mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-06 22:40:26 -05:00
Pass allow_access calls that don't use the can() middleware through the plugin interface
This commit is contained in:
parent
82539add26
commit
0af72f0c68
4 changed files with 35 additions and 22 deletions
|
@ -59,7 +59,7 @@ packages:
|
|||
# # you can override storage directory for a group of packages this way:
|
||||
# storage: 'local_storage'
|
||||
|
||||
# Delegate handling package access authorization and settings to an external
|
||||
# Delegate handling package access authorization to an external
|
||||
# plugin for packages with this prefix
|
||||
#'external-*':
|
||||
# plugin: my_plugin
|
||||
|
|
|
@ -10,10 +10,11 @@ var match = Middleware.match
|
|||
var media = Middleware.media
|
||||
var validate_name = Middleware.validate_name
|
||||
var validate_pkg = Middleware.validate_package
|
||||
var async = require('async')
|
||||
|
||||
module.exports = function(config, auth, storage, packages) {
|
||||
module.exports = function(config, auth, storage, package_provider) {
|
||||
var app = express.Router()
|
||||
var can = Middleware.allow(config, packages)
|
||||
var can = Middleware.allow(config, package_provider)
|
||||
|
||||
// validate all of these params as a package name
|
||||
// this might be too harsh, so ask if it causes trouble
|
||||
|
@ -85,12 +86,16 @@ module.exports = function(config, auth, storage, packages) {
|
|||
app.get('/-/all/:anything?', function(req, res, next) {
|
||||
storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
|
||||
if (err) return next(err)
|
||||
for (var pkg in result) {
|
||||
if (!config.allow_access(pkg, req.remote_user)) {
|
||||
delete result[pkg]
|
||||
}
|
||||
}
|
||||
return next(result)
|
||||
async.eachSeries(Object.keys(result), function(pkg, cb) {
|
||||
package_provider.allow_access(pkg, req.remote_user, function(err, allowed) {
|
||||
if(err) return cb(err)
|
||||
if(!allowed) delete result[pkg]
|
||||
cb()
|
||||
})
|
||||
}, function(err) {
|
||||
if(err) return next(err)
|
||||
next(result)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
|
|
|
@ -5,15 +5,16 @@ var fs = require('fs')
|
|||
var Handlebars = require('handlebars')
|
||||
var Error = require('http-errors')
|
||||
var renderReadme = require('render-readme')
|
||||
var async = require('async')
|
||||
var Search = require('./search')
|
||||
var Middleware = require('./middleware')
|
||||
var match = Middleware.match
|
||||
var validate_name = Middleware.validate_name
|
||||
var validate_pkg = Middleware.validate_package
|
||||
|
||||
module.exports = function(config, auth, storage, packages) {
|
||||
module.exports = function(config, auth, storage, package_provider) {
|
||||
var app = express.Router()
|
||||
var can = Middleware.allow(config, packages)
|
||||
var can = Middleware.allow(config, package_provider)
|
||||
|
||||
// validate all of these params as a package name
|
||||
// this might be too harsh, so ask if it causes trouble
|
||||
|
@ -42,17 +43,20 @@ module.exports = function(config, auth, storage, packages) {
|
|||
|
||||
storage.get_local(function(err, packages) {
|
||||
if (err) throw err // that function shouldn't produce any
|
||||
next(template({
|
||||
name: config.web && config.web.title ? config.web.title : 'Sinopia',
|
||||
packages: packages.filter(allow),
|
||||
baseUrl: base,
|
||||
username: req.remote_user.name,
|
||||
}))
|
||||
async.filterSeries(packages, function(package, cb) {
|
||||
package_provider.allow_access(package.name, req.remote_user, function(err, allowed) {
|
||||
if(err) cb(false)
|
||||
else cb(allowed)
|
||||
})
|
||||
}, function(packages) {
|
||||
next(template({
|
||||
name: config.web && config.web.title ? config.web.title : 'Sinopia',
|
||||
packages: packages,
|
||||
baseUrl: base,
|
||||
username: req.remote_user.name,
|
||||
}))
|
||||
})
|
||||
})
|
||||
|
||||
function allow(package) {
|
||||
return config.allow_access(package.name, req.remote_user)
|
||||
}
|
||||
})
|
||||
|
||||
// Static
|
||||
|
|
|
@ -53,7 +53,11 @@ function check_plugin_result(function_name, package, arg, cb) {
|
|||
if(error) {
|
||||
cb(error)
|
||||
} else {
|
||||
cb(null, current_result)
|
||||
if(current_result === undefined) {
|
||||
self.default_plugin[function_name](package, arg, cb)
|
||||
} else {
|
||||
cb(null, current_result)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue