0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

feat: migrateToSecureLegacySignature 6.x (#4643)

* migrate to forceMigrateToSecureLegacySignature

update dependencies

* Update ci.yml

* Update ci.yml

* format

* improve ci
This commit is contained in:
Juan Picado 2024-05-13 19:52:34 +02:00 committed by GitHub
parent 306da4af3f
commit 7b1414733b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 61 additions and 228 deletions

View file

@ -2,6 +2,12 @@ name: CI
on: [push, pull_request]
permissions:
contents: read
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
ci:
name: Node ${{ matrix.node_version }}
@ -10,7 +16,7 @@ jobs:
fail-fast: false
matrix:
# only suported versions defined at https://nodejs.org/en/about/previous-releases
node_version: [18, 20, 21]
node_version: [18, 20, 21, 22]
runs-on: ubuntu-latest

View file

@ -5,43 +5,6 @@ on:
name: 'E2E Angular CLI with verdaccio'
jobs:
npm7:
name: 'npm7:angular example'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: 'Use Node.js'
uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
with:
node-version-file: '.nvmrc'
- name: 'install latest npm'
run: npm i -g npm@next-7
- name: Install Dependencies
run: yarn install
- name: 'Run verdaccio in the background'
run: |
nohup yarn node ./scripts/run-verdaccio.js --config ./scripts/e2e-config.yaml &
- name: 'Ping to verdaccio'
run: |
npm ping --registry http://localhost:4873
- name: 'Running the integration test'
run: |
source scripts/e2e-setup-ci.sh
echo "registry=http://localhost:4873" > ~/.npmrc
npm config set loglevel="silent"
npm config set fetch-retries="5"
npm config set fetch-retry-factor="50"
npm config set fetch-retry-mintimeout="20000"
npm config set fetch-retry-maxtimeout="80000"
npm install -g @angular/cli
ng new verdaccio-angular --interactive=false
cd verdaccio-angular
npm install @angular-devkit/core@next @babel/preset-env @babel/core -D
npm run ng build --aot
npm8:
name: 'npm8:angular example'
runs-on: ubuntu-latest

View file

@ -202,8 +202,8 @@ jobs:
yarn add left-pad --registry http://localhost:4873 --verbose
echo "const leftPad = require('left-pad'); it('should resolve a module', () => { expect(typeof leftPad).toBe('function');});" | tee module.test.js
yarn jest module.test.js
pnpm7:
name: 'pnpm:7:jest example'
pnpm9:
name: 'pnpm:9:jest example'
runs-on: ubuntu-latest
steps:
@ -214,7 +214,7 @@ jobs:
with:
node-version-file: '.nvmrc'
- name: 'install latest pnpm'
run: npm i -g pnpm@latest-7
run: npm i -g pnpm@latest-9
- name: Install Dependencies
run: yarn install
- name: 'Run verdaccio in the background'

