mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-16 21:56:25 -05:00
feat: migrateToSecureLegacySignature 6.x (#4643)
* migrate to forceMigrateToSecureLegacySignature update dependencies * Update ci.yml * Update ci.yml * format * improve ci
This commit is contained in:
parent
306da4af3f
commit
7b1414733b
17 changed files with 61 additions and 228 deletions
8
.github/workflows/ci.yml
vendored
8
.github/workflows/ci.yml
vendored
|
@ -2,6 +2,12 @@ name: CI
|
|||
|
||||
on: [push, pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
concurrency:
|
||||
group: ci-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
name: Node ${{ matrix.node_version }}
|
||||
|
@ -10,7 +16,7 @@ jobs:
|
|||
fail-fast: false
|
||||
matrix:
|
||||
# only suported versions defined at https://nodejs.org/en/about/previous-releases
|
||||
node_version: [18, 20, 21]
|
||||
node_version: [18, 20, 21, 22]
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
|
37
.github/workflows/e2e-angular-cli-workflow.yml
vendored
37
.github/workflows/e2e-angular-cli-workflow.yml
vendored
|
@ -5,43 +5,6 @@ on:
|
|||
|
||||
name: 'E2E Angular CLI with verdaccio'
|
||||
jobs:
|
||||
npm7:
|
||||
name: 'npm7:angular example'
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
|
||||
- name: 'Use Node.js'
|
||||
uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
|
||||
with:
|
||||
node-version-file: '.nvmrc'
|
||||
- name: 'install latest npm'
|
||||
run: npm i -g npm@next-7
|
||||
- name: Install Dependencies
|
||||
run: yarn install
|
||||
- name: 'Run verdaccio in the background'
|
||||
run: |
|
||||
nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
|
||||
- name: 'Ping to verdaccio'
|
||||
run: |
|
||||
npm ping --registry http://localhost:4873
|
||||
- name: 'Running the integration test'
|
||||
run: |
|
||||
source scripts/e2e-setup-ci.sh
|
||||
echo "registry=http://localhost:4873" > ~/.npmrc
|
||||
npm config set loglevel="silent"
|
||||
npm config set fetch-retries="5"
|
||||
npm config set fetch-retry-factor="50"
|
||||
npm config set fetch-retry-mintimeout="20000"
|
||||
npm config set fetch-retry-maxtimeout="80000"
|
||||
npm install -g @angular/cli
|
||||
ng new verdaccio-angular --interactive=false
|
||||
|
||||
cd verdaccio-angular
|
||||
npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
|
||||
|
||||
npm run ng build --aot
|
||||
npm8:
|
||||
name: 'npm8:angular example'
|
||||
runs-on: ubuntu-latest
|
||||
|
|
6
.github/workflows/e2e-jest-workflow.yml
vendored
6
.github/workflows/e2e-jest-workflow.yml
vendored
|
@ -202,8 +202,8 @@ jobs:
|
|||
yarn add left-pad --registry http://localhost:4873 --verbose
|
||||
echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
|
||||
yarn jest module.test.js
|
||||
pnpm7:
|
||||
name: 'pnpm:7:jest example'
|
||||
pnpm9:
|
||||
name: 'pnpm:9:jest example'
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
@ -214,7 +214,7 @@ jobs:
|
|||
with:
|
||||
node-version-file: '.nvmrc'
|
||||
- name: 'install latest pnpm'
|
||||
run: npm i -g pnpm@latest-7
|
||||
run: npm i -g pnpm@latest-9
|
||||
- name: Install Dependencies
|
||||
run: yarn install
|
||||
- name: 'Run verdaccio in the background'
|
||||
|
|
66
package.json
66
package.json
|
@ -19,22 +19,22 @@
|
|||
"url": "https://opencollective.com/verdaccio"
|
||||
},
|
||||
"dependencies": {
|
||||
"@verdaccio/auth": "7.0.0-next-7.13",
|
||||
"@verdaccio/config": "7.0.0-next-7.13",
|
||||
"@verdaccio/core": "7.0.0-next-7.13",
|
||||
"@verdaccio/hooks": "7.0.0-next-7.13",
|
||||
"@verdaccio/loaders": "7.0.0-next-7.13",
|
||||
