0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
verdaccio/lib/config.js

225 lines
6.5 KiB
JavaScript
Raw Normal View History

var assert = require('assert')
, crypto = require('crypto')
2014-06-26 20:21:23 +04:00
, Path = require('path')
, minimatch = require('minimatch')
2014-07-21 17:02:02 +04:00
, UError = require('./error').UserError
, utils = require('./utils')
2013-06-08 05:16:28 +04:00
// [[a, [b, c]], d] -> [a, b, c, d]
function flatten(array) {
2013-10-26 16:18:36 +04:00
var result = []
2013-06-08 05:16:28 +04:00
for (var i=0; i<array.length; i++) {
if (Array.isArray(array[i])) {
2013-10-26 16:18:36 +04:00
result.push.apply(result, flatten(array[i]))
2013-06-08 05:16:28 +04:00
} else {
2013-10-26 16:18:36 +04:00
result.push(array[i])
2013-06-08 05:16:28 +04:00
}
}
2013-10-26 16:18:36 +04:00
return result
2013-06-08 05:16:28 +04:00
}
function Config(config) {
2013-10-26 16:18:36 +04:00
if (!(this instanceof Config)) return new Config(config)
2013-06-08 05:16:28 +04:00
for (var i in config) {
2013-10-26 16:18:36 +04:00
if (this[i] == null) this[i] = config[i]
2013-09-25 13:29:39 +04:00
}
// some weird shell scripts are valid yaml files parsed as string
2013-10-26 16:18:36 +04:00
assert.equal(typeof(config), 'object', 'CONFIG: this doesn\'t look like a valid config file')
assert(this.storage, 'CONFIG: storage path not defined')
var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}
2013-06-08 05:16:28 +04:00
var check_user_or_uplink = function(arg) {
2014-06-18 04:52:07 +04:00
assert(arg !== 'all' && arg !== 'owner' && arg !== 'anonymous' && arg !== 'undefined' && arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg)
2013-10-26 16:18:36 +04:00
assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg)
assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg)
users[arg] = true
}
2013-06-08 05:16:28 +04:00
2013-10-26 16:18:36 +04:00
;['users', 'uplinks', 'packages'].forEach(function(x) {
if (this[x] == null) this[x] = {}
assert(utils.is_object(this[x]), 'CONFIG: bad "'+x+'" value (object expected)')
})
2013-06-08 05:16:28 +04:00
2013-10-26 16:18:36 +04:00
for (var i in this.users) check_user_or_uplink(i)
for (var i in this.uplinks) check_user_or_uplink(i)
2013-06-08 05:16:28 +04:00
for (var i in this.users) {
2013-10-26 16:18:36 +04:00
assert(this.users[i].password, 'CONFIG: no password for user: ' + i)
2013-06-08 05:16:28 +04:00
assert(
2014-01-13 20:48:51 +04:00
typeof(this.users[i].password) === 'string' &&
2013-06-08 05:16:28 +04:00
this.users[i].password.match(/^[a-f0-9]{40}$/)
2013-10-26 16:18:36 +04:00
, 'CONFIG: wrong password format for user: ' + i + ', sha1 expected')
2013-06-08 05:16:28 +04:00
}
2013-10-26 16:18:36 +04:00
2013-06-08 05:16:28 +04:00
for (var i in this.uplinks) {
2013-10-26 16:18:36 +04:00
assert(this.uplinks[i].url, 'CONFIG: no url for uplink: ' + i)
2013-06-08 05:16:28 +04:00
assert(
typeof(this.uplinks[i].url) === 'string'
2013-10-26 16:18:36 +04:00
, 'CONFIG: wrong url format for uplink: ' + i)
this.uplinks[i].url = this.uplinks[i].url.replace(/\/$/, '')
2013-06-08 05:16:28 +04:00
}
2013-10-26 16:18:36 +04:00
2013-10-01 22:02:23 +04:00
function check_userlist(i, hash, action) {
2013-10-26 16:18:36 +04:00
if (hash[action] == null) hash[action] = []
2013-06-13 18:21:14 +04:00
2013-10-01 22:02:23 +04:00
// if it's a string, split it to array
if (typeof(hash[action]) === 'string') {
2013-10-26 16:18:36 +04:00
hash[action] = hash[action].split(/\s+/)
2013-10-01 22:02:23 +04:00
}
2013-06-13 18:21:14 +04:00
2013-10-01 22:02:23 +04:00
assert(
typeof(hash[action]) === 'object' &&
Array.isArray(hash[action])
2013-10-26 16:18:36 +04:00
, 'CONFIG: bad "'+i+'" package '+action+' description (array or string expected)')
hash[action] = flatten(hash[action])
2013-10-01 22:02:23 +04:00
hash[action].forEach(function(user) {
2013-06-08 05:16:28 +04:00
assert(
2013-10-01 22:02:23 +04:00
users[user] != null
2013-10-26 16:18:36 +04:00
, 'CONFIG: "'+i+'" package: user "'+user+'" doesn\'t exist')
})
2013-10-01 22:02:23 +04:00
}
2013-06-08 05:16:28 +04:00
2013-10-01 22:02:23 +04:00
for (var i in this.packages) {
2013-06-08 05:16:28 +04:00
assert(
typeof(this.packages[i]) === 'object' &&
!Array.isArray(this.packages[i])
2013-10-26 16:18:36 +04:00
, 'CONFIG: bad "'+i+'" package description (object expected)')
2013-09-24 10:27:27 +04:00
2013-10-26 16:18:36 +04:00
check_userlist(i, this.packages[i], 'allow_access')
