From 394386385e3fa989dcc223f80c052473e8133e83 Mon Sep 17 00:00:00 2001 From: KukuruzaAndrey Date: Mon, 14 Jan 2019 15:23:25 +0200 Subject: [PATCH 1/3] feat: package version gets sent to plugins --- src/api/endpoint/api/search.js | 2 +- src/api/middleware.js | 11 +++++------ src/api/web/endpoint/package.js | 2 +- src/api/web/endpoint/search.js | 2 +- src/lib/auth.js | 10 +++++----- src/lib/utils.js | 10 ++++++++++ .../middleware/example.middleware.plugin.js | 2 +- test/unit/api/utils.spec.js | 18 +++++++++++++++++- 8 files changed, 41 insertions(+), 16 deletions(-) diff --git a/src/api/endpoint/api/search.js b/src/api/endpoint/api/search.js index c5872e4a4..0c89d2128 100644 --- a/src/api/endpoint/api/search.js +++ b/src/api/endpoint/api/search.js @@ -61,7 +61,7 @@ export default function(route, auth, storage) { stream.on('data', function each(pkg) { processing_pkgs++; - auth.allow_access(pkg.name, req.remote_user, function(err, allowed) { + auth.allow_access({ packageName: pkg.name }, req.remote_user, function(err, allowed) { processing_pkgs--; if (err) { diff --git a/src/api/middleware.js b/src/api/middleware.js index 9a474ae4e..8e24ad858 100644 --- a/src/api/middleware.js +++ b/src/api/middleware.js @@ -5,7 +5,7 @@ import _ from 'lodash'; -import { validateName as utilValidateName, validatePackage as utilValidatePackage, isObject, ErrorCode } from '../lib/utils'; +import { validateName as utilValidateName, validatePackage as utilValidatePackage, getVersionFromTarball, isObject, ErrorCode } from '../lib/utils'; import { API_ERROR, HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '../lib/constants'; import { stringToMD5 } from '../lib/crypto-utils'; import type { $ResponseExtend, $RequestExtend, $NextFunctionVer, IAuth } from '../../types'; @@ -99,12 +99,11 @@ export function allow(auth: IAuth) { return function(action: string) { return function(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) { req.pause(); - let packageName = req.params.package; - if (req.params.scope) { - packageName = `@${req.params.scope}/${packageName}`; - } + const packageName = req.params.scope ? `@${req.params.scope}/${req.params.package}` : req.params.package; + const packageVersion = req.params.filename ? getVersionFromTarball(req.params.filename) : undefined; + // $FlowFixMe - auth['allow_' + action](packageName, req.remote_user, function(error, allowed) { + auth['allow_' + action]({ packageName, packageVersion }, req.remote_user, function(error, allowed) { req.resume(); if (error) { next(error); diff --git a/src/api/web/endpoint/package.js b/src/api/web/endpoint/package.js index 3f3a333f4..38e88e632 100644 --- a/src/api/web/endpoint/package.js +++ b/src/api/web/endpoint/package.js @@ -17,7 +17,7 @@ function addPackageWebApi(route: Router, storage: IStorageHandler, auth: IAuth, const checkAllow = (name, remoteUser) => new Promise((resolve, reject) => { try { - auth.allow_access(name, remoteUser, (err, allowed) => { + auth.allow_access({ packageName: name }, remoteUser, (err, allowed) => { if (err) { resolve(false); } else { diff --git a/src/api/web/endpoint/search.js b/src/api/web/endpoint/search.js index b40780b56..09cdd4ed5 100644 --- a/src/api/web/endpoint/search.js +++ b/src/api/web/endpoint/search.js @@ -20,7 +20,7 @@ function addSearchWebApi(route: Router, storage: IStorageHandler, auth: IAuth) { uplinksLook: false, callback: (err, entry) => { if (!err && entry) { - auth.allow_access(entry.name, req.remote_user, function(err, allowed) { + auth.allow_access({ packageName: entry.name }, req.remote_user, function(err, allowed) { if (err || !allowed) { return; } diff --git a/src/lib/auth.js b/src/lib/auth.js index bd154f419..7694b0d4e 100644 --- a/src/lib/auth.js +++ b/src/lib/auth.js @@ -23,7 +23,7 @@ import { import { convertPayloadToBase64, ErrorCode } from './utils'; import { getMatchedPackagesSpec } from './config-utils'; -import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security } from '@verdaccio/types'; +import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security, AuthPluginPackage } from '@verdaccio/types'; import type { $Response, NextFunction } from 'express'; import type { $RequestExtend, IAuth } from '../../types'; @@ -160,10 +160,10 @@ class Auth implements IAuth { /** * Allow user to access a package. */ - allow_access(packageName: string, user: RemoteUser, callback: Callback) { + allow_access({ packageName, packageVersion }: AuthPluginPackage, user: RemoteUser, callback: Callback) { const plugins = this.plugins.slice(0); // $FlowFixMe - const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages)); + const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages)); const self = this; this.logger.trace({ packageName }, 'allow access for @{packageName}'); @@ -193,11 +193,11 @@ class Auth implements IAuth { /** * Allow user to publish a