diff --git a/flow-typed/npm/cookies_vx.x.x.js b/flow-typed/npm/cookies_vx.x.x.js new file mode 100644 index 000000000..257b16099 --- /dev/null +++ b/flow-typed/npm/cookies_vx.x.x.js @@ -0,0 +1,33 @@ +// flow-typed signature: dd32612579acfe0d3fb825468a81fc4a +// flow-typed version: <>/cookies_v0.7.1/flow_v0.64.0 + +/** + * This is an autogenerated libdef stub for: + * + * 'cookies' + * + * Fill this stub out by replacing all the `any` types. + * + * Once filled out, we encourage you to share your work with the + * community by sending a pull request to: + * https://github.com/flowtype/flow-typed + */ + +declare module 'cookies' { + declare module.exports: any; +} + +/** + * We include stubs for each file inside this npm package in case you need to + * require those files directly. Feel free to delete any files that aren't + * needed. + */ + + +// Filename aliases +declare module 'cookies/index' { + declare module.exports: $Exports<'cookies'>; +} +declare module 'cookies/index.js' { + declare module.exports: $Exports<'cookies'>; +} diff --git a/package.json b/package.json index 0575cd486..aea09d511 100644 --- a/package.json +++ b/package.json @@ -92,7 +92,7 @@ "eslint-plugin-react": "7.6.1", "extract-text-webpack-plugin": "3.0.2", "file-loader": "1.1.6", - "flow-bin": "0.64.0", + "flow-bin": "0.66.0", "flow-runtime": "0.16.0", "friendly-errors-webpack-plugin": "1.6.1", "github-markdown-css": "2.10.0", diff --git a/src/api/endpoint/api/user.js b/src/api/endpoint/api/user.js index 4ea752d39..25dfd917b 100644 --- a/src/api/endpoint/api/user.js +++ b/src/api/endpoint/api/user.js @@ -1,20 +1,23 @@ -'use strict'; +// @flow -const _ = require('lodash'); -const Cookies = require('cookies'); -const createError = require('http-errors'); +import type {$Response, Router} from 'express'; +import type {$RequestExtend, $ResponseExtend, $NextFunctionVer, IAuth} from '../../../../types'; +import {ErrorCode} from '../../../lib/utils'; -module.exports = function(route, auth) { - route.get('/-/user/:org_couchdb_user', function(req, res, next) { +import _ from 'lodash'; +import Cookies from 'cookies'; + +module.exports = function(route: Router, auth: IAuth) { + route.get('/-/user/:org_couchdb_user', function(req: $RequestExtend, res: $Response, next: $NextFunctionVer) { res.status(200); next({ ok: 'you are authenticated as "' + req.remote_user.name + '"', }); }); - route.put('/-/user/:org_couchdb_user/:_rev?/:revision?', function(req, res, next) { + route.put('/-/user/:org_couchdb_user/:_rev?/:revision?', function(req: $RequestExtend, res: $Response, next: $NextFunctionVer) { let token = (req.body.name && req.body.password) - ? auth.aes_encrypt(req.body.name + ':' + req.body.password).toString('base64') + ? auth.aes_encrypt(new Buffer(req.body.name + ':' + req.body.password)).toString('base64') : undefined; if (_.isNil(req.remote_user.name) === false) { res.status(201); @@ -30,7 +33,7 @@ module.exports = function(route, auth) { // With npm registering is the same as logging in, // and npm accepts only an 409 error. // So, changing status code here. - return next( createError[err.status || 409](err.message) ); + return next( ErrorCode.getCode(err.status, err.message) || ErrorCode.get409(err.message)); } return next(err); } @@ -46,7 +49,7 @@ module.exports = function(route, auth) { } }); - route.delete('/-/user/token/*', function(req, res, next) { + route.delete('/-/user/token/*', function(req: $RequestExtend, res: $Response, next: $NextFunctionVer) { res.status(200); next({ ok: 'Logged out', @@ -56,7 +59,7 @@ module.exports = function(route, auth) { // placeholder 'cause npm require to be authenticated to publish // we do not do any real authentication yet - route.post('/_session', Cookies.express(), function(req, res, next) { + route.post('/_session', Cookies.express(), function(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) { res.cookies.set('AuthSession', String(Math.random()), { // npmjs.org sets 10h expire expires: new Date(Date.now() + 10 * 60 * 60 * 1000), diff --git a/src/api/endpoint/api/whoami.js b/src/api/endpoint/api/whoami.js index 7509ce0db..5225a3074 100644 --- a/src/api/endpoint/api/whoami.js +++ b/src/api/endpoint/api/whoami.js @@ -1,5 +1,10 @@ -module.exports = function(route) { - route.get('/whoami', function(req, res, next) { +// @flow + +import type {$Response, Router} from 'express'; +import type {$RequestExtend, $NextFunctionVer} from '../../../../types'; + +module.exports = function(route: Router) { + route.get('/whoami', (req: $RequestExtend, res: $Response, next: $NextFunctionVer): void => { if (req.headers.referer === 'whoami') { next({username: req.remote_user.name}); } else { @@ -7,7 +12,7 @@ module.exports = function(route) { } }); - route.get('/-/whoami', function(req, res, next) { + route.get('/-/whoami', (req: $RequestExtend, res: $Response, next: $NextFunctionVer): mixed => { next({username: req.remote_user.name}); }); }; diff --git a/src/lib/auth.js b/src/lib/auth.js index bfca1725f..68d7f2975 100644 --- a/src/lib/auth.js +++ b/src/lib/auth.js @@ -7,9 +7,8 @@ import {ErrorCode} from './utils'; const Error = require('http-errors'); import type {Config, Logger, Callback} from '@verdaccio/types'; -import type {$Request, $Response, NextFunction} from 'express'; - -type $RequestExtend = $Request & {remote_user: any} +import type {$Response, NextFunction} from 'express'; +import type {$RequestExtend} from '../../types'; const LoggerApi = require('./logger'); /** @@ -366,7 +365,7 @@ class Auth { /** * Encrypt a string. */ - aes_encrypt(buf: Buffer) { + aes_encrypt(buf: Buffer): Buffer { const c = Crypto.createCipher('aes192', this.secret); const b1 = c.update(buf); const b2 = c.final(); diff --git a/src/lib/utils.js b/src/lib/utils.js index d546a45b6..41174df2a 100644 --- a/src/lib/utils.js +++ b/src/lib/utils.js @@ -347,7 +347,10 @@ const ErrorCode = { }, get404: (customMessage?: string) => { return createError(404, customMessage || 'no such package available'); - }, + }, + getCode: (statusCode: number, customMessage: string) => { + return createError(statusCode, customMessage); + }, }; const parseConfigFile = (configPath: string) => YAML.safeLoad(fs.readFileSync(configPath, 'utf8')); diff --git a/types/index.js b/types/index.js index d7d7ec714..06cdd750e 100644 --- a/types/index.js +++ b/types/index.js @@ -14,12 +14,15 @@ import type { IReadTarball, } from '@verdaccio/streams'; import type {ILocalData} from '@verdaccio/local-storage'; +import type {NextFunction, $Request, $Response} from 'request'; export interface IAuth { config: Config; logger: Logger; secret: string; plugins: Array; + aes_encrypt(buf: Buffer): Buffer; + add_user(user: string, password: string, cb: Callback): any; } export interface IWebSearch { @@ -102,3 +105,6 @@ export interface IStorage { search(startKey: string, options: any): IUploadTarball; } +export type $RequestExtend = $Request & {remote_user?: any} +export type $ResponseExtend = $Response & {cookies?: any} +export type $NextFunctionVer = NextFunction & mixed; diff --git a/yarn.lock b/yarn.lock index bc2b8c6e9..f58e2e4e2 100644 Binary files a/yarn.lock and b/yarn.lock differ