View file

@ -19,22 +19,22 @@
"url": "https://opencollective.com/verdaccio"
},
"dependencies": {
"@verdaccio/auth": "7.0.0-next-7.13",
"@verdaccio/config": "7.0.0-next-7.13",
"@verdaccio/core": "7.0.0-next-7.13",
"@verdaccio/hooks": "7.0.0-next-7.13",
"@verdaccio/loaders": "7.0.0-next-7.13",
"@verdaccio/auth": "7.0.0-next-7.15",
"@verdaccio/config": "7.0.0-next-7.15",
"@verdaccio/core": "7.0.0-next-7.15",
"@verdaccio/hooks": "7.0.0-next-7.15",
"@verdaccio/loaders": "7.0.0-next-7.15",
"@verdaccio/local-storage": "10.3.4",
"@verdaccio/logger": "7.0.0-next-7.13",
"@verdaccio/middleware": "7.0.0-next-7.13",
"@verdaccio/proxy": "7.0.0-next-7.13",
"@verdaccio/search": "7.0.0-next-7.2",
"@verdaccio/signature": "7.0.0-next.3",
"@verdaccio/logger": "7.0.0-next-7.15",
"@verdaccio/middleware": "7.0.0-next-7.15",
"@verdaccio/proxy": "7.0.0-next-7.15",
"@verdaccio/search": "7.0.0-next-7.4",
"@verdaccio/signature": "7.0.0-next-7.5",
"@verdaccio/streams": "10.2.1",
"@verdaccio/tarball": "12.0.0-next-7.13",
"@verdaccio/ui-theme": "7.0.0-next-7.13",
"@verdaccio/url": "12.0.0-next-7.13",
"@verdaccio/utils": "7.0.0-next-7.13",
"@verdaccio/tarball": "12.0.0-next-7.15",
"@verdaccio/ui-theme": "3.4.1",
"@verdaccio/url": "12.0.0-next-7.15",
"@verdaccio/utils": "7.0.0-next-7.15",
"async": "3.2.5",
"clipanion": "3.2.1",
"compression": "1.7.4",
@ -53,32 +53,32 @@
"mkdirp": "1.0.4",
"mv": "2.1.1",
"pkginfo": "0.4.1",
"semver": "7.6.0",
"validator": "13.11.0",
"verdaccio-audit": "12.0.0-next-7.13",
"verdaccio-htpasswd": "12.0.0-next-7.13"
"semver": "7.6.2",
"validator": "13.12.0",
"verdaccio-audit": "12.0.0-next-7.15",
"verdaccio-htpasswd": "12.0.0-next-7.15"
},
"devDependencies": {
"@babel/cli": "7.23.4",
"@babel/core": "7.23.7",
"@babel/eslint-parser": "7.23.3",
"@babel/node": "7.22.19",
"@babel/cli": "7.24.5",
"@babel/core": "7.24.5",
"@babel/eslint-parser": "7.24.5",
"@babel/node": "7.23.9",
"@babel/plugin-proposal-class-properties": "7.18.6",
"@babel/plugin-syntax-dynamic-import": "7.8.3",
"@babel/polyfill": "^7.12.1",
"@babel/preset-env": "7.23.8",
"@babel/preset-typescript": "7.23.3",
"@babel/preset-env": "7.24.5",
"@babel/preset-typescript": "7.24.1",
"@babel/register": "7.23.7",
"@babel/runtime": "7.23.8",
"@octokit/rest": "20.0.2",
"@babel/runtime": "7.24.5",
"@octokit/rest": "20.1.1",
"@trivago/prettier-plugin-sort-imports": "4.3.0",
"@types/async": "3.2.24",
"@types/express": "4.17.21",
"@types/express-serve-static-core": "4.17.42",
"@types/express-serve-static-core": "4.19.0",
"@types/http-errors": "2.0.4",
"@types/jest": "29.5.11",
"@types/lodash": "4.14.202",
"@types/mime": "3.0.4",
"@types/jest": "29.5.12",
"@types/lodash": "4.17.1",
"@types/mime": "3.0.0",
"@types/minimatch": "5.1.2",
"@types/node": "20.11.7",
"@types/semver": "7.5.6",
@ -109,13 +109,13 @@
"lockfile-lint": "4.13.2",
"mockdate": "3.0.5",
"nock": "13.5.0",
"prettier": "3.2.4",
"rimraf": "5.0.5",
"prettier": "3.2.5",
"rimraf": "5.0.7",
"selfsigned": "2.4.1",
"standard-version": "9.5.0",
"supertest": "6.3.4",
"ts-node": "10.9.2",
"typescript": "5.3.3",
"typescript": "5.4.5",
"verdaccio-auth-memory": "10.2.2",
"verdaccio-memory": "10.3.2"
},

View file

@ -1,6 +1,3 @@
export { parseConfigFile } from './lib/utils';
export { ConfigBuilder, parseConfigFile, findConfigFile } from '@verdaccio/config';
export { startVerdaccio as default, startVerdaccio } from './lib/bootstrap';
// Similar structure as v6 but with different functions
// this is a bridge for easy migration to v6
export { runServer } from './lib/run-server';
export { ConfigBuilder } from '@verdaccio/config';

View file

@ -1,12 +1,11 @@
import { Command, Option } from 'clipanion';
import path from 'path';
import { findConfigFile, parseConfigFile } from '@verdaccio/config';
import { warningUtils } from '@verdaccio/core';
import { ConfigYaml } from '@verdaccio/types';
import { listenDefaultCallback, startVerdaccio } from '../../bootstrap';
import findConfigFile from '../../config-path';
import { parseConfigFile } from '../../utils';
require('pkginfo')(module);
const pkgVersion = module.exports.version;

