diff --git a/src/lib/constants.js b/src/lib/constants.js index 26ad9b913..04feb64c2 100644 --- a/src/lib/constants.js +++ b/src/lib/constants.js @@ -19,10 +19,15 @@ export const certPem = 'verdaccio-cert.pem'; export const csrPem = 'verdaccio-csr.pem'; export const HEADERS = { + ACCEPT: 'Accept', + ACCEPT_ENCODING: 'Accept-Encoding', + USER_AGENT: 'User-Agent', JSON: 'application/json', CONTENT_TYPE: 'Content-type', + CONTENT_LENGTH: 'content-length', TEXT_PLAIN: 'text/plain', TEXT_HTML: 'text/html', + AUTHORIZATION: 'authorization', FORWARDED_PROTO: 'X-Forwarded-Proto', FRAMES_OPTIONS: 'X-Frame-Options', CSP: 'Content-Security-Policy', diff --git a/src/lib/up-storage.js b/src/lib/up-storage.js index d568d3682..a1eb50737 100644 --- a/src/lib/up-storage.js +++ b/src/lib/up-storage.js @@ -257,9 +257,9 @@ class ProxyStorage implements IProxy { */ _setHeaders(options: any) { const headers = options.headers || {}; - const accept = 'Accept'; - const acceptEncoding = 'Accept-Encoding'; - const userAgent = 'User-Agent'; + const accept = HEADERS.ACCEPT; + const acceptEncoding = HEADERS.ACCEPT_ENCODING; + const userAgent = HEADERS.USER_AGENT; headers[accept] = headers[accept] || contentTypeAccept; headers[acceptEncoding] = headers[acceptEncoding] || 'gzip'; @@ -278,7 +278,7 @@ class ProxyStorage implements IProxy { _setAuth(headers: any) { const { auth } = this.config; - if (_.isNil(auth) || headers['authorization']) { + if (_.isNil(auth) || headers[HEADERS.AUTHORIZATION]) { return headers; } @@ -344,7 +344,7 @@ class ProxyStorage implements IProxy { } type = _.upperFirst(type); - headers['authorization'] = buildToken(type, token); + headers[HEADERS.AUTHORIZATION] = buildToken(type, token); } /** diff --git a/test/lib/server.js b/test/lib/server.js index c74b26561..92619b84e 100644 --- a/test/lib/server.js +++ b/test/lib/server.js @@ -4,7 +4,7 @@ import _ from 'lodash'; import assert from 'assert'; import smartRequest from './request'; import type {IServerBridge} from '../types'; -import {HEADERS, HTTP_STATUS, TOKEN_BASIC} from '../../src/lib/constants'; +import {API_MESSAGE, HEADERS, HTTP_STATUS, TOKEN_BASIC} from '../../src/lib/constants'; import {buildToken} from "../../src/lib/utils"; import {CREDENTIALS} from "../functional/config.functional"; @@ -80,7 +80,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}`, method: 'PUT', headers: { - 'content-type': HEADERS.JSON, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON, }, }).send(data); } @@ -94,7 +94,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/${encodeURIComponent(version)}/-tag/latest`, method: 'PUT', headers: { - 'content-type': HEADERS.JSON, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON, }, }).send(data); } @@ -112,7 +112,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/-/${encodeURIComponent(filename)}/whatever`, method: 'PUT', headers: { - 'content-type': HEADERS.OCTET_STREAM, + [HEADERS.CONTENT_TYPE]: HEADERS.OCTET_STREAM, }, }).send(data); } @@ -122,7 +122,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/-rev/whatever`, method: 'DELETE', headers: { - 'content-type': HEADERS.JSON_CHARSET, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON_CHARSET, }, }); } @@ -132,7 +132,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/-/${filename}/-rev/whatever`, method: 'DELETE', headers: { - 'content-type': HEADERS.JSON_CHARSET, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON_CHARSET, }, }); } @@ -143,7 +143,7 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/${encodeURIComponent(tag)}`, method: 'PUT', headers: { - 'content-type': HEADERS.JSON, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON, }, }).send(JSON.stringify(version)); } @@ -153,8 +153,8 @@ export default class Server implements IServerBridge { uri: `/${encodeURIComponent(name)}/-/${encodeURIComponent(filename)}/whatever`, method: 'PUT', headers: { - 'content-type': HEADERS.OCTET_STREAM, - 'content-length': size, + [HEADERS.CONTENT_TYPE]: HEADERS.OCTET_STREAM, + [HEADERS.CONTENT_LENGTH]: size, }, timeout: 