mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-30 22:34:10 -05:00
shasum check for uploaded tarballs
This commit is contained in:
Alex Kocharin
parent
61658cfbdc
commit
78f856cf81
2 changed files with 36 additions and 6 deletions
|
|
@ -154,6 +154,23 @@ Storage.prototype.add_version = function(name, version, metadata, tag, callback)
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if uploaded tarball has a different shasum, it's very likely that we have some kind of error
|
||||||
|
if (utils.is_object(metadata.dist) && typeof(metadata.dist.tarball) === 'string') {
|
||||||
|
var tarball = metadata.dist.tarball.replace(/.*\//, '')
|
||||||
|
if (utils.is_object(data._attachments[tarball])) {
|
||||||
|
if (data._attachments[tarball].shasum != null && metadata.dist.shasum != null) {
|
||||||
|
if (data._attachments[tarball].shasum != metadata.dist.shasum) {
|
||||||
|
return cb(new UError({
|
||||||
|
status: 400,
|
||||||
|
msg: 'shasum error, ' + data._attachments[tarball].shasum + ' != ' + metadata.dist.shasum,
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data._attachments[tarball].version = version
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
data.versions[version] = metadata
|
data.versions[version] = metadata
|
||||||
data['dist-tags'][tag] = version
|
data['dist-tags'][tag] = version
|
||||||
cb()
|
cb()
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
var assert = require('assert');
|
var assert = require('assert')
|
||||||
var readfile = require('fs').readFileSync;
|
, readfile = require('fs').readFileSync
|
||||||
var ex = module.exports;
|
, crypto = require('crypto')
|
||||||
var server = process.server;
|
, ex = module.exports
|
||||||
var server2 = process.server2;
|
, server = process.server
|
||||||
|
, server2 = process.server2
|
||||||
|
|
||||||
ex['trying to fetch non-existent package'] = function(cb) {
|
ex['trying to fetch non-existent package'] = function(cb) {
|
||||||
server.get_package('testpkg', function(res, body) {
|
server.get_package('testpkg', function(res, body) {
|
||||||
|
|
@ -67,8 +68,20 @@ ex['uploading new package version for bad pkg'] = function(cb) {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ex['uploading new package version (bad sha)'] = function(cb) {
|
||||||
|
var pkg = require('./lib/package')('testpkg')
|
||||||
|
pkg.dist.shasum = crypto.createHash('sha1').update('fake').digest('hex')
|
||||||
|
server.put_version('testpkg', '0.0.1', pkg, function(res, body) {
|
||||||
|
assert.equal(res.statusCode, 400);
|
||||||
|
assert(~body.error.indexOf('shasum error'));
|
||||||
|
cb();
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
ex['uploading new package version'] = function(cb) {
|
ex['uploading new package version'] = function(cb) {
|
||||||
server.put_version('testpkg', '0.0.1', require('./lib/package')('testpkg'), function(res, body) {
|
var pkg = require('./lib/package')('testpkg')
|
||||||
|
pkg.dist.shasum = crypto.createHash('sha1').update(readfile('fixtures/binary')).digest('hex')
|
||||||
|
server.put_version('testpkg', '0.0.1', pkg, function(res, body) {
|
||||||
assert.equal(res.statusCode, 201);
|
assert.equal(res.statusCode, 201);
|
||||||
assert(~body.ok.indexOf('published'));
|
assert(~body.ok.indexOf('published'));
|
||||||
cb();
|
cb();
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue