From 19df355e3cd677c3122f3209aa96a1d1f50fcf44 Mon Sep 17 00:00:00 2001 From: Marc Bernard <59966492+mbtools@users.noreply.github.com> Date: Wed, 17 Jul 2024 13:57:03 -0400 Subject: [PATCH] chore(api): update comment about route parameters (#4719) --- .changeset/witty-meals-nail.md | 5 +++++ packages/api/src/index.ts | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 .changeset/witty-meals-nail.md diff --git a/.changeset/witty-meals-nail.md b/.changeset/witty-meals-nail.md new file mode 100644 index 000000000..325521a53 --- /dev/null +++ b/.changeset/witty-meals-nail.md @@ -0,0 +1,5 @@ +--- +'@verdaccio/api': patch +--- + +chore(api): update comment about route parameters diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts index e4a3b9a1a..0be74b836 100644 --- a/packages/api/src/index.ts +++ b/packages/api/src/index.ts @@ -37,10 +37,11 @@ export default function (config: Config, auth: Auth, storage: Storage): Router { app.param('revision', validateName); app.param('token', validateName); - // these can't be safely put into express url for some reason - // TODO: For some reason? what reason? + // Express route parameter names must be valid JavaScript identifiers, which means + // they cannot start with a hyphen (-) or contain special characters like dots (.) app.param('_rev', match(/^-rev$/)); app.param('org_couchdb_user', match(/^org\.couchdb\.user:/)); + app.use(auth.apiJWTmiddleware()); app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' })); app.use(antiLoop(config));