View file

@ -1,135 +0,0 @@
import buildDebug from 'debug';
import fs from 'fs';
import _ from 'lodash';
import mkdirp from 'mkdirp';
import Path from 'path';
import { fileExists, folderExists } from './utils';
const debug = buildDebug('verdaccio:config');
const CONFIG_FILE = 'config.yaml';
const XDG = 'xdg';
const WIN = 'win';
const WIN32 = 'win32';
// eslint-disable-next-line
const pkgJSON = require('../../package.json');
export type SetupDirectory = {
path: string;
type: string;
};
/**
* Find and get the first config file that match.
* @return {String} the config file path
*/
function findConfigFile(configPath?: string): string {
if (typeof configPath !== 'undefined') {
return Path.resolve(configPath);
}
const configPaths: SetupDirectory[] = getConfigPaths();
debug('%o posible locations found', configPaths.length);
if (_.isEmpty(configPaths)) {
throw new Error('no configuration files can be processed');
}
const primaryConf: any = _.find(configPaths, (configLocation: any) =>
fileExists(configLocation.path)
);
if (typeof primaryConf !== 'undefined') {
debug('previous location exist already %s', primaryConf?.path);
return primaryConf.path;
}
return createConfigFile(_.head(configPaths)).path;
}
function createConfigFile(configLocation: any): SetupDirectory {
createConfigFolder(configLocation);
const defaultConfig = updateStorageLinks(configLocation, readDefaultConfig());
fs.writeFileSync(configLocation.path, defaultConfig);
return configLocation;
}
function readDefaultConfig(): string {
return fs.readFileSync(require.resolve('../../conf/default.yaml'), 'utf-8');
}
function createConfigFolder(configLocation): void {
mkdirp.sync(Path.dirname(configLocation.path));
}
function updateStorageLinks(configLocation, defaultConfig): string {
if (configLocation.type !== XDG) {
return defaultConfig;
}
// $XDG_DATA_HOME defines the base directory relative to which user specific data files should be stored,
// If $XDG_DATA_HOME is either not set or empty, a default equal to $HOME/.local/share should be used.
let dataDir =
process.env.XDG_DATA_HOME || Path.join(process.env.HOME as string, '.local', 'share');
if (folderExists(dataDir)) {
dataDir = Path.resolve(Path.join(dataDir, pkgJSON.name, 'storage'));
return defaultConfig.replace(/^storage: .\/storage$/m, `storage: ${dataDir}`);
}
return defaultConfig;
}
function getConfigPaths(): SetupDirectory[] {
const listPaths: SetupDirectory[] = [
getXDGDirectory(),
getWindowsDirectory(),
getRelativeDefaultDirectory(),
getOldDirectory(),
].reduce(function (acc, currentValue: any): SetupDirectory[] {
if (_.isUndefined(currentValue) === false) {
acc.push(currentValue);
}
return acc;
}, [] as SetupDirectory[]);
return listPaths;
}
const getXDGDirectory = (): SetupDirectory | void => {
const XDGConfig = getXDGHome() || (process.env.HOME && Path.join(process.env.HOME, '.config'));
if (XDGConfig && folderExists(XDGConfig)) {
return {
path: Path.join(XDGConfig, pkgJSON.name, CONFIG_FILE),
type: XDG,
};
}
};
const getXDGHome = (): string | void => process.env.XDG_CONFIG_HOME;
const getWindowsDirectory = (): SetupDirectory | void => {
if (process.platform === WIN32 && process.env.APPDATA && folderExists(process.env.APPDATA)) {
return {
path: Path.resolve(Path.join(process.env.APPDATA, pkgJSON.name, CONFIG_FILE)),
type: WIN,
};
}
};
const getRelativeDefaultDirectory = (): SetupDirectory => {
return {
path: Path.resolve(Path.join('.', pkgJSON.name, CONFIG_FILE)),
type: 'def',
};
};
const getOldDirectory = (): SetupDirectory => {
return {
path: Path.resolve(Path.join('.', CONFIG_FILE)),
type: 'old',
};
};
export default findConfigFile;

View file

@ -6,7 +6,7 @@ import { Config as ConfigCore } from '@verdaccio/config';
class Config extends ConfigCore {
public constructor(config: any) {
config.configPath = config.self_path;
super(config, { forceEnhancedLegacySignature: false });
super(config, { forceMigrateToSecureLegacySignature: true });
}
}

