mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-16 21:56:25 -05:00
add access control for web ui
This commit is contained in:
parent
09485451f7
commit
1fe0cedbd0
3 changed files with 35 additions and 26 deletions
|
@ -5,9 +5,12 @@ var marked = require('marked')
|
|||
var Handlebars = require('handlebars')
|
||||
var Error = require('http-errors')
|
||||
var Search = require('./search')
|
||||
var Middleware = require('./middleware')
|
||||
|
||||
module.exports = function(config, auth, storage) {
|
||||
var app = express()
|
||||
var can = Middleware.allow(config)
|
||||
|
||||
app.use(Cookies.express())
|
||||
app.use(express.urlencoded())
|
||||
app.use(auth.cookie_middleware())
|
||||
|
@ -30,11 +33,15 @@ module.exports = function(config, auth, storage) {
|
|||
if (err) throw err // that function shouldn't produce any
|
||||
res.send(template({
|
||||
name: config.web.title || 'Sinopia',
|
||||
packages: packages,
|
||||
packages: packages.filter(allow),
|
||||
baseUrl: base,
|
||||
username: req.remote_user.name,
|
||||
}))
|
||||
})
|
||||
|
||||
function allow(package) {
|
||||
return config.allow_access(package.name, req.remote_user)
|
||||
}
|
||||
})
|
||||
|
||||
// Static
|
||||
|
@ -72,8 +79,8 @@ module.exports = function(config, auth, storage) {
|
|||
|
||||
// Search
|
||||
app.get('/-/search/:anything', function(req, res, next) {
|
||||
var results = Search.query(req.params.anything),
|
||||
packages = []
|
||||
var results = Search.query(req.params.anything)
|
||||
var packages = []
|
||||
|
||||
var getData = function(i) {
|
||||
storage.get_package(results[i].ref, function(err, entry) {
|
||||
|
@ -103,7 +110,7 @@ module.exports = function(config, auth, storage) {
|
|||
}
|
||||
})
|
||||
|
||||
app.get('/-/readme/:package/:version?', function(req, res, next) {
|
||||
app.get('/-/readme/:package/:version?', can('access'), function(req, res, next) {
|
||||
storage.get_package(req.params.package, {req: req}, function(err, info) {
|
||||
if (err) return next(err)
|
||||
res.send( marked(info.readme || 'ERROR: No README data found!') )
|
||||
|
|
24
lib/index.js
24
lib/index.js
|
@ -27,28 +27,8 @@ module.exports = function(config_hash) {
|
|||
var config = Config(config_hash)
|
||||
var storage = Storage(config)
|
||||
var auth = Auth(config)
|
||||
|
||||
var can = function(action) {
|
||||
return function(req, res, next) {
|
||||
if (config['allow_'+action](req.params.package, req.remote_user)) {
|
||||
next()
|
||||
} else {
|
||||
if (!req.remote_user.name) {
|
||||
if (req.remote_user.error) {
|
||||
var message = "can't "+action+' restricted package, ' + req.remote_user.error
|
||||
} else {
|
||||
var message = "can't "+action+" restricted package without auth, did you forget 'npm set always-auth true'?"
|
||||
}
|
||||
next( Error[403](message) )
|
||||
} else {
|
||||
next( Error[403]('user ' + req.remote_user.name
|
||||
+ ' not allowed to ' + action + ' it') )
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var app = express()
|
||||
var app = express()
|
||||
var can = Middleware.allow(config)
|
||||
|
||||
// run in production mode by default, just in case
|
||||
// it shouldn't make any difference anyway
|
||||
|
|
|
@ -157,3 +157,25 @@ module.exports.log_and_etagify = function(req, res, next) {
|
|||
next()
|
||||
}
|
||||
|
||||
module.exports.allow = function(config) {
|
||||
return function(action) {
|
||||
return function(req, res, next) {
|
||||
if (config['allow_'+action](req.params.package, req.remote_user)) {
|
||||
next()
|
||||
} else {
|
||||
if (!req.remote_user.name) {
|
||||
if (req.remote_user.error) {
|
||||
var message = "can't "+action+' restricted package, ' + req.remote_user.error
|
||||
} else {
|
||||
var message = "can't "+action+" restricted package without auth, did you forget 'npm set always-auth true'?"
|
||||
}
|
||||
next( Error[403](message) )
|
||||
} else {
|
||||
next( Error[403]('user ' + req.remote_user.name
|
||||
+ ' not allowed to ' + action + ' it') )
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue