
+            mapconfig.layers[1].options.attributes.columns = ['cartodb_id'];
+
+            step(
+                function do_post()
+                {
+                    var next = this;
+                    assert.response(server, {
+                        url: '/database/windshaft_test/layergroup',
+                        method: 'POST',
+                        headers: {'Content-Type': 'application/json' },
+                        data: JSON.stringify(mapconfig)
+                    }, {}, function(res, err) { next(err, res); });
+                },
+                function checkPost(err, res) {
+                    assert.ifError(err);
+                    assert.equal(res.statusCode, 404, res.statusCode + ': ' + (res.statusCode===200?'...':res.body));
+                    var parsed = JSON.parse(res.body);
+                    assert.ok(parsed.errors);
+                    assert.equal(parsed.errors.length, 1);
+                    var msg = parsed.errors[0];
+                    assert.equal(msg, 'column "unexistant" does not exist');
+                    return null;
+                },
+                function finish(err) {
+                    done(err);
+                }
+            );
+        });
+
+    it("can be used with jsonp", function(done) {
+
+        var expected_token;
+        step(
+            function do_post()
+            {
+                var next = this;
+                assert.response(server, {
+                    url: '/database/windshaft_test/layergroup',
+                    method: 'POST',
+                    headers: {'Content-Type': 'application/json' },
+                    data: JSON.stringify(test_mapconfig_1)
+                }, {}, function(res, err) { next(err, res); });
+            },
+            function checkPost(err, res) {
+                assert.ifError(err);
+                assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+                // CORS headers should be sent with response
+                // from layergroup creation via POST
+                checkCORSHeaders(res);
+                var parsedBody = JSON.parse(res.body);
+                if ( expected_token ) {
+                    assert.deepEqual(parsedBody, {layergroupid: expected_token, layercount: 2});
+                } else {
+                    expected_token = parsedBody.layergroupid;
+                }
+                return null;
+            },
+            function do_get_attr_0(err)
+            {
+                assert.ifError(err);
+                var next = this;
+                assert.response(server, {
+                    url: '/database/windshaft_test/layergroup/' + expected_token +
+                        '/0/attributes/1?callback=test',
+                    method: 'GET'
+                }, {}, function(res, err) { next(err, res); });
+            },
+            function check_error_0(err, res) {
+                assert.ifError(err);
+                // jsonp errors should be returned with HTTP status 200
+                assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+                assert.equal(
+                    res.body,
+                    '/**/ typeof test === \'function\' && test({"errors":["Layer 0 has no exposed attributes"]});'
+                );
+                return null;
+            },
+            function do_get_attr_1(err)
+            {
+                assert.ifError(err);
+                var next = this;
+                assert.response(server, {
+                    url: '/database/windshaft_test/layergroup/' + expected_token + '/1/attributes/1',
+                    method: 'GET'
+                }, {}, function(res, err) { next(err, res); });
+            },
+            function check_attr_1(err, res) {
+                assert.ifError(err);
+                assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+                var parsed = JSON.parse(res.body);
+                assert.deepEqual(parsed, {"n":6});
+                return null;
+            },
+            function finish(err) {
+                keysToDelete['map_cfg|' + LayergroupToken.parse(expected_token).token] = 0;
+                keysToDelete['user:localhost:mapviews:global'] = 5;
+
+                done(err);
+            }
+        );
+    });
+
+    // Test that you cannot write to the database from an attributes tile request
+    //
+    // Test for http://github.com/CartoDB/Windshaft/issues/130
+    //
+    it("database access is read-only", function(done) {
+
+        // clone the mapconfig test
+        var mapconfig = JSON.parse(JSON.stringify(test_mapconfig_1));
+        mapconfig.layers[1].options.sql +=
+            ", test_table_inserter(st_setsrid(st_point(0,0),4326),'write') as w";
+        mapconfig.layers[1].options.attributes.columns.push('w');
+
+        step(
+            function do_post()
+            {
+                var next = this;
+                assert.response(server, {
+                    url: '/database/windshaft_test/layergroup',
+                    method: 'POST',
+                    headers: {'Content-Type': 'application/json' },
+                    data: JSON.stringify(mapconfig)
+                }, {}, function(res, err) { next(err, res); });
+            },
+            function checkPost(err, res) {
+                assert.ifError(err);
+                // TODO: should be 403 Forbidden
+                assert.equal(res.statusCode, 400, res.statusCode + ': ' + (res.statusCode===200?'...':res.body));
+                var parsed = JSON.parse(res.body);
+                assert.ok(parsed.errors);
+                assert.equal(parsed.errors.length, 1);
+                var msg = parsed.errors[0];
+                assert.equal(msg, "cannot execute INSERT in a read-only transaction");
+                return null;
+            },
+            function finish(err) {
+                done(err);
+            }
+        );
+    });
+
+});
--- a/test/acceptance/ported/blend.js
+++ b/test/acceptance/ported/blend.js
@@ -0,0 +1,105 @@
+require('../../support/test_helper');
+
+var assert = require('../../support/assert');
+var testClient = require('./support/test_client');
+
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe('blend png renderer', function() {
+
+    var req2paramsFn;
+    before(function() {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+    });
+
+    after(function() {
+        BaseController.prototype.req2params = req2paramsFn;
+    });
+
+    var IMAGE_TOLERANCE_PER_MIL = 20;
+
+    function plainTorqueMapConfig(plainColor) {
+        return {
+            version: '1.2.0',
+            layers: [
+                {
+                    type: 'plain',
+                    options: {
+                        color: plainColor
+                    }
+                },
+                {