check_userlist(i, this.packages[i], 'allow_publish')
check_userlist(i, this.packages[i], 'proxy_access')
check_userlist(i, this.packages[i], 'proxy_publish')
2013-09-24 10:27:27 +04:00
// deprecated
2013-10-26 16:18:36 +04:00
check_userlist(i, this.packages[i], 'access')
check_userlist(i, this.packages[i], 'proxy')
check_userlist(i, this.packages[i], 'publish')
2013-06-08 05:16:28 +04:00
}
// loading these from ENV if aren't in config
;['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {
if (!(v in this)) {
this[v] = process.env[v] || process.env[v.toUpperCase()]
}
}).bind(this))
2013-12-09 07:59:31 +04:00
// unique identifier of this server (or a cluster), used to avoid loops
if (!this.server_id) {
this.server_id = crypto.pseudoRandomBytes(6).toString('hex')
}
if (this.ignore_latest_tag == null) this.ignore_latest_tag = false
2014-06-26 20:21:23 +04:00
if (this.users_file) {
this.HTPasswd = require('./htpasswd')(
Path.resolve(
Path.dirname(this.self_path),
this.users_file
)
)
}
2013-10-26 16:18:36 +04:00
return this
2013-06-08 05:16:28 +04:00
}
function allow_action(package, who, action) {
2014-01-13 20:48:51 +04:00
return (this.get_package_setting(package, action) || []).reduce(function(prev, curr) {
if (curr === String(who) || curr === 'all') return true
return prev
}, false)
2013-06-08 05:16:28 +04:00
}
Config.prototype.allow_access = function(package, user) {
2013-10-26 16:18:36 +04:00
return allow_action.call(this, package, user, 'allow_access') || allow_action.call(this, package, user, 'access')
2013-06-08 05:16:28 +04:00
}
Config.prototype.allow_publish = function(package, user) {
2013-10-26 16:18:36 +04:00
return allow_action.call(this, package, user, 'allow_publish') || allow_action.call(this, package, user, 'publish')
2013-06-08 05:16:28 +04:00
}
2013-09-24 08:27:47 +04:00
Config.prototype.proxy_access = function(package, uplink) {
2013-10-26 16:18:36 +04:00
return allow_action.call(this, package, uplink, 'proxy_access') || allow_action.call(this, package, uplink, 'proxy')
2013-09-24 08:27:47 +04:00
}
Config.prototype.proxy_publish = function(package, uplink) {
2013-10-26 16:18:36 +04:00
return allow_action.call(this, package, uplink, 'proxy_publish')
2013-06-08 05:16:28 +04:00
}
2014-01-13 20:48:51 +04:00
Config.prototype.get_package_setting = function(package, setting) {
for (var i in this.packages) {
if (minimatch.makeRe(i).exec(package)) {
return this.packages[i][setting]
}
}
return undefined
}
2014-06-26 19:23:21 +04:00
Config.prototype.authenticate = function(user, password, cb) {
2014-07-22 23:48:15 +04:00
if (this.users != null && this.users[user] != null) {
// if user exists in this.users, verify password against it no matter what is in htpasswd
return cb(null, crypto.createHash('sha1').update(password).digest('hex') === this.users[user].password)
2014-06-26 20:21:23 +04:00
}
if (!this.HTPasswd) return cb(null, false)
this.HTPasswd.reload(function() {
cb(null, this.HTPasswd.verify(user, password))
}.bind(this))
2013-06-08 05:16:28 +04:00
}
2014-07-21 17:02:02 +04:00
Config.prototype.add_user = function(user, password, cb) {
2014-07-22 23:48:15 +04:00
if (this.users && this.users[user]) return cb(new UError({
2014-07-23 01:45:28 +04:00
status: 403,
2014-07-22 23:48:15 +04:00
message: 'this user already exists',
}))
2014-07-21 17:02:02 +04:00
if (this.HTPasswd) {
if (this.max_users || this.max_users == null) {
var max_users = Number(this.max_users || Infinity)
this.HTPasswd.add_user(user, password, max_users, cb)
return
}
}
return cb(new UError({
status: 409,
message: 'registration is disabled',
}))
}
2013-10-26 16:18:36 +04:00
module.exports = Config
2013-06-08 05:16:28 +04:00
var parse_interval_table = {
'': 1000,
ms: 1,
s: 1000,
m: 60*1000,
h: 60*60*1000,
d: 86400000,
w: 7*86400000,
M: 30*86400000,
y: 365*86400000,
}
module.exports.parse_interval = function(interval) {
if (typeof(interval) === 'number') return interval * 1000
var result = 0
var last_suffix = Infinity
interval.split(/\s+/).forEach(function(x) {
2014-03-08 04:38:37 +00:00
if (!x) return
var m = x.match(/^((0|[1-9][0-9]*)(\.[0-9]+)?)(ms|s|m|h|d|w|M|y|)$/)
if (!m
|| parse_interval_table[m[4]] >= last_suffix
|| (m[4] === '' && last_suffix !== Infinity)) {
throw new Error('invalid interval: ' + interval)
}
last_suffix = parse_interval_table[m[4]]
result += Number(m[1]) * parse_interval_table[m[4]]
})
return result
}