View file

@ -6,13 +6,12 @@ import https from 'https';
import _, { assign } from 'lodash';
import path from 'path';
import { findConfigFile, parseConfigFile } from '@verdaccio/config';
import { Config, HttpsConfKeyCert, HttpsConfPfx } from '@verdaccio/types';
import endPointAPI from '../api/index';
import { getListListenAddresses } from './cli/utils';
import findConfigFile from './config-path';
import { API_ERROR } from './constants';
import { parseConfigFile } from './utils';
const debug = buildDebug('verdaccio');

View file

@ -4,7 +4,6 @@ import semver from 'semver';
import { URL } from 'url';
import validator from 'validator';
import { parseConfigFile } from '@verdaccio/config';
// eslint-disable-next-line max-len
import { errorUtils, validatioUtils } from '@verdaccio/core';
import { StringValue } from '@verdaccio/types';
@ -472,4 +471,4 @@ export function hasLogin(config: Config) {
return _.isNil(config?.web?.login) || config?.web?.login === true;
}
export { buildTokenUtil as buildToken, parseConfigFile };
export { buildTokenUtil as buildToken };

View file

@ -1,7 +1,8 @@
import { join } from 'path';
import { parseConfigFile } from '@verdaccio/config';
import startVerdaccioDeault, { startVerdaccio } from '../../../../src';
import { parseConfigFile } from '../../../../src/lib/utils';
describe('bootstrap legacy', () => {
describe('startVerdaccio', () => {

View file

@ -1,7 +1,8 @@
import { join } from 'path';
import { parseConfigFile } from '@verdaccio/config';
import { runServer } from '../../../../src';
import { parseConfigFile } from '../../../../src/lib/utils';
describe('bootstrap modern', () => {
describe('runServer', () => {

View file

@ -4,11 +4,12 @@ import os from 'os';
import path from 'path';
import selfsigned from 'selfsigned';
import { parseConfigFile } from '@verdaccio/config';
import startServer from '../../../../src';
import { getListListenAddresses } from '../../../../src/lib/cli/utils';
import { DEFAULT_DOMAIN, DEFAULT_PORT, DEFAULT_PROTOCOL } from '../../../../src/lib/constants';
import { setup } from '../../../../src/lib/logger';
import { parseConfigFile } from '../../../../src/lib/utils';
import config from '../../partials/config';
setup([]);

View file

@ -1,10 +1,11 @@
import _ from 'lodash';
import path from 'path';
import { parseConfigFile } from '@verdaccio/config';
import Config from '../../../../src/lib/config';
import { DEFAULT_REGISTRY, DEFAULT_UPLINK, ROLES, WEB_TITLE } from '../../../../src/lib/constants';
import { setup } from '../../../../src/lib/logger';
import { parseConfigFile } from '../../../../src/lib/utils';
setup([]);
@ -61,7 +62,7 @@ const checkDefaultConfPackages = (config) => {
expect(config.url_prefix).toBeUndefined();
expect(config.url_prefix).toBeUndefined();
expect(config.security).toEqual({
api: { legacy: true },
api: { legacy: true, migrateToSecureLegacySignature: true },
web: { sign: { expiresIn: '1h' }, verify: {} },
});
};

View file

@ -11,9 +11,10 @@ import path from 'path';
import rimraf from 'rimraf';
import request from 'supertest';
import { parseConfigFile } from '@verdaccio/config';
import endPointAPI from '../../../../src/api/index';
import { setup } from '../../../../src/lib/logger';
import { parseConfigFile } from '../../../../src/lib/utils';
import { DOMAIN_SERVERS } from '../../../functional/config.functional';
import { parseConfigurationFile } from '../../__helper';
import { addUser } from '../../__helper/api';

View file

@ -11,8 +11,8 @@
"rootDir": "./src",
"outDir": "./build",
"allowSyntheticDefaultImports": true,
"esModuleInterop": true,
"esModuleInterop": true
},
"exclude": ["node_modules", "**/*.spec.ts"],
"include": ["src/**/*.ts", "types/*.d.ts"],
"include": ["src/**/*.ts", "types/*.d.ts"]
}

BIN
yarn.lock

Binary file not shown.