+                    type: 'torque',
+                    options: {
+                        sql: "SELECT * FROM populated_places_simple_reduced " +
+                            "where the_geom && ST_MakeEnvelope(-90, 0, 90, 65)",
+                        cartocss: [
+                            'Map {',
+                            '    buffer-size:0;',
+                            '    -torque-frame-count:1;',
+                            '    -torque-animation-duration:30;',
+                            '    -torque-time-attribute:"cartodb_id";',
+                            '    -torque-aggregation-function:"count(cartodb_id)";',
+                            '    -torque-resolution:1;',
+                            '    -torque-data-aggregation:linear;',
+                            '}',
+                            '#populated_places_simple_reduced{',
+                            '    comp-op: multiply;',
+                            '    marker-fill-opacity: 1;',
+                            '    marker-line-color: #FFF;',
+                            '    marker-line-width: 0;',
+                            '    marker-line-opacity: 1;',
+                            '    marker-type: rectangle;',
+                            '    marker-width: 3;',
+                            '    marker-fill: #FFCC00;',
+                            '}'
+                        ].join(' '),
+                        cartocss_version: '2.3.0'
+                    }
+                }
+            ]
+        };
+    }
+
+    var testScenarios = [
+        {
+            tile: {
+                z: 2,
+                x: 2,
+                y: 1,
+                layer: 'all',
+                format: 'png'
+            },
+            plainColor: 'white'
+        },
+        {
+            tile: {
+                z: 2,
+                x: 1,
+                y: 1,
+                layer: 'all',
+                format: 'png'
+            },
+            plainColor: '#339900'
+        }
+    ];
+
+    function blendPngFixture(zxy) {
+        return './test/fixtures/blend/blend-plain-torque-' + zxy.join('.') + '.png';
+    }
+
+    testScenarios.forEach(function(testScenario) {
+        var tileRequest = testScenario.tile;
+        var zxy = [tileRequest.z, tileRequest.x, tileRequest.y];
+        it('tile all/' + zxy.join('/') + '.png', function (done) {
+            testClient.getTileLayer(plainTorqueMapConfig(testScenario.plainColor), tileRequest, function(err, res) {
+                assert.imageEqualsFile(res.body, blendPngFixture(zxy), IMAGE_TOLERANCE_PER_MIL, function(err) {
+                    assert.ok(!err);
+                    done();
+                });
+            });
+        });
+    });
+});
--- a/test/acceptance/ported/blend_filtering.js
+++ b/test/acceptance/ported/blend_filtering.js
@@ -0,0 +1,166 @@
+require('../../support/test_helper');
+
+var assert = require('../../support/assert');
+var testClient = require('./support/test_client');
+var fs = require('fs');
+var http = require('http');
+
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe('blend layer filtering', function() {
+
+    var IMG_TOLERANCE_PER_MIL = 20;
+
+    var httpRendererResourcesServer;
+
+    var req2paramsFn;
+    before(function(done) {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+
+        // Start a server to test external resources
+        httpRendererResourcesServer = http.createServer( function(request, response) {
+            var filename = __dirname + '/../../fixtures/http/light_nolabels-1-0-0.png';
+            fs.readFile(filename, {encoding: 'binary'}, function(err, file) {
+                response.writeHead(200);
+                response.write(file, "binary");
+                response.end();
+            });
+        });
+        httpRendererResourcesServer.listen(8033, done);
+    });
+
+    after(function(done) {
+        BaseController.prototype.req2params = req2paramsFn;
+        httpRendererResourcesServer.close(done);
+    });
+
+    var mapConfig = {
+        version: '1.2.0',
+        layers: [
+            {
+                type: 'plain',
+                options: {
+                    color: '#fabada'
+                }
+            },
+            {
+                type: 'http',
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['abcd']
+                }
+            },
+            {
+                type: 'mapnik',
+                options: {
+                    sql: 'SELECT * FROM populated_places_simple_reduced',
+                    cartocss: '#layer { marker-fill:red; } #layer { marker-width: 2; }',
+                    cartocss_version: '2.3.0',
+                    geom_column: 'the_geom'
+                }
+            },
+            {
+                type: 'torque',
+                options: {
+                    sql: "SELECT * FROM populated_places_simple_reduced",
+                    cartocss: [
+                        'Map {',
+                        '    buffer-size:0;',
+                        '    -torque-frame-count:1;',
+                        '    -torque-animation-duration:30;',
+                        '    -torque-time-attribute:"cartodb_id";',
+                        '    -torque-aggregation-function:"count(cartodb_id)";',
+                        '    -torque-resolution:1;',
+                        '    -torque-data-aggregation:linear;',
+                        '}',
+                        '#populated_places_simple_reduced{',
+                        '    comp-op: multiply;',
+                        '    marker-fill-opacity: 1;',
+                        '    marker-line-color: #FFF;',
+                        '    marker-line-width: 0;',
+                        '    marker-line-opacity: 1;',
+                        '    marker-type: rectangle;',
+                        '    marker-width: 3;',
+                        '    marker-fill: #FFCC00;',
+                        '}'
+                    ].join(' '),
+                    cartocss_version: '2.3.0'
+                }
+            },
+            {
+                type: 'http',
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['abcd']
+                }
+            },
+            {
+                type: 'torque',
+                options: {
+                    sql: "SELECT * FROM populated_places_simple_reduced " +
+                        "where the_geom && ST_MakeEnvelope(-90, 0, 90, 65)",
+                    cartocss: [
+                        'Map {',
+                        '    buffer-size:0;',
+                        '    -torque-frame-count:1;',
+                        '    -torque-animation-duration:30;',
+                        '    -torque-time-attribute:"cartodb_id";',
+                        '    -torque-aggregation-function:"count(cartodb_id)";',
+                        '    -torque-resolution:1;',