package. */ - allow_publish(packageName: string, user: string, callback: Callback) { + allow_publish({ packageName, packageVersion }: AuthPluginPackage, user: string, callback: Callback) { const plugins = this.plugins.slice(0); const self = this; // $FlowFixMe - const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages)); + const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages)); this.logger.trace({ packageName }, 'allow publish for @{packageName}'); (function next() { diff --git a/src/lib/utils.js b/src/lib/utils.js index 561a65dd4..34af6f5ed 100644 --- a/src/lib/utils.js +++ b/src/lib/utils.js @@ -502,3 +502,13 @@ export function parseReadme(packageName: string, readme: string): string { export function buildToken(type: string, token: string): string { return `${_.capitalize(type)} ${token}`; } + +/** + * return package version from tarball name + * @param {String} name + * @returns {String} + */ +export function getVersionFromTarball(name: string) { + // $FlowFixMe + return /.+-(\d.+)\.tgz/.test(name) ? name.match(/.+-(\d.+)\.tgz/)[1] : undefined; +} diff --git a/test/flow/plugins/middleware/example.middleware.plugin.js b/test/flow/plugins/middleware/example.middleware.plugin.js index 0789a0385..94a667d30 100644 --- a/test/flow/plugins/middleware/example.middleware.plugin.js +++ b/test/flow/plugins/middleware/example.middleware.plugin.js @@ -24,7 +24,7 @@ export default class ExampleMiddlewarePlugin implements IPluginMiddleware { name: 'test' }; auth.authenticate('user', 'password', () => {}); - auth.allow_access('packageName', remoteUser, () => {}); + auth.allow_access({packageName: 'packageName'}, remoteUser, () => {}); auth.add_user('user', 'password', () => {}); auth.aesEncrypt(new Buffer('pass')); // storage diff --git a/test/unit/api/utils.spec.js b/test/unit/api/utils.spec.js index 4e81f1b3d..3d884389b 100644 --- a/test/unit/api/utils.spec.js +++ b/test/unit/api/utils.spec.js @@ -11,7 +11,8 @@ import { combineBaseUrl, getVersion, normalizeDistTags, - getWebProtocol + getWebProtocol, + getVersionFromTarball } from '../../../src/lib/utils'; import { DIST_TAGS } from '../../../src/lib/constants'; import Logger, { setup } from '../../../src/lib/logger'; @@ -259,6 +260,21 @@ describe('Utilities', () => { }).toThrow(expect.hasAssertions()); }); }); + + describe('getVersionFromTarball', () => { + test('should get the right version', () => { + const simpleName = 'test-name-4.2.12.tgz' + const complexName = 'test-5.6.4-beta.2.tgz' + const otherComplexName = 'test-3.5.0-6.tgz' + expect(getVersionFromTarball(simpleName)).toEqual('4.2.12') + expect(getVersionFromTarball(complexName)).toEqual('5.6.4-beta.2') + expect(getVersionFromTarball(otherComplexName)).toEqual('3.5.0-6') + }) + + test('should don\'n fall at incorrect tarball name', () => { + expect(getVersionFromTarball('incorrectName')).toBeUndefined() + }) + }); }); describe('String utilities', () => { From 399dc181346530328bbc73405532827466a34cae Mon Sep 17 00:00:00 2001 From: KukuruzaAndrey Date: Tue, 15 Jan 2019 10:28:02 +0200 Subject: [PATCH 2/3] chore: update @verdaccio/types version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b480472f5..485d0848a 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ "@commitlint/config-conventional": "7.1.2", "@material-ui/core": "3.1.0", "@material-ui/icons": "3.0.1", - "@verdaccio/types": "4.1.3", + "@verdaccio/types": "^4.1.4", "autosuggest-highlight": "3.1.1", "babel-core": "7.0.0-bridge.0", "babel-eslint": "10.0.1", From f147b2b131dc42c1ebb42e4c7a14757fdde59329 Mon Sep 17 00:00:00 2001 From: KukuruzaAndrey Date: Tue, 15 Jan 2019 10:49:22 +0200 Subject: [PATCH 3/3] chore: pin @verdaccio/types version --- package.json | 2 +- yarn.lock | Bin 558344 -> 558344 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 485d0848a..b432c6b0c 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ "@commitlint/config-conventional": "7.1.2", "@material-ui/core": "3.1.0", "@material-ui/icons": "3.0.1", - "@verdaccio/types": "^4.1.4", + "@verdaccio/types": "4.1.4", "autosuggest-highlight": "3.1.1", "babel-core": "7.0.0-bridge.0", "babel-eslint": "10.0.1", diff --git a/yarn.lock b/yarn.lock index f86309fb779ae6ca1088cf64e1b7a14134f7b4fd..2003837cdde1b2c3e8c02904d31b424976f5b920 100644 GIT binary patch delta 213 zcmeC^QtIeZ+K~B}$wX=TF<%br$r~PU+m%!nq!#Pz>Vs)r6Foyc6TOo3DrGZ66B83d zgCxte6f@%#OGC57L?d%cV{?l{6H61bWOD<4KW9;$a5aex8A4zKPlS9-i5T zDFx|y5n<_priJAdUhW|!z6D;{K2hG8ex~6CKAEPKrGX_`$=ca2`UbAyE@38yW+nyR z>4x5+p=Ob8J_Sk15#bd<7FA_|lPA0oX)buuUhsqwh?#(x8Hibcm=%cGwii5MpRoV{ DR+mck delta 227 zcmeC^QtIeZ+K~BJz*xzOOF^M5wWv5VKTko)WctSq%({~|Jm9t~sVqn>*4Nbs)4C>l zhI+<&CFxbl=0+A4h6Y9kNv3J0W)^0qNybLWmL`UVCTWRgW~r7*X=X;|X$I3LPGJ`h zbIA(H@hL1SN%TpwtjrFIbWAJ{O3R51OAoCK$}@B{GBBxdbvCvvO-^((Fw2heO7bf; za4gT&&UVW1DE758C~F)uQ%GBYg;@^T6G^2^As$_ku3;e|+Z!ISoaCyYSM1jNih R%mT!$K+Lwi;0gPT1pveZP