"@verdaccio/auth": "7.0.0-next-7.15",
|
||||
"@verdaccio/config": "7.0.0-next-7.15",
|
||||
"@verdaccio/core": "7.0.0-next-7.15",
|
||||
"@verdaccio/hooks": "7.0.0-next-7.15",
|
||||
"@verdaccio/loaders": "7.0.0-next-7.15",
|
||||
"@verdaccio/local-storage": "10.3.4",
|
||||
"@verdaccio/logger": "7.0.0-next-7.13",
|
||||
"@verdaccio/middleware": "7.0.0-next-7.13",
|
||||
"@verdaccio/proxy": "7.0.0-next-7.13",
|
||||
"@verdaccio/search": "7.0.0-next-7.2",
|
||||
"@verdaccio/signature": "7.0.0-next.3",
|
||||
"@verdaccio/logger": "7.0.0-next-7.15",
|
||||
"@verdaccio/middleware": "7.0.0-next-7.15",
|
||||
"@verdaccio/proxy": "7.0.0-next-7.15",
|
||||
"@verdaccio/search": "7.0.0-next-7.4",
|
||||
"@verdaccio/signature": "7.0.0-next-7.5",
|
||||
"@verdaccio/streams": "10.2.1",
|
||||
"@verdaccio/tarball": "12.0.0-next-7.13",
|
||||
"@verdaccio/ui-theme": "7.0.0-next-7.13",
|
||||
"@verdaccio/url": "12.0.0-next-7.13",
|
||||
"@verdaccio/utils": "7.0.0-next-7.13",
|
||||
"@verdaccio/tarball": "12.0.0-next-7.15",
|
||||
"@verdaccio/ui-theme": "3.4.1",
|
||||
"@verdaccio/url": "12.0.0-next-7.15",
|
||||
"@verdaccio/utils": "7.0.0-next-7.15",
|
||||
"async": "3.2.5",
|
||||
"clipanion": "3.2.1",
|
||||
"compression": "1.7.4",
|
||||
|
@ -53,32 +53,32 @@
|
|||
"mkdirp": "1.0.4",
|
||||
"mv": "2.1.1",
|
||||
"pkginfo": "0.4.1",
|
||||
"semver": "7.6.0",
|
||||
"validator": "13.11.0",
|
||||
"verdaccio-audit": "12.0.0-next-7.13",
|
||||
"verdaccio-htpasswd": "12.0.0-next-7.13"
|
||||
"semver": "7.6.2",
|
||||
"validator": "13.12.0",
|
||||
"verdaccio-audit": "12.0.0-next-7.15",
|
||||
"verdaccio-htpasswd": "12.0.0-next-7.15"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@babel/cli": "7.23.4",
|
||||
"@babel/core": "7.23.7",
|
||||
"@babel/eslint-parser": "7.23.3",
|
||||
"@babel/node": "7.22.19",
|
||||
"@babel/cli": "7.24.5",
|
||||
"@babel/core": "7.24.5",
|
||||
"@babel/eslint-parser": "7.24.5",
|
||||
"@babel/node": "7.23.9",
|
||||
"@babel/plugin-proposal-class-properties": "7.18.6",
|
||||
"@babel/plugin-syntax-dynamic-import": "7.8.3",
|
||||
"@babel/polyfill": "^7.12.1",
|
||||
"@babel/preset-env": "7.23.8",
|
||||
"@babel/preset-typescript": "7.23.3",
|
||||
"@babel/preset-env": "7.24.5",
|
||||
"@babel/preset-typescript": "7.24.1",
|
||||
"@babel/register": "7.23.7",
|
||||
"@babel/runtime": "7.23.8",
|
||||
"@octokit/rest": "20.0.2",
|
||||
"@babel/runtime": "7.24.5",
|
||||
"@octokit/rest": "20.1.1",
|
||||
"@trivago/prettier-plugin-sort-imports": "4.3.0",
|
||||
"@types/async": "3.2.24",
|
||||
"@types/express": "4.17.21",
|
||||
"@types/express-serve-static-core": "4.17.42",
|
||||
"@types/express-serve-static-core": "4.19.0",
|
||||
"@types/http-errors": "2.0.4",
|
||||
"@types/jest": "29.5.11",
|
||||
"@types/lodash": "4.14.202",
|
||||
"@types/mime": "3.0.4",
|
||||
"@types/jest": "29.5.12",
|
||||
"@types/lodash": "4.17.1",
|
||||
"@types/mime": "3.0.0",
|
||||
"@types/minimatch": "5.1.2",
|
||||
"@types/node": "20.11.7",
|
||||
"@types/semver": "7.5.6",
|
||||
|
@ -109,13 +109,13 @@
|
|||
"lockfile-lint": "4.13.2",
|
||||
"mockdate": "3.0.5",
|
||||
"nock": "13.5.0",
|
||||
"prettier": "3.2.4",
|
||||
"rimraf": "5.0.5",
|
||||
"prettier": "3.2.5",
|
||||
"rimraf": "5.0.7",
|
||||
"selfsigned": "2.4.1",
|
||||
"standard-version": "9.5.0",
|
||||
"supertest": "6.3.4",
|
||||
"ts-node": "10.9.2",
|
||||
"typescript": "5.3.3",
|
||||
"typescript": "5.4.5",
|
||||
"verdaccio-auth-memory": "10.2.2",
|
||||
"verdaccio-memory": "10.3.2"
|
||||
},
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
export { parseConfigFile } from './lib/utils';
|
||||
export { ConfigBuilder, parseConfigFile, findConfigFile } from '@verdaccio/config';
|
||||
export { startVerdaccio as default, startVerdaccio } from './lib/bootstrap';
|
||||
// Similar structure as v6 but with different functions
|
||||
// this is a bridge for easy migration to v6
|
||||
export { runServer } from './lib/run-server';
|
||||
export { ConfigBuilder } from '@verdaccio/config';
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
import { Command, Option } from 'clipanion';
|
||||
import path from 'path';
|
||||
|
||||
import { findConfigFile, parseConfigFile } from '@verdaccio/config';
|
||||
import { warningUtils } from '@verdaccio/core';
|
||||
import { ConfigYaml } from '@verdaccio/types';
|
||||
|
||||
import { listenDefaultCallback, startVerdaccio } from '../../bootstrap';
|
||||
import findConfigFile from '../../config-path';
|
||||
import { parseConfigFile } from '../../utils';
|
||||
|
||||
require('pkginfo')(module);
|
||||
const pkgVersion = module.exports.version;
|
||||
|
|
|
@ -1,135 +0,0 @@
|
|||
import buildDebug from 'debug';
|
||||
import fs from 'fs';
|
||||
import _ from 'lodash';
|
||||
import mkdirp from 'mkdirp';
|
||||
import Path from 'path';
|
||||
|
||||
import { fileExists, folderExists } from './utils';
|
||||
|
||||
const debug = buildDebug('verdaccio:config');
|
||||
|
||||
const CONFIG_FILE = 'config.yaml';
|
||||
const XDG = 'xdg';
|
||||
const WIN = 'win';
|
||||
const WIN32 = 'win32';
|
||||
// eslint-disable-next-line
|
||||
const pkgJSON = require('../../package.json');
|
||||
|
||||
export type SetupDirectory = {
|
||||
path: string;
|
||||
type: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* Find and get the first config file that match.
|
||||
* @return {String} the config file path
|
||||
*/
|
||||
function findConfigFile(configPath?: string): string {
|
||||
if (typeof configPath !== 'undefined') {
|
||||
return Path.resolve(configPath);
|
||||
}
|
||||
|
||||
const configPaths: SetupDirectory[] = getConfigPaths();
|
||||
debug('%o posible locations found', configPaths.length);
|
||||
if (_.isEmpty(configPaths)) {
|
||||
throw new Error('no configuration files can be processed');
|
||||
}
|
||||
|
||||
const primaryConf: any = _.find(configPaths, (configLocation: any) =>
|
||||
fileExists(configLocation.path)
|
||||
);
|
||||
if (typeof primaryConf !== 'undefined') {
|
||||
debug('previous location exist already %s', primaryConf?.path);
|
||||
return primaryConf.path;
|
||||
}
|
||||
|
||||
return createConfigFile(_.head(configPaths)).path;
|
||||
}
|
||||
|
||||
function createConfigFile(configLocation: any): SetupDirectory {
|
||||
createConfigFolder(configLocation);
|
||||
|
||||
const defaultConfig = updateStorageLinks(configLocation, readDefaultConfig());
|
||||
|
||||
fs.writeFileSync(configLocation.path, defaultConfig);
|
||||
|
||||
return configLocation;
|
||||
}
|
||||
|
||||
function readDefaultConfig(): string {
|
||||
return fs.readFileSync(require.resolve('../../conf/default.yaml'), 'utf-8');
|
||||
}
|
||||
|
||||
function createConfigFolder(configLocation): void {
|
||||
mkdirp.sync(Path.dirname(configLocation.path));
|
||||
}
|
||||
|
||||
function updateStorageLinks(configLocation, defaultConfig): string {
|
||||
if (configLocation.type !== XDG) {
|
||||
return defaultConfig;
|
||||
}
|
||||
|
||||
// $XDG_DATA_HOME defines the base directory relative to which user specific data files should be stored,
|
||||
// If $XDG_DATA_HOME is either not set or empty, a default equal to $HOME/.local/share should be used.
