0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

fix: search leak private package and ui bug

- Check permission in search API
- Fix author's name not show in search result
This commit is contained in:
Meeeeow 2017-04-20 16:50:48 +08:00
parent 04e8638291
commit 38518baf44
3 changed files with 13 additions and 7 deletions

View file

@ -8,7 +8,10 @@
</div> </div>
<div class="col-md-4 col-sm-4"> <div class="col-md-4 col-sm-4">
<div class="author pull-right"> <div class="author pull-right">
<small>By: {{ author.name }}</small> {{!-- I can't make hbs helper work without break code style --}}
{{#with author}}
<small>By: {{{ name }}}</small>
{{/with}}
</div> </div>
</div> </div>
</div> </div>

View file

@ -133,7 +133,11 @@ module.exports = function(config, auth, storage) {
var getData = function(i) { var getData = function(i) {
storage.get_package(results[i].ref, function(err, entry) { storage.get_package(results[i].ref, function(err, entry) {
if (!err && entry) { if (!err && entry) {
packages.push(entry.versions[entry['dist-tags'].latest]) auth.allow_access(entry.name, req.remote_user, function(err, allowed) { // TODO: This may cause performance issue?
if (err || !allowed) return
packages.push(entry.versions[entry['dist-tags'].latest])
})
} }
if (i >= results.length - 1) { if (i >= results.length - 1) {

View file

@ -27,7 +27,7 @@ var packages = [
_npmUser: { _npmUser: {
name: 'test_user', name: 'test_user',
} }
}, }
] ]
describe('search', function() { describe('search', function() {
@ -44,7 +44,7 @@ describe('search', function() {
it('search query item', function() { it('search query item', function() {
var result = Search.query('t'); var result = Search.query('t');
assert(result.length === 3); assert(result.length === 3);
}) });
it('search remove item', function() { it('search remove item', function() {
var item = { var item = {
@ -60,7 +60,6 @@ describe('search', function() {
Search.remove(item.name); Search.remove(item.name);
var result = Search.query('test6'); var result = Search.query('test6');
assert(result.length === 0); assert(result.length === 0);
}) });
})
});