+                        '    -torque-data-aggregation:linear;',
+                        '}',
+                        '#populated_places_simple_reduced{',
+                        '    comp-op: multiply;',
+                        '    marker-fill-opacity: 1;',
+                        '    marker-line-color: #FFF;',
+                        '    marker-line-width: 0;',
+                        '    marker-line-opacity: 1;',
+                        '    marker-type: rectangle;',
+                        '    marker-width: 3;',
+                        '    marker-fill: #FFCC00;',
+                        '}'
+                    ].join(' '),
+                    cartocss_version: '2.3.0'
+                }
+            }
+        ]
+    };
+
+    var filteredLayersSuite = [
+        [2, 2],
+        [0, 1],
+        [0, 2],
+        [1, 2],
+        [2, 1], // ordering doesn't matter
+        [0, 3],
+        [1, 3],
+        [1, 2, 5],
+        [1, 2, 3, 4]
+    ];
+
+    function blendPngFixture(layers) {
+        return './test/fixtures/blend/blend-filtering-layers-' + layers.join('.') + '-zxy-1.0.0.png';
+    }
+
+    filteredLayersSuite.forEach(function(filteredLayers) {
+        var layerFilter = filteredLayers.join(',');
+        var tileRequest = {
+            z: 1,
+            x: 0,
+            y: 0,
+            layer: layerFilter,
+            format: 'png'
+        };
+
+        it('should filter on ' + layerFilter + '/1/0/0.png', function (done) {
+            testClient.getTileLayer(mapConfig, tileRequest, function(err, res) {
+                assert.imageEqualsFile(res.body, blendPngFixture(filteredLayers), IMG_TOLERANCE_PER_MIL, function(err) {
+                    assert.ok(!err);
+                    done();
+                });
+            });
+        });
+    });
+});
--- a/test/acceptance/ported/blend_http_fallback.js
+++ b/test/acceptance/ported/blend_http_fallback.js
@@ -0,0 +1,147 @@
+require('../../support/test_helper');
+
+var assert = require('../../support/assert');
+var testClient = require('./support/test_client');
+var fs = require('fs');
+var http = require('http');
+
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe('blend http fallback', function() {
+
+    var IMG_TOLERANCE_PER_MIL = 20;
+
+    var httpRendererResourcesServer;
+
+    var req2paramsFn;
+    before(function(done) {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+        // Start a server to test external resources
+        httpRendererResourcesServer = http.createServer( function(request, response) {
+            if (request.url.match(/^\/error404\//)) {
+                response.writeHead(404);
+                response.end();
+            } else {
+                var filename = __dirname + '/../../fixtures/http/light_nolabels-1-0-0.png';
+                if (request.url.match(/^\/dark\//)) {
+                    filename = __dirname + '/../../fixtures/http/dark_nolabels-1-0-0.png';
+                }
+                fs.readFile(filename, {encoding: 'binary'}, function(err, file) {
+                    response.writeHead(200);
+                    response.write(file, "binary");
+                    response.end();
+                });
+            }
+        });
+        httpRendererResourcesServer.listen(8033, done);
+    });
+
+    after(function(done) {
+        BaseController.prototype.req2params = req2paramsFn;
+        httpRendererResourcesServer.close(done);
+    });
+
+    var mapConfig = {
+        version: '1.2.0',
+        layers: [
+            {
+                type: 'plain', // <- 0
+                options: {
+                    color: '#fabada'
+                }
+            },
+            {
+                type: 'http', // <- 1
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['light']
+                }
+            },
+            {
+                type: 'http', // <- 2
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['dark']
+                }
+            },
+            {
+                type: 'http', // <- 3
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['error404']
+                }
+            },
+            {
+                type: 'mapnik', // <- 4
+                options: {
+                    sql: 'SELECT * FROM populated_places_simple_reduced',
+                    cartocss: '#layer { marker-fill:red; } #layer { marker-width: 2; }',
+                    cartocss_version: '2.3.0',
+                    geom_column: 'the_geom'
+                }
+            }
+        ]
+    };
+
+    var filteredLayersSuite = [
+        ['all'], // layers displayed: 2 + 4, skipping 3 as it fails
+        [0, 4],
+        [0, 3], // skips layer 3 as it fails
+        [1, 2],
+        [1, 3],
+        [2, 3],
+        [3, 4]
+    ];
+
+    function blendPngFixture(layers) {
+        return './test/fixtures/blend/http_fallback/blend-layers-' + layers.join('.') + '-zxy-1.0.0.png';
+    }
+
+    filteredLayersSuite.forEach(function(filteredLayers) {
+        var layerFilter = filteredLayers.join(',');
+        var tileRequest = {
+            z: 1,
+            x: 0,
+            y: 0,
+            layer: layerFilter,
+            format: 'png'
+        };
+
+        it('should fallback on http error while blending layers ' + layerFilter + '/1/0/0.png', function (done) {
+            testClient.getTileLayer(mapConfig, tileRequest, function(err, res) {
+                assert.imageEqualsFile(res.body, blendPngFixture(filteredLayers), IMG_TOLERANCE_PER_MIL, function(err) {
+                    assert.ok(!err, err);
+                    done();
+                });
+            });
+        });
+    });
+
+    it('should keep failing when http layer is requested individually', function(done) {
+        var tileRequest = {
+            z: 1,
+            x: 0,
+            y: 0,
+            layer: 3,
+            format: 'png'
+        };
+        var expectedResponse = {
+            status: 400,
+            headers: {
+                'Content-Type': 'application/json; charset=utf-8'
+            }
+        };
+        testClient.getTileLayer(mapConfig, tileRequest, expectedResponse, function(err, res) {
+            assert.ok(!err);
+            var parsedBody = JSON.parse(res.body);
+            assert.deepEqual(parsedBody, {
+                errors: [
+                    "Unable to fetch http tile: http://127.0.0.1:8033/error404/1/0/0.png [404]"
+                ]
+            });
+            done();
+        });
+    });
+});
--- a/test/acceptance/ported/blend_http_timeout.js
+++ b/test/acceptance/ported/blend_http_timeout.js
@@ -0,0 +1,95 @@
+require('../../support/test_helper');
+
+var assert = require('../../support/assert');
+var testClient = require('./support/test_client');
+var serverOptions = require('./support/ported_server_options');
+var fs = require('fs');