|
||||
let dataDir =
|
||||
process.env.XDG_DATA_HOME || Path.join(process.env.HOME as string, '.local', 'share');
|
||||
if (folderExists(dataDir)) {
|
||||
dataDir = Path.resolve(Path.join(dataDir, pkgJSON.name, 'storage'));
|
||||
return defaultConfig.replace(/^storage: .\/storage$/m, `storage: ${dataDir}`);
|
||||
}
|
||||
return defaultConfig;
|
||||
}
|
||||
|
||||
function getConfigPaths(): SetupDirectory[] {
|
||||
const listPaths: SetupDirectory[] = [
|
||||
getXDGDirectory(),
|
||||
getWindowsDirectory(),
|
||||
getRelativeDefaultDirectory(),
|
||||
getOldDirectory(),
|
||||
].reduce(function (acc, currentValue: any): SetupDirectory[] {
|
||||
if (_.isUndefined(currentValue) === false) {
|
||||
acc.push(currentValue);
|
||||
}
|
||||
return acc;
|
||||
}, [] as SetupDirectory[]);
|
||||
|
||||
return listPaths;
|
||||
}
|
||||
|
||||
const getXDGDirectory = (): SetupDirectory | void => {
|
||||
const XDGConfig = getXDGHome() || (process.env.HOME && Path.join(process.env.HOME, '.config'));
|
||||
|
||||
if (XDGConfig && folderExists(XDGConfig)) {
|
||||
return {
|
||||
path: Path.join(XDGConfig, pkgJSON.name, CONFIG_FILE),
|
||||
type: XDG,
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
const getXDGHome = (): string | void => process.env.XDG_CONFIG_HOME;
|
||||
|
||||
const getWindowsDirectory = (): SetupDirectory | void => {
|
||||
if (process.platform === WIN32 && process.env.APPDATA && folderExists(process.env.APPDATA)) {
|
||||
return {
|
||||
path: Path.resolve(Path.join(process.env.APPDATA, pkgJSON.name, CONFIG_FILE)),
|
||||
type: WIN,
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
const getRelativeDefaultDirectory = (): SetupDirectory => {
|
||||
return {
|
||||
path: Path.resolve(Path.join('.', pkgJSON.name, CONFIG_FILE)),
|
||||
type: 'def',
|
||||
};
|
||||
};
|
||||
|
||||
const getOldDirectory = (): SetupDirectory => {
|
||||
return {
|
||||
path: Path.resolve(Path.join('.', CONFIG_FILE)),
|
||||
type: 'old',
|
||||
};
|
||||
};
|
||||
|
||||
export default findConfigFile;
|
|
@ -6,7 +6,7 @@ import { Config as ConfigCore } from '@verdaccio/config';
|
|||
class Config extends ConfigCore {
|
||||
public constructor(config: any) {
|
||||
config.configPath = config.self_path;
|
||||
super(config, { forceEnhancedLegacySignature: false });
|
||||
super(config, { forceMigrateToSecureLegacySignature: true });
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -6,13 +6,12 @@ import https from 'https';
|
|||
import _, { assign } from 'lodash';
|
||||
import path from 'path';
|
||||
|
||||
import { findConfigFile, parseConfigFile } from '@verdaccio/config';
|
||||
import { Config, HttpsConfKeyCert, HttpsConfPfx } from '@verdaccio/types';
|
||||
|
||||
import endPointAPI from '../api/index';
|
||||
import { getListListenAddresses } from './cli/utils';
|
||||
import findConfigFile from './config-path';
|
||||
import { API_ERROR } from './constants';
|
||||
import { parseConfigFile } from './utils';
|
||||
|
||||
const debug = buildDebug('verdaccio');
|
||||
|
||||
|
|
|
@ -4,7 +4,6 @@ import semver from 'semver';
|
|||
import { URL } from 'url';
|
||||
import validator from 'validator';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
// eslint-disable-next-line max-len
|
||||
import { errorUtils, validatioUtils } from '@verdaccio/core';
|
||||
import { StringValue } from '@verdaccio/types';
|
||||
|
@ -472,4 +471,4 @@ export function hasLogin(config: Config) {
