2017-04-23 13:02:26 -05:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
let async = require('async');
|
|
|
|
let bodyParser = require('body-parser');
|
|
|
|
let Cookies = require('cookies');
|
|
|
|
let express = require('express');
|
|
|
|
let fs = require('fs');
|
|
|
|
let Handlebars = require('handlebars');
|
|
|
|
let renderReadme = require('render-readme');
|
|
|
|
let Search = require('./search');
|
|
|
|
let Middleware = require('./middleware');
|
|
|
|
let match = Middleware.match;
|
|
|
|
let validate_name = Middleware.validate_name;
|
|
|
|
let validate_pkg = Middleware.validate_package;
|
2014-11-04 09:47:03 -05:00
|
|
|
|
2015-04-08 15:54:59 -05:00
|
|
|
module.exports = function(config, auth, storage) {
|
2017-04-23 13:02:26 -05:00
|
|
|
let app = express.Router();
|
|
|
|
let can = Middleware.allow(auth);
|
2014-11-13 10:52:13 -05:00
|
|
|
|
2014-11-13 12:13:37 -05:00
|
|
|
// validate all of these params as a package name
|
|
|
|
// this might be too harsh, so ask if it causes trouble
|
2017-04-23 13:02:26 -05:00
|
|
|
app.param('package', validate_pkg);
|
|
|
|
app.param('filename', validate_name);
|
|
|
|
app.param('version', validate_name);
|
|
|
|
app.param('anything', match(/.*/));
|
|
|
|
|
|
|
|
app.use(Cookies.express());
|
|
|
|
app.use(bodyParser.urlencoded({extended: false}));
|
|
|
|
app.use(auth.cookie_middleware());
|
2014-11-12 06:14:37 -05:00
|
|
|
app.use(function(req, res, next) {
|
|
|
|
// disable loading in frames (clickjacking, etc.)
|
2017-04-23 13:02:26 -05:00
|
|
|
res.header('X-Frame-Options', 'deny');
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
|
|
|
|
Search.configureStorage(storage);
|
|
|
|
|
|
|
|
Handlebars.registerPartial('entry', fs.readFileSync(require.resolve('./GUI/entry.hbs'), 'utf8'));
|
|
|
|
let template;
|
|
|
|
if (config.web && config.web.template) {
|
|
|
|
template = Handlebars.compile(fs.readFileSync(config.web.template, 'utf8'));
|
|
|
|
} else {
|
|
|
|
template = Handlebars.compile(fs.readFileSync(require.resolve('./GUI/index.hbs'), 'utf8'));
|
2015-02-25 17:15:36 -05:00
|
|
|
}
|
2014-11-12 06:14:37 -05:00
|
|
|
app.get('/', function(req, res, next) {
|
2017-04-23 13:02:26 -05:00
|
|
|
let base = config.url_prefix
|
2015-03-29 14:59:08 -05:00
|
|
|
? config.url_prefix.replace(/\/$/, '')
|
2017-04-23 13:02:26 -05:00
|
|
|
: req.protocol + '://' + req.get('host');
|
|
|
|
res.setHeader('Content-Type', 'text/html');
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
storage.get_local(function(err, packages) {
|
2017-04-23 13:02:26 -05:00
|
|
|
if (err) throw err; // that function shouldn't produce any
|
|
|
|
async.filterSeries(packages, function(pkg, cb) {
|
|
|
|
auth.allow_access(pkg.name, req.remote_user, function(err, allowed) {
|
|
|
|
setImmediate(function() {
|
2016-09-04 12:03:23 -05:00
|
|
|
if (err) {
|
|
|
|
cb(null, false);
|
|
|
|
} else {
|
2017-04-23 13:02:26 -05:00
|
|
|
cb(err, allowed);
|
2016-09-04 12:03:23 -05:00
|
|
|
}
|
2017-04-23 13:02:26 -05:00
|
|
|
});
|
|
|
|
});
|
2016-04-21 15:13:49 -05:00
|
|
|
}, function(err, packages) {
|
2017-04-23 13:02:26 -05:00
|
|
|
if (err) throw err;
|
2015-09-24 03:24:23 -05:00
|
|
|
packages.sort(function(p1, p2) {
|
|
|
|
if (p1.name < p2.name) {
|
|
|
|
return -1;
|
2017-04-23 13:02:26 -05:00
|
|
|
} else {
|
2015-09-24 03:24:23 -05:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2015-02-24 22:21:57 -05:00
|
|
|
next(template({
|
2017-04-23 13:02:26 -05:00
|
|
|
name: config.web && config.web.title ? config.web.title : 'Verdaccio',
|
|
|
|
tagline: config.web && config.web.tagline ? config.web.tagline : '',
|
|
|
|
packages: packages,
|
|
|
|
baseUrl: base,
|
|
|
|
username: req.remote_user.name,
|
|
|
|
}));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
// Static
|
|
|
|
app.get('/-/static/:filename', function(req, res, next) {
|
2017-04-23 13:02:26 -05:00
|
|
|
let file = __dirname + '/static/' + req.params.filename;