+var http = require('http');
+
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe.skip('blend http client timeout', function() {
+
+    var req2paramsFn;
+    before(function() {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+    });
+
+    after(function() {
+        BaseController.prototype.req2params = req2paramsFn;
+    });
+
+    var mapConfig = {
+        version: '1.3.0',
+        layers: [
+            {
+                type: 'http',
+                options: {
+                    urlTemplate: 'http://127.0.0.1:8033/{s}/{z}/{x}/{y}.png',
+                    subdomains: ['light']
+                }
+            },
+            {
+                type: 'mapnik',
+                options: {
+                    sql: 'SELECT * FROM populated_places_simple_reduced',
+                    cartocss: '#layer { marker-fill:red; } #layer { marker-width: 2; }',
+                    cartocss_version: '2.3.0',
+                    geom_column: 'the_geom'
+                }
+            }
+        ]
+    };
+
+    var oldHttpRendererTimeout;
+    var httpRendererTimeout = 100;
+
+    var slowHttpRendererResourcesServer;
+
+    before(function(done) {
+        oldHttpRendererTimeout = serverOptions.renderer.http.timeout;
+        serverOptions.renderer.http.timeout = httpRendererTimeout;
+
+        // Start a server to test external resources
+        slowHttpRendererResourcesServer = http.createServer( function(request, response) {
+            setTimeout(function() {
+                var filename = __dirname + '/../fixtures/http/light_nolabels-1-0-0.png';
+                fs.readFile(filename, {encoding: 'binary'}, function(err, file) {
+                    response.writeHead(200);
+                    response.write(file, "binary");
+                    response.end();
+                });
+            }, httpRendererTimeout * 2);
+        });
+        slowHttpRendererResourcesServer.listen(8033, done);
+    });
+
+    after(function(done) {
+        serverOptions.renderer.http.timeout = oldHttpRendererTimeout;
+        slowHttpRendererResourcesServer.close(done);
+    });
+
+    it('should fail to render when http layer times out', function(done) {
+        var options = {
+            statusCode: 400,
+            contentType: 'application/json; charset=utf-8',
+            serverOptions: serverOptions
+        };
+        testClient.withLayergroup(mapConfig, options, function(err, requestTile, finish) {
+            var tileUrl = '/all/0/0/0.png';
+            requestTile(tileUrl, options, function(err, res) {
+                assert.ok(!err);
+                var parsedBody = JSON.parse(res.body);
+                assert.ok(parsedBody.errors);
+                assert.ok(parsedBody.errors.length);
+                assert.equal(parsedBody.errors[0], 'Unable to fetch http tile: http://127.0.0.1:8033/light/0/0/0.png');
+                finish(function(finishErr) {
+                    done(err || finishErr);
+                });
+            });
+        });
+    });
+
+});
--- a/test/acceptance/ported/external_resources.js
+++ b/test/acceptance/ported/external_resources.js
@@ -0,0 +1,129 @@
+var testHelper = require('../../support/test_helper');
+
+
+var assert = require('../../support/assert');
+var fs = require('fs');
+var PortedServerOptions = require('./support/ported_server_options');
+var http = require('http');
+var testClient = require('./support/test_client');
+
+var nock = require('nock');
+
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe('external resources', function() {
+
+    var res_serv; // resources server
+    var res_serv_status = { numrequests:0 }; // status of resources server
+    var res_serv_port = 8033; // FIXME: make configurable ?
+
+    var IMAGE_EQUALS_TOLERANCE_PER_MIL = 25;
+
+    var req2paramsFn;
+    before(function(done) {
+        nock.enableNetConnect('127.0.0.1');
+
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+        // Start a server to test external resources
+        res_serv = http.createServer( function(request, response) {
+            ++res_serv_status.numrequests;
+            var filename = __dirname + '/../../fixtures/markers' + request.url;
+            fs.readFile(filename, "binary", function(err, file) {
+              if ( err ) {
+                response.writeHead(404, {'Content-Type': 'text/plain'});
+                response.write("404 Not Found\n");
+              } else {
+                response.writeHead(200);
+                response.write(file, "binary");
+              }
+              response.end();
+            });
+        });
+        res_serv.listen(res_serv_port, done);
+    });
+
+    after(function(done) {
+        BaseController.prototype.req2params = req2paramsFn;
+
+        testHelper.rmdirRecursiveSync(global.environment.millstone.cache_basedir);
+
+        // Close the resources server
+        res_serv.close(done);
+    });
+
+    function imageCompareFn(fixture, done) {
+        return function(err, res) {
+            if (err) {
+                return done(err);
+            }
+            assert.imageEqualsFile(res.body, './test/fixtures/' + fixture, IMAGE_EQUALS_TOLERANCE_PER_MIL, done);
+        };
+    }
+
+    it("basic external resource", function(done) {
+
+        var circleStyle = "#test_table_3 { marker-file: url('http://127.0.0.1:" + res_serv_port +
+            "/circle.svg'); marker-transform:'scale(0.2)'; }";
+
+        testClient.getTile(testClient.defaultTableMapConfig('test_table_3', circleStyle), 13, 4011, 3088,
+            imageCompareFn('test_table_13_4011_3088_svg1.png', done));
+    });
+
+    it("different external resource", function(done) {
+
+        var squareStyle = "#test_table_3 { marker-file: url('http://127.0.0.1:" + res_serv_port +
+            "/square.svg'); marker-transform:'scale(0.2)'; }";
+
+        testClient.getTile(testClient.defaultTableMapConfig('test_table_3', squareStyle), 13, 4011, 3088,
+            imageCompareFn('test_table_13_4011_3088_svg2.png', done));
+    });
+
+    // See http://github.com/CartoDB/Windshaft/issues/107
+    it("external resources get localized on renderer creation if not locally cached", function(done) {
+
+        var options = {
+            serverOptions: PortedServerOptions
+        };
+
+        var externalResourceStyle = "#test_table_3{marker-file: url('http://127.0.0.1:" + res_serv_port +
+          "/square.svg'); marker-transform:'scale(0.2)'; }";
+
+        var externalResourceMapConfig = testClient.defaultTableMapConfig('test_table_3', externalResourceStyle);
+
+        testClient.createLayergroup(externalResourceMapConfig, options, function() {
+            var externalResourceRequestsCount = res_serv_status.numrequests;
+
+            testClient.createLayergroup(externalResourceMapConfig, options, function() {