|
|||
return _.isNil(config?.web?.login) || config?.web?.login === true;
|
||||
}
|
||||
|
||||
export { buildTokenUtil as buildToken, parseConfigFile };
|
||||
export { buildTokenUtil as buildToken };
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
import { join } from 'path';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
|
||||
import startVerdaccioDeault, { startVerdaccio } from '../../../../src';
|
||||
import { parseConfigFile } from '../../../../src/lib/utils';
|
||||
|
||||
describe('bootstrap legacy', () => {
|
||||
describe('startVerdaccio', () => {
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
import { join } from 'path';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
|
||||
import { runServer } from '../../../../src';
|
||||
import { parseConfigFile } from '../../../../src/lib/utils';
|
||||
|
||||
describe('bootstrap modern', () => {
|
||||
describe('runServer', () => {
|
||||
|
|
|
@ -4,11 +4,12 @@ import os from 'os';
|
|||
import path from 'path';
|
||||
import selfsigned from 'selfsigned';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
|
||||
import startServer from '../../../../src';
|
||||
import { getListListenAddresses } from '../../../../src/lib/cli/utils';
|
||||
import { DEFAULT_DOMAIN, DEFAULT_PORT, DEFAULT_PROTOCOL } from '../../../../src/lib/constants';
|
||||
import { setup } from '../../../../src/lib/logger';
|
||||
import { parseConfigFile } from '../../../../src/lib/utils';
|
||||
import config from '../../partials/config';
|
||||
|
||||
setup([]);
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
import _ from 'lodash';
|
||||
import path from 'path';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
|
||||
import Config from '../../../../src/lib/config';
|
||||
import { DEFAULT_REGISTRY, DEFAULT_UPLINK, ROLES, WEB_TITLE } from '../../../../src/lib/constants';
|
||||
import { setup } from '../../../../src/lib/logger';
|
||||
import { parseConfigFile } from '../../../../src/lib/utils';
|
||||
|
||||
setup([]);
|
||||
|
||||
|
@ -61,7 +62,7 @@ const checkDefaultConfPackages = (config) => {
|
|||
expect(config.url_prefix).toBeUndefined();
|
||||
expect(config.url_prefix).toBeUndefined();
|
||||
expect(config.security).toEqual({
|
||||
api: { legacy: true },
|
||||
api: { legacy: true, migrateToSecureLegacySignature: true },
|
||||
web: { sign: { expiresIn: '1h' }, verify: {} },
|
||||
});
|
||||
};
|
||||
|
|
|
@ -11,9 +11,10 @@ import path from 'path';
|
|||
import rimraf from 'rimraf';
|
||||
import request from 'supertest';
|
||||
|
||||
import { parseConfigFile } from '@verdaccio/config';
|
||||
|
||||
import endPointAPI from '../../../../src/api/index';
|
||||
import { setup } from '../../../../src/lib/logger';
|
||||
import { parseConfigFile } from '../../../../src/lib/utils';
|
||||
import { DOMAIN_SERVERS } from '../../../functional/config.functional';
|
||||
import { parseConfigurationFile } from '../../__helper';
|
||||
import { addUser } from '../../__helper/api';
|
||||
|
|
|
@ -11,8 +11,8 @@
|
|||
"rootDir": "./src",
|
||||
"outDir": "./build",
|
||||
"allowSyntheticDefaultImports": true,
|
||||
"esModuleInterop": true,
|
||||
"esModuleInterop": true
|
||||
},
|
||||
"exclude": ["node_modules", "**/*.spec.ts"],
|
||||
"include": ["src/**/*.ts", "types/*.d.ts"],
|
||||
"include": ["src/**/*.ts", "types/*.d.ts"]
|
||||
}
|
||||
|
|
BIN
yarn.lock
BIN
yarn.lock
Binary file not shown.
Loading…
Reference in a new issue