1000, }); @@ -184,7 +184,7 @@ export default class Server implements IServerBridge { addPackage(name: string) { return this.putPackage(name, require('../functional/fixtures/package')(name)) .status(HTTP_STATUS.CREATED) - .body_ok('created new package'); + .body_ok(API_MESSAGE.PKG_CREATED); } whoami() { @@ -210,7 +210,7 @@ export default class Server implements IServerBridge { uri: '/-/_debug', method: 'GET', headers: { - 'content-type': HEADERS.JSON, + [HEADERS.CONTENT_TYPE]: HEADERS.JSON, }, }) } diff --git a/test/unit/__helper/api.js b/test/unit/__helper/api.js index df4159561..d953d3eb8 100644 --- a/test/unit/__helper/api.js +++ b/test/unit/__helper/api.js @@ -10,7 +10,7 @@ export function getPackage( // $FlowFixMe return new Promise((resolve) => { request.get(`/${pkg}`) - .set('authorization', header) + .set(HEADERS.AUTHORIZATION, header) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(statusCode) .end(function(err, res) { @@ -50,7 +50,7 @@ export function getProfile(request: any, token: string, statusCode: number = HTT // $FlowFixMe return new Promise((resolve) => { request.get(`/-/npm/v1/user`) - .set('authorization', `Bearer ${token}`) + .set(HEADERS.AUTHORIZATION, `Bearer ${token}`) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(statusCode) .end(function(err, res) { @@ -64,7 +64,7 @@ export function postProfile(request: any, body: any, token: string, statusCode: return new Promise((resolve) => { request.post(`/-/npm/v1/user`) .send(body) - .set('authorization', `Bearer ${token}`) + .set(HEADERS.AUTHORIZATION, `Bearer ${token}`) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(statusCode) .end(function(err, res) { diff --git a/test/unit/__helper/mock.js b/test/unit/__helper/mock.js index 9bd6bb219..4c6d95c2a 100644 --- a/test/unit/__helper/mock.js +++ b/test/unit/__helper/mock.js @@ -7,6 +7,11 @@ import {VerdaccioConfig} from '../../lib/verdaccio-server'; import Server from '../../lib/server'; import type {IServerBridge} from '../../types'; +/** + * + * @param port + * @returns {VerdaccioProcess} + */ export function mockServer(port: number) { const pathStore = path.join(__dirname, '../partials'); const storePath = path.join(pathStore, '/mock-store'); diff --git a/test/unit/api/api.jwt.spec.js b/test/unit/api/api.jwt.spec.js index 0ae6dc7b4..f0d9bae3b 100644 --- a/test/unit/api/api.jwt.spec.js +++ b/test/unit/api/api.jwt.spec.js @@ -7,10 +7,10 @@ import rimraf from 'rimraf'; import endPointAPI from '../../../src/api/index'; -import {HEADERS, HTTP_STATUS, HEADER_TYPE} from '../../../src/lib/constants'; +import {HEADERS, HTTP_STATUS, HEADER_TYPE, TOKEN_BEARER, TOKEN_BASIC} from '../../../src/lib/constants'; import {mockServer} from '../__helper/mock'; import {DOMAIN_SERVERS} from '../../functional/config.functional'; -import {parseConfigFile} from '../../../src/lib/utils'; +import {buildToken, parseConfigFile} from '../../../src/lib/utils'; import {parseConfigurationFile} from '../__helper'; import {addUser, getPackage} from '../__helper/api'; import {setup} from '../../../src/lib/logger'; @@ -28,6 +28,7 @@ const FORBIDDEN_VUE: string = 'authorization required to access package vue'; describe('endpoint user auth JWT unit test', () => { let app; let mockRegistry; + const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake'); beforeAll(function(done) { const store = path.join(__dirname, '../partials/store/test-jwt-storage'); @@ -70,12 +71,12 @@ describe('endpoint user auth JWT unit test', () => { expect(res.body.ok).toMatch(`user '${credentials.name}' created`); // testing JWT auth headers with token // we need it here, because token is required - const [err1, resp1] = await getPackage(request(app), `Bearer ${token}`, 'vue'); + const [err1, resp1] = await getPackage(request(app), buildToken(TOKEN_BEARER, token), 'vue'); expect(err1).toBeNull(); expect(resp1.body).toBeDefined(); expect(resp1.body.name).toMatch('vue'); - const [err2, resp2] = await getPackage(request(app), `Bearer fake`, 