+                assert.equal(res_serv_status.numrequests, externalResourceRequestsCount);
+
+                // reset resources cache
+                testHelper.rmdirRecursiveSync(global.environment.millstone.cache_basedir);
+
+                externalResourceMapConfig = testClient.defaultTableMapConfig('test_table_3 ', externalResourceStyle);
+
+                testClient.createLayergroup(externalResourceMapConfig, options, function() {
+                    assert.equal(res_serv_status.numrequests, externalResourceRequestsCount + 1);
+
+                    done();
+                });
+            });
+        });
+    });
+
+    it("referencing unexistant external resources returns an error", function(done) {
+        var url = "http://127.0.0.1:" + res_serv_port + "/notfound.png";
+        var style = "#test_table_3{marker-file: url('" + url + "'); marker-transform:'scale(0.2)'; }";
+
+        var mapConfig = testClient.defaultTableMapConfig('test_table_3', style);
+
+        testClient.createLayergroup(mapConfig, { statusCode: 400 }, function(err, res) {
+            assert.deepEqual(JSON.parse(res.body), {
+                errors: ["Unable to download '" + url + "' for 'style0' (server returned 404)"]
+            });
+            done();
+        });
+    });
+
+});
+
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.layer0.grid.json
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.layer0.grid.json
@@ -0,0 +1 @@
+{"grid":["                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                       !!!                      ","                                      !!!!!!                    ","                                     !!!!!!!                    ","                                     !!!!!!!!                   ","                                    !!!!!!!!!                   ","                                     !!!!!!!!                   ","                                     !!!!!!!                    ","                                      !!!!!!                    ","                                       !!!                      ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                "],"keys":["","2"],"data":{"2":{"cartodb_id":2}}}
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.layer1.grid.json
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.layer1.grid.json
@@ -0,0 +1 @@
+{"grid":["                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                      !!                                        ","                     !!!                                        ","                      !!                                        ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                ","                                                                "],"keys":["","2"],"data":{"2":{"cartodb_id":4}}}
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.png
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer1.png
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer2.png
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer2.png
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer3.png
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer3.png
--- a/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer4.png
+++ b/test/acceptance/ported/fixtures/test_table_0_0_0_multilayer4.png
--- a/test/acceptance/ported/limits.js
+++ b/test/acceptance/ported/limits.js
@@ -0,0 +1,96 @@
+require('../../support/test_helper');
+
+var fs = require('fs');
+
+var assert = require('../../support/assert');
+var testClient = require('./support/test_client');
+var serverOptions = require('./support/ported_server_options');
+
+var PortedServerOptions = require('./support/ported_server_options');
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe.skip('render limits', function() {
+
+    var IMAGE_EQUALS_TOLERANCE_PER_MIL = 25;
+
+    var limitsConfig;
+    var onTileErrorStrategy;
+    var req2paramsFn;
+    before(function() {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = PortedServerOptions.req2params;
+        limitsConfig = serverOptions.renderer.mapnik.limits;
+        serverOptions.renderer.mapnik.limits = {
+            render: 50,
+            cacheOnTimeout: false
+        };
+        onTileErrorStrategy = serverOptions.renderer.onTileErrorStrategy;
+        serverOptions.renderer.onTileErrorStrategy = function(err, tile, headers, stats, format, callback) {
+            callback(err, tile, headers, stats);
+        };
+    });
+
+    after(function() {
+        BaseController.prototype.req2params = req2paramsFn;
+        serverOptions.renderer.mapnik.limits = limitsConfig;
+        serverOptions.renderer.onTileErrorStrategy = onTileErrorStrategy;
+    });
+
+    var slowQuery = 'select pg_sleep(1), * from test_table limit 2';
+    var slowQueryMapConfig = testClient.singleLayerMapConfig(slowQuery);
+
+    it('slow query/render returns with 400 status', function(done) {
+        var options = {
+            statusCode: 400,
+            serverOptions: serverOptions
+        };
+        testClient.createLayergroup(slowQueryMapConfig, options, function(err, res) {
+            assert.deepEqual(JSON.parse(res.body), { errors: ["Render timed out"] });
+            done();
+        });
+    });
+
+    it('uses onTileErrorStrategy to handle error and modify response', function(done) {
+        serverOptions.renderer.onTileErrorStrategy = function(err, tile, headers, stats, format, callback) {
+            var fixture = __dirname + '/../../fixtures/limits/fallback.png';
+            fs.readFile(fixture, {encoding: 'binary'}, function(err, img) {
+                callback(null, img, {'Content-Type': 'image/png'}, {});
+            });
+        };
+        var options = {
+            statusCode: 200,
+            contentType: 'image/png',
+            serverOptions: serverOptions
+        };
+        testClient.createLayergroup(slowQueryMapConfig, options, function(err, res) {
+            var parsed = JSON.parse(res.body);
+            assert.ok(parsed.layergroupid);
+            done();
+        });
+    });
+
+    it('returns a fallback tile that was modified via onTileErrorStrategy', function(done) {
+        var fixtureImage = './test/fixtures/limits/fallback.png';
+        serverOptions.renderer.onTileErrorStrategy = function(err, tile, headers, stats, format, callback) {
+            fs.readFile(fixtureImage, {encoding: null}, function(err, img) {
+                callback(null, img, {'Content-Type': 'image/png'}, {});
+            });
+        };
+        var options = {
+            statusCode: 200,
+            contentType: 'image/png',
+            serverOptions: serverOptions
+        };
+        testClient.withLayergroup(slowQueryMapConfig, options, function(err, requestTile, finish) {
+            var tileUrl = '/0/0/0.png';
+            requestTile(tileUrl, options, function(err, res) {
