From 48aa89f6515996fe4e0dca2675120fa012de72f9 Mon Sep 17 00:00:00 2001 From: Marc Bernard <59966492+mbtools@users.noreply.github.com> Date: Mon, 28 Oct 2024 02:22:15 -0400 Subject: [PATCH] chore: request header constants (#4920) --- .changeset/blue-paws-cheer.md | 7 +++++++ packages/core/core/src/constants.ts | 4 ++++ packages/core/core/src/error-utils.ts | 2 +- packages/middleware/src/middlewares/log.ts | 4 +++- packages/middleware/src/middlewares/user-agent.ts | 3 ++- packages/server/express/test/server.spec.ts | 10 +++++----- 6 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 .changeset/blue-paws-cheer.md diff --git a/.changeset/blue-paws-cheer.md b/.changeset/blue-paws-cheer.md new file mode 100644 index 000000000..ece31e72b --- /dev/null +++ b/.changeset/blue-paws-cheer.md @@ -0,0 +1,7 @@ +--- +'@verdaccio/server': patch +'@verdaccio/middleware': patch +'@verdaccio/core': patch +--- + +chore: request header constants diff --git a/packages/core/core/src/constants.ts b/packages/core/core/src/constants.ts index 6c9da44a6..858b44f77 100644 --- a/packages/core/core/src/constants.ts +++ b/packages/core/core/src/constants.ts @@ -46,6 +46,10 @@ export const HEADERS = { CSP: 'Content-Security-Policy', CTO: 'X-Content-Type-Options', XSS: 'X-XSS-Protection', + CLIENT: 'X-Client', + POWERED_BY: 'X-Powered-By', + RATELIMIT_LIMIT: 'X-RateLimit-Limit', + RATELIMIT_REMAINING: 'X-RateLimit-Remaining', NONE_MATCH: 'If-None-Match', ETAG: 'ETag', JSON_CHARSET: 'application/json; charset=utf-8', diff --git a/packages/core/core/src/error-utils.ts b/packages/core/core/src/error-utils.ts index 168035955..ae08c4b3f 100644 --- a/packages/core/core/src/error-utils.ts +++ b/packages/core/core/src/error-utils.ts @@ -3,7 +3,7 @@ import createError, { HttpError } from 'http-errors'; import { HTTP_STATUS } from './constants'; export const API_ERROR = { - PASSWORD_SHORT: `The provided password does not pass the validation`, + PASSWORD_SHORT: 'The provided password does not pass the validation', MUST_BE_LOGGED: 'You must be logged in to publish packages.', PLUGIN_ERROR: 'bug in the auth plugin system', CONFIG_BAD_FORMAT: 'config file must be an object', diff --git a/packages/middleware/src/middlewares/log.ts b/packages/middleware/src/middlewares/log.ts index 3df5b3e51..a7e6530fe 100644 --- a/packages/middleware/src/middlewares/log.ts +++ b/packages/middleware/src/middlewares/log.ts @@ -1,5 +1,7 @@ import _ from 'lodash'; +import { HEADERS } from '@verdaccio/core'; + import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types'; // FIXME: deprecated, moved to @verdaccio/dev-commons @@ -52,7 +54,7 @@ export const log = (logger) => { }; const log = function (): void { - const forwardedFor = req.get('x-forwarded-for'); + const forwardedFor = req.get(HEADERS.FORWARDED_FOR); const remoteAddress = req.connection.remoteAddress; const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress; let message; diff --git a/packages/middleware/src/middlewares/user-agent.ts b/packages/middleware/src/middlewares/user-agent.ts index d05b3a507..c1979cfde 100644 --- a/packages/middleware/src/middlewares/user-agent.ts +++ b/packages/middleware/src/middlewares/user-agent.ts @@ -1,10 +1,11 @@ import { getUserAgent } from '@verdaccio/config'; +import { HEADERS } from '@verdaccio/core'; import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types'; export function userAgent(config) { return function (_req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void { - res.setHeader('x-powered-by', getUserAgent(config?.user_agent)); + res.setHeader(HEADERS.POWERED_BY, getUserAgent(config?.user_agent)); next(); }; } diff --git a/packages/server/express/test/server.spec.ts b/packages/server/express/test/server.spec.ts index cffd46bdd..95d59ffbb 100644 --- a/packages/server/express/test/server.spec.ts +++ b/packages/server/express/test/server.spec.ts @@ -40,8 +40,8 @@ describe('server api', () => { await supertest(app) .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) - .expect('x-ratelimit-limit', '10000') - .expect('x-ratelimit-remaining', '9999') + .expect(HEADERS.RATELIMIT_LIMIT, '10000') + .expect(HEADERS.RATELIMIT_REMAINING, '9999') .expect(HTTP_STATUS.OK); }); @@ -66,7 +66,7 @@ describe('server api', () => { .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); - const powered = response.get('x-powered-by'); + const powered = response.get(HEADERS.POWERED_BY); expect(powered).toMatch('hidden'); }, 40000); @@ -76,7 +76,7 @@ describe('server api', () => { .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); - const powered = response.get('x-powered-by'); + const powered = response.get(HEADERS.POWERED_BY); expect(powered).toEqual('hidden'); }); @@ -86,7 +86,7 @@ describe('server api', () => { .get('/') .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8) .expect(HTTP_STATUS.OK); - const powered = response.get('x-powered-by'); + const powered = response.get(HEADERS.POWERED_BY); expect(powered).toEqual('custom user agent'); });