'vue', HTTP_STATUS.UNAUTHORIZED); + const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED); expect(err2).toBeNull(); expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED); expect(resp2.body.error).toMatch(FORBIDDEN_VUE); @@ -92,7 +93,7 @@ describe('endpoint user auth JWT unit test', () => { const token = buildUserBuffer(credentials.name, credentials.password).toString('base64'); request(app).put(`/-/user/org.couchdb.user:${credentials.name}/-rev/undefined`) .send(credentials) - .set('authorization', `Basic ${token}`) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BASIC, token)) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.CREATED) .end(function(err, res) { @@ -104,7 +105,7 @@ describe('endpoint user auth JWT unit test', () => { }); test('should fails on try to access with corrupted token', async (done) => { - const [err2, resp2] = await getPackage(request(app), `Bearer fake`, 'vue', HTTP_STATUS.UNAUTHORIZED); + const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED); expect(err2).toBeNull(); expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED); expect(resp2.body.error).toMatch(FORBIDDEN_VUE); diff --git a/test/unit/api/api.spec.js b/test/unit/api/api.spec.js index 0ecde6247..d4fdda0f5 100644 --- a/test/unit/api/api.spec.js +++ b/test/unit/api/api.spec.js @@ -134,7 +134,7 @@ describe('endpoint unit test', () => { test('should fails on protected endpoint /-/auth-package bad format', (done) => { request(app) .get('/auth-package') - .set('authorization', 'FakeHader') + .set(HEADERS.AUTHORIZATION, 'FakeHader') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) .expect(HTTP_STATUS.FORBIDDEN) .end(function(err, res) { @@ -147,7 +147,7 @@ describe('endpoint unit test', () => { test('should fails on protected endpoint /-/auth-package bad JWT Bearer format', (done) => { request(app) .get('/auth-package') - .set('authorization', TOKEN_BEARER) + .set(HEADERS.AUTHORIZATION, TOKEN_BEARER) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) .expect(HTTP_STATUS.FORBIDDEN) .end(function(err, res) { @@ -160,7 +160,7 @@ describe('endpoint unit test', () => { test('should fails on protected endpoint /-/auth-package well JWT Bearer', (done) => { request(app) .get('/auth-package') - .set('authorization', buildToken(TOKEN_BEARER, '12345')) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, '12345')) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) .expect(HTTP_STATUS.FORBIDDEN) .end(function(err, res) { @@ -192,7 +192,7 @@ describe('endpoint unit test', () => { // we need it here, because token is required request(app) .get('/vue') - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET) .expect(HTTP_STATUS.OK) .end(function(err, res) { @@ -675,7 +675,7 @@ describe('endpoint unit test', () => { const token = await getNewToken(request(app), credentials); request(app) .put('/@scope%2fpk1-test') - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) .send(JSON.stringify({ ...starMetadata, @@ -690,7 +690,7 @@ describe('endpoint unit test', () => { } request(app) .get('/-/_view/starredByUser') - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) .send(JSON.stringify({ key: [credentials.name] @@ -719,7 +719,7 @@ describe('endpoint unit test', () => { request(app) .del('/@scope%2fpk1-test/-rev/4-6abcdb4efd41a576') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .expect(HTTP_STATUS.CREATED) .end(function(err, res) { if (err) { @@ -738,7 +738,7 @@ describe('endpoint unit test', () => { request(app) .del('/non-unpublish/-rev/4-6abcdb4efd41a576') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .expect(HTTP_STATUS.FORBIDDEN) .end(function(err, res) { expect(err).toBeNull(); @@ -754,7 +754,7 @@ describe('endpoint unit test', () => { request(app) .put('/super-admin-can-unpublish') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .send(JSON.stringify(_.assign({}, publishMetadata, { name: 'super-admin-can-unpublish' }))) @@ -771,7 +771,7 @@ describe('endpoint unit test', () => { request(app) .del('/super-admin-can-unpublish/-rev/4-6abcdb4efd41a576') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .expect(HTTP_STATUS.CREATED) .end(function(err, res) { expect(err).toBeNull(); @@ -788,7 +788,7 @@ describe('endpoint unit test', () => { request(app) .put('/all-can-unpublish') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .send(JSON.stringify(_.assign({}, publishMetadata, { name: 'all-can-unpublish' }))) @@ -805,7 +805,7 @@ describe('endpoint unit test', () => { request(app) .del('/all-can-unpublish/-rev/4-6abcdb4efd41a576') .