+                assert.imageEqualsFile(res.body, fixtureImage, IMAGE_EQUALS_TOLERANCE_PER_MIL, function(err) {
+                    finish(function(finishErr) {
+                        done(err || finishErr);
+                    });
+                });
+            });
+        });
+    });
+
+});
--- a/test/acceptance/ported/multilayer.js
+++ b/test/acceptance/ported/multilayer.js
--- a/test/acceptance/ported/multilayer_error_cases.js
+++ b/test/acceptance/ported/multilayer_error_cases.js
@@ -0,0 +1,465 @@
+require('../../support/test_helper');
+
+var assert = require('../../support/assert');
+var step = require('step');
+var cartodbServer = require('../../../lib/cartodb/server');
+var ServerOptions = require('./support/ported_server_options');
+var testClient = require('./support/test_client');
+
+var BaseController = require('../../../lib/cartodb/controllers/base');
+
+describe('multilayer error cases', function() {
+
+    var server = cartodbServer(ServerOptions);
+    server.setMaxListeners(0);
+
+    var req2paramsFn;
+    before(function() {
+        req2paramsFn = BaseController.prototype.req2params;
+        BaseController.prototype.req2params = ServerOptions.req2params;
+    });
+
+    after(function() {
+        BaseController.prototype.req2params = req2paramsFn;
+    });
+
+    it("post layergroup with wrong Content-Type", function(done) {
+        assert.response(server, {
+            url: '/database/windshaft_test/layergroup',
+            method: 'POST',
+            headers: {'Content-Type': 'application/x-www-form-urlencoded' }
+        }, {}, function(res) {
+            assert.equal(res.statusCode, 400, res.body);
+            var parsedBody = JSON.parse(res.body);
+            assert.deepEqual(parsedBody, {"errors":["layergroup POST data must be of type application/json"]});
+            done();
+        });
+    });
+
+    it("post layergroup with no layers", function(done) {
+        assert.response(server, {
+            url: '/database/windshaft_test/layergroup',
+            method: 'POST',
+            headers: {'Content-Type': 'application/json' }
+        }, {}, function(res) {
+            assert.equal(res.statusCode, 400, res.body);
+            var parsedBody = JSON.parse(res.body);
+            assert.deepEqual(parsedBody, {"errors":["Missing layers array from layergroup config"]});
+            done();
+        });
+    });
+
+    it("post layergroup jsonp errors are returned with 200 status", function(done) {
+        assert.response(server, {
+            url: '/database/windshaft_test/layergroup?callback=test',
+            method: 'POST',
+            headers: {'Content-Type': 'application/json' }
+        }, {}, function(res) {
+            assert.equal(res.statusCode, 200);
+            assert.equal(
+                res.body,
+                '/**/ typeof test === \'function\' && test({"errors":["Missing layers array from layergroup config"]});'
+            );
+            done();
+        });
+    });
+
+    // See https://github.com/CartoDB/Windshaft/issues/154
+    it("mapnik tokens cannot be used with attributes service", function(done) {
+      var layergroup =  {
+        version: '1.1.0',
+        layers: [
+           { options: {
+               sql: 'select cartodb_id, 1 as n, the_geom, !bbox! as b from test_table limit 1',
+               cartocss: '#layer { marker-fill:red }',
+               cartocss_version: '2.0.1',
+               attributes: { id:'cartodb_id', columns:['n'] },
+               geom_column: 'the_geom'
+             } }
+        ]
+      };
+      step(
+        function do_post()
+        {
+          var next = this;
+          assert.response(server, {
+              url: '/database/windshaft_test/layergroup',
+              method: 'POST',
+              headers: {'Content-Type': 'application/json; charset=utf-8' },
+              data: JSON.stringify(layergroup)
+          }, {}, function(res, err) { next(err, res); });
+        },
+        function do_check(err, res) {
+          assert.equal(res.statusCode, 400, res.body);
+          var parsed = JSON.parse(res.body);
+          assert.ok(parsed.errors);
+          assert.equal(parsed.errors.length, 1);
+          var msg = parsed.errors[0];
+          assert.ok(msg.match(/Attribute service cannot be activated/), msg);
+          return null;
+        },
+        function finish(err) {
+          done(err);
+        }
+      );
+    });
+
+    it("layergroup with no cartocss_version", function(done) {
+      var layergroup =  {
+        version: '1.0.0',
+        layers: [
+           { options: {
+               sql: 'select cartodb_id, ST_Translate(the_geom, 50, 0) as the_geom from test_table limit 2',
+               cartocss: '#layer { marker-fill:red; marker-width:32; marker-allow-overlap:true; }',
+               geom_column: 'the_geom'
+             } }
+        ]
+      };
+      assert.response(server, {
+          url: '/database/windshaft_test/layergroup',
+          method: 'POST',
+          headers: {'Content-Type': 'application/json' },
+          data: JSON.stringify(layergroup)
+      }, {}, function(res) {
+          assert.equal(res.statusCode, 400, res.body);
+          var parsedBody = JSON.parse(res.body);
+          assert.deepEqual(parsedBody, {errors:["Missing cartocss_version for layer 0 options"]});
+          done();
+      });
+    });
+
+    it("sql/cartocss combination errors", function(done) {
+      var layergroup =  {
+        version: '1.0.1',
+        layers: [{ options: {
+           sql: "select 1 as i, 'LINESTRING(0 0, 1 0)'::geometry as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#layer [missing=1] { line-width:16; }',
+            geom_column: 'the_geom'
+        }}]
+      };
+      ServerOptions.afterLayergroupCreateCalls = 0;
+      assert.response(server, {
+          url: '/database/windshaft_test/layergroup',
+          method: 'POST',
+          headers: {'Content-Type': 'application/json' },
+          data: JSON.stringify(layergroup)
+      }, {}, function(res) {
+        try {
+          assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
+          // See http://github.com/CartoDB/Windshaft/issues/159
+          assert.equal(ServerOptions.afterLayergroupCreateCalls, 0);
+          var parsed = JSON.parse(res.body);
+          assert.ok(parsed);
+          assert.equal(parsed.errors.length, 1);
+          var error = parsed.errors[0];
+          assert.ok(error.match(/column "missing" does not exist/m), error);
+          // cannot check for error starting with style0 until a new enough mapnik
+          // is used: https://github.com/mapnik/mapnik/issues/1924
+          //assert.ok(error.match(/^style0/), "Error doesn't start with style0: " + error);
+          // TODO: check which layer introduced the problem ?
+          done();
+        } catch (err) { done(err); }
+      });
+    });
+
+    it("sql/interactivity combination error", function(done) {
+      var layergroup =  {
+        version: '1.0.1',
+        layers: [
+          { options: {
+           sql: "select 1 as i, st_setsrid('LINESTRING(0 0, 1 0)'::geometry, 4326) as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#layer { line-width:16; }',
+           interactivity: 'i',
+           geom_column: 'the_geom'
+          }},
+          { options: {
+           sql: "select 1 as i, st_setsrid('LINESTRING(0 0, 1 0)'::geometry, 4326) as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#layer { line-width:16; }',
+           geom_column: 'the_geom'
+          }},
+          { options: {
+           sql: "select 1 as i, st_setsrid('LINESTRING(0 0, 1 0)'::geometry, 4326) as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#layer { line-width:16; }',
+           interactivity: 'missing',
+           geom_column: 'the_geom'
+          }}
+        ]
+      };
+      ServerOptions.afterLayergroupCreateCalls = 0;
+      assert.response(server, {
+          url: '/database/windshaft_test/layergroup',
+          method: 'POST',
+          headers: {'Content-Type': 'application/json' },
+          data: JSON.stringify(layergroup)
+      }, {}, function(res) {
+        try {
+          assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
+          // See http://github.com/CartoDB/Windshaft/issues/159
+          assert.equal(ServerOptions.afterLayergroupCreateCalls, 0);
+          var parsed = JSON.parse(res.body);
+          assert.ok(parsed);
+          assert.equal(parsed.errors.length, 1);
+          var error = parsed.errors[0];
+          assert.ok(error.match(/column "missing" does not exist/m), error);
+          // TODO: check which layer introduced the problem ?
+          done();
+        } catch (err) { done(err); }
+      });
+    });
+
+    it("blank CartoCSS error", function(done) {
+      var layergroup =  {
+        version: '1.0.1',
+        layers: [
+          { options: {
+           sql: "select 1 as i, 'LINESTRING(0 0, 1 0)'::geometry as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#style { line-width:16 }',
+           interactivity: 'i',
+           geom_column: 'the_geom'
+          }},
+          { options: {
+           sql: "select 1 as i, 'LINESTRING(0 0, 1 0)'::geometry as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '',
+           interactivity: 'i',
+           geom_column: 'the_geom'
+          }}
+        ]
+      };
+      assert.response(server, {
+          url: '/database/windshaft_test/layergroup',
+          method: 'POST',
+          headers: {'Content-Type': 'application/json' },
+          data: JSON.stringify(layergroup)
+      }, {}, function(res) {
+        try {
+          assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
+          var parsed = JSON.parse(res.body);
+          assert.ok(parsed);
+          assert.equal(parsed.errors.length, 1);
+          var error = parsed.errors[0];
+          assert.ok(error.match(/^style1: CartoCSS is empty/), error);
+          done();
+        } catch (err) { done(err); }
+      });
+    });
+
+    it("Invalid mapnik-geometry-type CartoCSS error", function(done) {
+      var layergroup =  {
+        version: '1.0.1',
+        layers: [
+          { options: {
+           sql: "select 1 as i, 'LINESTRING(0 0, 1 0)'::geometry as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#style [mapnik-geometry-type=bogus] { line-width:16 }',
+           geom_column: 'the_geom'
+          }},
+          { options: {
+           sql: "select 1 as i, 'LINESTRING(0 0, 1 0)'::geometry as the_geom",
+           cartocss_version: '2.0.2',
+           cartocss: '#style [mapnik-geometry-type=bogus] { line-width:16 }',
+           geom_column: 'the_geom'
+          }}
+        ]
+      };
+      assert.response(server, {
+          url: '/database/windshaft_test/layergroup',
+          method: 'POST',
+          headers: {'Content-Type': 'application/json' },
+          data: JSON.stringify(layergroup)
+      }, {}, function(res) {
+        try {
+          assert.equal(res.statusCode, 400, res.statusCode + ': ' + res.body);
+          var parsed = JSON.parse(res.body);
+          assert.ok(parsed);
+          assert.equal(parsed.errors.length, 1);
+          var error = parsed.errors[0];
+          // carto-0.9.3 used to say "Failed to parse expression",
+          // carto-0.9.5 says "not a valid keyword"
+          assert.ok(error.match(/^style0:.*(Failed|not a valid)/), error);
+          // TODO: check which layer introduced the problem ?