|
2014-11-13 11:15:50 -05:00
|
|
|
res.sendFile(file, function(err) {
|
2017-04-23 13:02:26 -05:00
|
|
|
if (!err) return;
|
2014-11-12 11:25:33 -05:00
|
|
|
if (err.status === 404) {
|
2017-04-23 13:02:26 -05:00
|
|
|
next();
|
2014-11-12 06:14:37 -05:00
|
|
|
} else {
|
2017-04-23 13:02:26 -05:00
|
|
|
next(err);
|
2014-11-12 06:14:37 -05:00
|
|
|
}
|
2017-04-23 13:02:26 -05:00
|
|
|
});
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
app.get('/-/logo', function(req, res, next) {
|
2015-03-29 14:59:08 -05:00
|
|
|
res.sendFile( config.web && config.web.logo
|
|
|
|
? config.web.logo
|
2017-04-23 13:02:26 -05:00
|
|
|
: __dirname + '/static/logo-sm.png' );
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
app.post('/-/login', function(req, res, next) {
|
2014-11-16 07:37:50 -05:00
|
|
|
auth.authenticate(req.body.user, req.body.pass, function(err, user) {
|
|
|
|
if (!err) {
|
2017-04-23 13:02:26 -05:00
|
|
|
req.remote_user = user;
|
|
|
|
// res.cookies.set('token', auth.issue_token(req.remote_user))
|
2014-11-24 14:46:37 -05:00
|
|
|
|
2017-04-23 13:02:26 -05:00
|
|
|
let str = req.body.user + ':' + req.body.pass;
|
|
|
|
res.cookies.set('token', auth.aes_encrypt(str).toString('base64'));
|
2014-11-16 07:37:50 -05:00
|
|
|
}
|
|
|
|
|
2017-04-23 13:02:26 -05:00
|
|
|
let base = config.url_prefix
|
2015-03-29 14:59:08 -05:00
|
|
|
? config.url_prefix.replace(/\/$/, '')
|
2017-04-23 13:02:26 -05:00
|
|
|
: req.protocol + '://' + req.get('host');
|
|
|
|
res.redirect(base);
|
|
|
|
});
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
app.post('/-/logout', function(req, res, next) {
|
2017-04-23 13:02:26 -05:00
|
|
|
let base = config.url_prefix
|
2015-03-29 14:59:08 -05:00
|
|
|
? config.url_prefix.replace(/\/$/, '')
|
2017-04-23 13:02:26 -05:00
|
|
|
: req.protocol + '://' + req.get('host');
|
|
|
|
res.cookies.set('token', '');
|
|
|
|
res.redirect(base);
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
// Search
|
|
|
|
app.get('/-/search/:anything', function(req, res, next) {
|
2017-04-23 13:02:26 -05:00
|
|
|
const results = Search.query(req.params.anything);
|
|
|
|
const packages = [];
|
2014-11-12 06:14:37 -05:00
|
|
|
|
2017-04-23 13:02:26 -05:00
|
|
|
const getData = function(i) {
|
2014-11-12 06:14:37 -05:00
|
|
|
storage.get_package(results[i].ref, function(err, entry) {
|
|
|
|
if (!err && entry) {
|
2017-04-20 03:50:48 -05:00
|
|
|
auth.allow_access(entry.name, req.remote_user, function(err, allowed) { // TODO: This may cause performance issue?
|
2017-04-23 13:02:26 -05:00
|
|
|
if (err || !allowed) return;
|
2017-04-20 03:50:48 -05:00
|
|
|
|
2017-04-23 13:02:26 -05:00
|
|
|
packages.push(entry.versions[entry['dist-tags'].latest]);
|
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
if (i >= results.length - 1) {
|
2017-04-23 13:02:26 -05:00
|
|
|
next(packages);
|
2014-11-12 06:14:37 -05:00
|
|
|
} else {
|
2017-04-23 13:02:26 -05:00
|
|
|
getData(i + 1);
|
2014-11-12 06:14:37 -05:00
|
|
|
}
|
2017-04-23 13:02:26 -05:00
|
|
|
});
|
|
|
|
};
|
2014-11-12 06:14:37 -05:00
|
|
|
|
|
|
|
if (results.length) {
|
2017-04-23 13:02:26 -05:00
|
|
|
getData(0);
|
2014-11-12 06:14:37 -05:00
|
|
|
} else {
|
2017-04-23 13:02:26 -05:00
|
|
|
next([]);
|
2014-11-12 06:14:37 -05:00
|
|
|
}
|
2017-04-23 13:02:26 -05:00
|
|
|
});
|
2014-11-12 06:14:37 -05:00
|
|
|
|
2017-03-15 08:57:24 -05:00
|
|
|
app.get('/-/readme(/@:scope?)?/:package/:version?', can('access'), function(req, res, next) {
|
2017-04-23 13:02:26 -05:00
|
|
|
let packageName = req.params.package;
|
|
|
|
if (req.params.scope) packageName = '@'+ req.params.scope + '/' + packageName;
|
2017-03-15 08:57:24 -05:00
|
|
|
storage.get_package(packageName, {req: req}, function(err, info) {
|
2017-04-23 13:02:26 -05:00
|
|
|
if (err) return next(err);
|
|
|
|
next( renderReadme(info.readme || 'ERROR: No README data found!') );
|
|
|
|
});
|
|
|
|
});
|
|
|
|
return app;
|
|
|
|
};
|