feat: package version gets sent to plugins

2024-12-16 21:56:25 -05:00 · 2019-01-14 15:23:25 +02:00 · 2019-01-14 15:23:25 +02:00 · 394386385e
commit 394386385e
parent 6a6dc16c82
8 changed files with 41 additions and 16 deletions
--- a/src/api/endpoint/api/search.js
+++ b/src/api/endpoint/api/search.js
@ -61,7 +61,7 @@ export default function(route, auth, storage) {
    stream.on('data', function each(pkg) {
      processing_pkgs++;

-      auth.allow_access(pkg.name, req.remote_user, function(err, allowed) {
+      auth.allow_access({ packageName: pkg.name }, req.remote_user, function(err, allowed) {
        processing_pkgs--;

        if (err) {
--- a/src/api/middleware.js
+++ b/src/api/middleware.js
@ -5,7 +5,7 @@

 import _ from 'lodash';

-import { validateName as utilValidateName, validatePackage as utilValidatePackage, isObject, ErrorCode } from '../lib/utils';
+import { validateName as utilValidateName, validatePackage as utilValidatePackage, getVersionFromTarball, isObject, ErrorCode } from '../lib/utils';
 import { API_ERROR, HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '../lib/constants';
 import { stringToMD5 } from '../lib/crypto-utils';
 import type { $ResponseExtend, $RequestExtend, $NextFunctionVer, IAuth } from '../../types';
@ -99,12 +99,11 @@ export function allow(auth: IAuth) {
  return function(action: string) {
    return function(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
      req.pause();
-      let packageName = req.params.package;
-      if (req.params.scope) {
-        packageName = `@${req.params.scope}/${packageName}`;
-      }
+      const packageName = req.params.scope ? `@${req.params.scope}/${req.params.package}` : req.params.package;
+      const packageVersion = req.params.filename ? getVersionFromTarball(req.params.filename) : undefined;
+
      // $FlowFixMe
-      auth['allow_' + action](packageName, req.remote_user, function(error, allowed) {
+      auth['allow_' + action]({ packageName, packageVersion }, req.remote_user, function(error, allowed) {
        req.resume();
        if (error) {
          next(error);
--- a/src/api/web/endpoint/package.js
+++ b/src/api/web/endpoint/package.js
@ -17,7 +17,7 @@ function addPackageWebApi(route: Router, storage: IStorageHandler, auth: IAuth,
  const checkAllow = (name, remoteUser) =>
    new Promise((resolve, reject) => {
      try {
-        auth.allow_access(name, remoteUser, (err, allowed) => {
+        auth.allow_access({ packageName: name }, remoteUser, (err, allowed) => {
          if (err) {
            resolve(false);
          } else {
--- a/src/api/web/endpoint/search.js
+++ b/src/api/web/endpoint/search.js
@ -20,7 +20,7 @@ function addSearchWebApi(route: Router, storage: IStorageHandler, auth: IAuth) {
        uplinksLook: false,
        callback: (err, entry) => {
          if (!err && entry) {
-            auth.allow_access(entry.name, req.remote_user, function(err, allowed) {
+            auth.allow_access({ packageName: entry.name }, req.remote_user, function(err, allowed) {
              if (err || !allowed) {
                return;
              }
--- a/src/lib/auth.js
+++ b/src/lib/auth.js
@ -23,7 +23,7 @@ import {
 import { convertPayloadToBase64, ErrorCode } from './utils';
 import { getMatchedPackagesSpec } from './config-utils';

-import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security } from '@verdaccio/types';
+import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security, AuthPluginPackage } from '@verdaccio/types';
 import type { $Response, NextFunction } from 'express';
 import type { $RequestExtend, IAuth } from '../../types';

@ -160,10 +160,10 @@ class Auth implements IAuth {
  /**
   * Allow user to access a package.
   */
-  allow_access(packageName: string, user: RemoteUser, callback: Callback) {
+  allow_access({ packageName, packageVersion }: AuthPluginPackage, user: RemoteUser, callback: Callback) {
    const plugins = this.plugins.slice(0);
    // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
    const self = this;
    this.logger.trace({ packageName }, 'allow access for @{packageName}');

@ -193,11 +193,11 @@ class Auth implements IAuth {
  /**
   * Allow user to publish a package.
   */
-  allow_publish(packageName: string, user: string, callback: Callback) {
+  allow_publish({ packageName, packageVersion }: AuthPluginPackage, user: string, callback: Callback) {
    const plugins = this.plugins.slice(0);
    const self = this;
    // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
    this.logger.trace({ packageName }, 'allow publish for @{packageName}');

    (function next() {
--- a/src/lib/utils.js
+++ b/src/lib/utils.js
@ -502,3 +502,13 @@ export function parseReadme(packageName: string, readme: string): string {
 export function buildToken(type: string, token: string): string {
  return `${_.capitalize(type)} ${token}`;
 }
+
+/**
+ * return package version from tarball name
+ * @param {String} name
+ * @returns {String}
+ */
+export function getVersionFromTarball(name: string) {
+  // $FlowFixMe
+  return /.+-(\d.+)\.tgz/.test(name) ? name.match(/.+-(\d.+)\.tgz/)[1] : undefined;
+}
--- a/test/flow/plugins/middleware/example.middleware.plugin.js
+++ b/test/flow/plugins/middleware/example.middleware.plugin.js
@ -24,7 +24,7 @@ export default class ExampleMiddlewarePlugin implements IPluginMiddleware {
 			name: 'test'
 		};
 		auth.authenticate('user', 'password', () => {});
-		auth.allow_access('packageName', remoteUser, () => {});
+		auth.allow_access({packageName: 'packageName'}, remoteUser, () => {});
 		auth.add_user('user', 'password', () => {});
 		auth.aesEncrypt(new Buffer('pass'));
 		// storage
--- a/test/unit/api/utils.spec.js
+++ b/test/unit/api/utils.spec.js
@ -11,7 +11,8 @@ import {
  combineBaseUrl,
  getVersion,
  normalizeDistTags,
-  getWebProtocol
+  getWebProtocol,
+  getVersionFromTarball
 } from '../../../src/lib/utils';
 import { DIST_TAGS } from '../../../src/lib/constants';
 import Logger, { setup } from '../../../src/lib/logger';
@ -259,6 +260,21 @@ describe('Utilities', () => {
        }).toThrow(expect.hasAssertions());
      });
    });
+
+    describe('getVersionFromTarball', () => {
+      test('should get the right version', () => {
+        const simpleName = 'test-name-4.2.12.tgz'
+        const complexName = 'test-5.6.4-beta.2.tgz'
+        const otherComplexName = 'test-3.5.0-6.tgz'
+        expect(getVersionFromTarball(simpleName)).toEqual('4.2.12')
+        expect(getVersionFromTarball(complexName)).toEqual('5.6.4-beta.2')
+        expect(getVersionFromTarball(otherComplexName)).toEqual('3.5.0-6')
+      })
+
+      test('should don\'n fall at incorrect tarball name', () => {
+        expect(getVersionFromTarball('incorrectName')).toBeUndefined()
+      })
+    });
  });

  describe('String utilities', () => {