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON) - .set('authorization', buildToken(TOKEN_BEARER, token)) + .set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, token)) .expect(HTTP_STATUS.CREATED) .end(function(err, res) { expect(err).toBeNull(); diff --git a/test/unit/api/uplink.auth.spec.js b/test/unit/api/uplink.auth.spec.js index c78ec41f0..ab0dccb5c 100644 --- a/test/unit/api/uplink.auth.spec.js +++ b/test/unit/api/uplink.auth.spec.js @@ -1,5 +1,5 @@ import ProxyStorage from '../../../src/lib/up-storage'; -import {ERROR_CODE, TOKEN_BASIC, TOKEN_BEARER, DEFAULT_REGISTRY} from "../../../src/lib/constants"; +import {ERROR_CODE, TOKEN_BASIC, TOKEN_BEARER, DEFAULT_REGISTRY, HEADERS} from "../../../src/lib/constants"; import {buildToken} from "../../../src/lib/utils"; import {setup} from '../../../src/lib/logger'; @@ -27,7 +27,7 @@ describe('uplink auth test', () => { test('if set headers empty should return default headers', () => { const headers = setHeaders(); const keys = Object.keys(headers); - const keysExpected = ['Accept', 'Accept-Encoding', 'User-Agent']; + const keysExpected = [HEADERS.ACCEPT, HEADERS.ACCEPT_ENCODING, HEADERS.USER_AGENT]; expect(keys).toEqual(keysExpected); expect(keys).toHaveLength(3); @@ -47,11 +47,11 @@ describe('uplink auth test', () => { test('if assigns the header authorization', () => { const headers = setHeaders({}, { - 'authorization': buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==') + [HEADERS.AUTHORIZATION]: buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==') }); expect(Object.keys(headers)).toHaveLength(4); - expect(headers['authorization']).toEqual(buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==')); + expect(headers[HEADERS.AUTHORIZATION]).toEqual(buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==')); }); test( @@ -63,10 +63,10 @@ describe('uplink auth test', () => { token: 'tokenBearer' } }, { - 'authorization': buildToken(TOKEN_BASIC, 'tokenBasic') + [HEADERS.AUTHORIZATION]: buildToken(TOKEN_BASIC, 'tokenBasic') }); - expect(headers['authorization']).toEqual(buildToken(TOKEN_BASIC, 'tokenBasic')); + expect(headers[HEADERS.AUTHORIZATION]).toEqual(buildToken(TOKEN_BASIC, 'tokenBasic')); } ); @@ -79,7 +79,7 @@ describe('uplink auth test', () => { }); expect(Object.keys(headers)).toHaveLength(4); - expect(headers['authorization']).toEqual(buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==')); + expect(headers[HEADERS.AUTHORIZATION]).toEqual(buildToken(TOKEN_BASIC, 'Zm9vX2Jhcg==')); }); test('set type auth bearer', () => { @@ -91,7 +91,7 @@ describe('uplink auth test', () => { }); expect(Object.keys(headers)).toHaveLength(4); - expect(headers['authorization']).toEqual(buildToken(TOKEN_BEARER, 'Zm9vX2Jhcf===')); + expect(headers[HEADERS.AUTHORIZATION]).toEqual(buildToken(TOKEN_BEARER, 'Zm9vX2Jhcf===')); }); test('set auth type invalid', () => { @@ -117,7 +117,7 @@ describe('uplink auth test', () => { } }); - expect(headers['authorization']).toBe(`${TOKEN_BEARER} myToken`); + expect(headers[HEADERS.AUTHORIZATION]).toBe(buildToken(TOKEN_BEARER, 'myToken')); delete process.env.NPM_TOKEN; }); @@ -130,7 +130,7 @@ describe('uplink auth test', () => { } }); - expect(headers['authorization']).toBe(buildToken(TOKEN_BASIC, 'myTokenTest')); + expect(headers[HEADERS.AUTHORIZATION]).toBe(buildToken(TOKEN_BASIC, 'myTokenTest')); delete process.env.NPM_TOKEN_TEST; }); diff --git a/test/unit/empty.js b/test/unit/empty.js deleted file mode 100644 index 7c645e42f..000000000 --- a/test/unit/empty.js +++ /dev/null @@ -1 +0,0 @@ -export default {}; \ No newline at end of file