+          done();
+        } catch (err) { done(err); }
+      });
+    });
+
+    it("post'ing style with non existent column in filter returns 400 with error", function(done) {
+        var layergroup =  {
+            version: '1.0.1',
+            layers: [
+                { options: {
+                    sql: 'select * from test_table limit 1',
+                    cartocss: '#test_table::outline[address="one"], [address="two"] { marker-fill: red; }',
+                    cartocss_version: '2.0.2',
+                    interactivity: [ 'cartodb_id' ],
+                    geom_column: 'the_geom'
+                } },
+                { options: {
+                    sql: 'select * from test_big_poly limit 1',
+                    cartocss: '#test_big_poly { marker-fill:blue }',
+                    cartocss_version: '2.0.2',
+                    interactivity: [ 'cartodb_id' ],
+                    geom_column: 'the_geom'
+                } }
+            ]
+        };
+
+        assert.response(server, {
+            url: '/database/windshaft_test/layergroup',
+            method: 'POST',
+            headers: {'Content-Type': 'application/json' },
+            data: JSON.stringify(layergroup)
+        }, {}, function(res) {
+            assert.equal(res.statusCode, 400, res.body);
+            var parsed = JSON.parse(res.body);
+            assert.equal(parsed.errors.length, 1);
+            var error = parsed.errors[0];
+            assert.ok(error.match(/column "address" does not exist/m), error);
+            done();
+        });
+    });
+
+    // See https://github.com/Vizzuality/Windshaft/issues/31
+    it('bogus sql raises 400 status code', function(done) {
+        var bogusSqlMapConfig = testClient.singleLayerMapConfig('BOGUS FROM test_table');
+        testClient.createLayergroup(bogusSqlMapConfig, { statusCode: 400 }, function(err, res) {
+            assert.ok(/syntax error/.test(res.body), "Unexpected error: " + res.body);
+            done();
+        });
+    });
+
+    it('bogus sql raises 200 status code for jsonp', function(done) {
+        var bogusSqlMapConfig = testClient.singleLayerMapConfig('bogus');
+        var options = {
+            method: 'GET',
+            callbackName: 'test',
+            headers: {
+                'Content-Type': 'text/javascript; charset=utf-8'
+            }
+        };
+        testClient.createLayergroup(bogusSqlMapConfig, options, function(err, res) {
+            assert.ok(
+                /^\/\*\*\/ typeof test === 'function' && test\(/.test(res.body),
+                "Body start expected callback name: " + res.body
+            );
+            assert.ok(/syntax error/.test(res.body), "Unexpected error: " + res.body);
+            done();
+        });
+    });
+
+    it('query not selecting the_geom raises 200 status code for jsonp instead of 404', function(done) {
+        var noGeomMapConfig = testClient.singleLayerMapConfig('select null::geometry the_geom_wadus');
+        var options = {
+            method: 'GET',
+            callbackName: 'test',
+            headers: {
+                'Content-Type': 'text/javascript; charset=utf-8'
+            }
+        };
+        testClient.createLayergroup(noGeomMapConfig, options, function(err, res) {
+            assert.ok(
+                /^\/\*\*\/ typeof test === 'function' && test\(/.test(res.body),
+                "Body start expected callback name: " + res.body
+            );
+            assert.ok(/column.*does not exist/.test(res.body), "Unexpected error: " + res.body);
+            done();
+        });
+    });
+
+    it("query with no geometry field returns 400 status",  function(done){
+        var noGeometrySqlMapConfig = testClient.singleLayerMapConfig('SELECT 1');
+        testClient.createLayergroup(noGeometrySqlMapConfig, { statusCode: 400 }, function(err, res) {
+            assert.ok(/column.*does not exist/.test(res.body), "Unexpected error: " + res.body);
+            done();
+        });
+    });
+
+    it("bogus style should raise 400 status",  function(done){
+        var bogusStyleMapConfig = testClient.defaultTableMapConfig('test_table', '#test_table{xxxxx;}');
+        testClient.createLayergroup(bogusStyleMapConfig, { method: 'GET', statusCode: 400 }, done);
+    });
+
+    var defaultErrorExpectedResponse = {
+        status: 400,
+        headers: {
+            'Content-Type': 'application/json; charset=utf-8'
+        }
+    };
+
+    it('should raise 400 error for out of bounds layer index',  function(done){
+        var mapConfig = testClient.singleLayerMapConfig('select * from test_table', null, null, 'name');
+
+        testClient.getGrid(mapConfig, 1, 13, 4011, 3088, defaultErrorExpectedResponse, function(err, res) {
+            assert.deepEqual(JSON.parse(res.body), { errors: ["Layer '1' not found in layergroup"] });
+            done();
+        });
+    });
+
+    ////////////////////////////////////////////////////////////////////
+    //
+    // OPTIONS LAYERGROUP
+    //
+    ////////////////////////////////////////////////////////////////////
+
+    it("nonexistent layergroup token error", function(done) {
+      step(
+        function do_get_tile(err)
+        {
+          assert.ifError(err);
+          var next = this;
+          assert.response(server, {
+              url: '/database/windshaft_test/layergroup/deadbeef/0/0/0/0.grid.json',
+              method: 'GET',
+              encoding: 'binary'
+          }, {}, function(res, err) { next(err, res); });
+        },
+        function checkResponse(err, res) {
+          assert.ifError(err);
+          // FIXME: should be 404
+          assert.equal(res.statusCode, 400, res.statusCode + ':' + res.body);
+          var parsed = JSON.parse(res.body);
+          assert.deepEqual(parsed, {"errors": ["Invalid or nonexistent map configuration token 'deadbeef'"]});
+          return null;
+        },
+        function finish(err) {
+          done(err);
+        }
+      );
+    });
+
+    it('error 400 on json syntax error', function(done) {
+        var layergroup =  {
+            version: '1.0.1',
+            layers: [
+                {
+                    options: {
+                        sql: 'select the_geom from test_table limit 1',
+                        cartocss: '#layer { marker-fill:red }'
+                    }
+                }
+            ]
+        };
+        assert.response(server,
+            {
+                url: '/database/windshaft_test/layergroup',
+                method: 'POST',
+                headers: {'Content-Type': 'application/json; charset=utf-8' },
+                data: '{' + JSON.stringify(layergroup)
+            },
+            {
+                status: 400
+            },
+            function(res) {
+                var parsedBody = JSON.parse(res.body);
+                assert.deepEqual(parsedBody, { errors: ['SyntaxError: Unexpected token {'] });
+                done();
+            }
+        );
+    });
+
+});
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				{"grid":[" "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," !!! "," !!!!!! "," !!!!!!! "," !!!!!!!! "," !!!!!!!!! "," !!!!!!!! "," !!!!!!! "," !!!!!! "," !!! "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "," "],"keys":["","2"],"data":{"2":{"cartodb_id":2}}}