chore: request header constants (#4920)

.changeset/blue-paws-cheer.md

@@ -0,0 +1,7 @@
+---
+'@verdaccio/server': patch
+'@verdaccio/middleware': patch
+'@verdaccio/core': patch
+---
+
+chore: request header constants

packages/core/core/src/constants.ts

@@ -46,6 +46,10 @@ export const HEADERS = {
   CSP: 'Content-Security-Policy',
   CTO: 'X-Content-Type-Options',
   XSS: 'X-XSS-Protection',
+  CLIENT: 'X-Client',
+  POWERED_BY: 'X-Powered-By',
+  RATELIMIT_LIMIT: 'X-RateLimit-Limit',
+  RATELIMIT_REMAINING: 'X-RateLimit-Remaining',
   NONE_MATCH: 'If-None-Match',
   ETAG: 'ETag',
   JSON_CHARSET: 'application/json; charset=utf-8',

packages/core/core/src/error-utils.ts

@@ -3,7 +3,7 @@ import createError, { HttpError } from 'http-errors';
 import { HTTP_STATUS } from './constants';
 
 export const API_ERROR = {
-  PASSWORD_SHORT: `The provided password does not pass the validation`,
+  PASSWORD_SHORT: 'The provided password does not pass the validation',
   MUST_BE_LOGGED: 'You must be logged in to publish packages.',
   PLUGIN_ERROR: 'bug in the auth plugin system',
   CONFIG_BAD_FORMAT: 'config file must be an object',

packages/middleware/src/middlewares/log.ts

@@ -1,5 +1,7 @@
 import _ from 'lodash';
 
+import { HEADERS } from '@verdaccio/core';
+
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
 // FIXME: deprecated, moved to @verdaccio/dev-commons
@@ -52,7 +54,7 @@ export const log = (logger) => {
     };
 
     const log = function (): void {
-      const forwardedFor = req.get('x-forwarded-for');
+      const forwardedFor = req.get(HEADERS.FORWARDED_FOR);
       const remoteAddress = req.connection.remoteAddress;
       const remoteIP = forwardedFor ? `${forwardedFor} via ${remoteAddress}` : remoteAddress;
       let message;

packages/middleware/src/middlewares/user-agent.ts

@@ -1,10 +1,11 @@
 import { getUserAgent } from '@verdaccio/config';
+import { HEADERS } from '@verdaccio/core';
 
 import { $NextFunctionVer, $RequestExtend, $ResponseExtend } from '../types';
 
 export function userAgent(config) {
   return function (_req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer): void {
-    res.setHeader('x-powered-by', getUserAgent(config?.user_agent));
+    res.setHeader(HEADERS.POWERED_BY, getUserAgent(config?.user_agent));
     next();
   };
 }

packages/server/express/test/server.spec.ts

@@ -40,8 +40,8 @@ describe('server api', () => {
     await supertest(app)
       .get('/')
       .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
-      .expect('x-ratelimit-limit', '10000')
+      .expect(HEADERS.RATELIMIT_LIMIT, '10000')
-      .expect('x-ratelimit-remaining', '9999')
+      .expect(HEADERS.RATELIMIT_REMAINING, '9999')
       .expect(HTTP_STATUS.OK);
   });
 
@@ -66,7 +66,7 @@ describe('server api', () => {
       .get('/')
       .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
       .expect(HTTP_STATUS.OK);
-    const powered = response.get('x-powered-by');
+    const powered = response.get(HEADERS.POWERED_BY);
     expect(powered).toMatch('hidden');
   }, 40000);
 
@@ -76,7 +76,7 @@ describe('server api', () => {
       .get('/')
       .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
       .expect(HTTP_STATUS.OK);
-    const powered = response.get('x-powered-by');
+    const powered = response.get(HEADERS.POWERED_BY);
     expect(powered).toEqual('hidden');
   });
 
@@ -86,7 +86,7 @@ describe('server api', () => {
       .get('/')
       .expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.TEXT_HTML_UTF8)
       .expect(HTTP_STATUS.OK);
-    const powered = response.get('x-powered-by');
+    const powered = response.get(HEADERS.POWERED_BY);
     expect(powered).toEqual('custom user agent');
   });