Merge branch '4.x' into feat-new-detail-page

package.json

@@ -78,7 +78,7 @@
     "@commitlint/config-conventional": "7.1.2",
     "@material-ui/core": "3.1.0",
     "@material-ui/icons": "3.0.1",
-    "@verdaccio/types": "4.1.3",
+    "@verdaccio/types": "4.1.4",
     "autosuggest-highlight": "3.1.1",
     "babel-core": "7.0.0-bridge.0",
     "babel-eslint": "10.0.1",

src/api/endpoint/api/search.js

@@ -61,7 +61,7 @@ export default function(route, auth, storage) {
     stream.on('data', function each(pkg) {
       processing_pkgs++;
 
-      auth.allow_access(pkg.name, req.remote_user, function(err, allowed) {
+      auth.allow_access({ packageName: pkg.name }, req.remote_user, function(err, allowed) {
         processing_pkgs--;
 
         if (err) {

src/api/middleware.js

@@ -5,7 +5,7 @@
 
 import _ from 'lodash';
 
-import { validateName as utilValidateName, validatePackage as utilValidatePackage, isObject, ErrorCode } from '../lib/utils';
+import { validateName as utilValidateName, validatePackage as utilValidatePackage, getVersionFromTarball, isObject, ErrorCode } from '../lib/utils';
 import { API_ERROR, HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '../lib/constants';
 import { stringToMD5 } from '../lib/crypto-utils';
 import type { $ResponseExtend, $RequestExtend, $NextFunctionVer, IAuth } from '../../types';
@@ -99,12 +99,11 @@ export function allow(auth: IAuth) {
   return function(action: string) {
     return function(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
       req.pause();
-      let packageName = req.params.package;
-      if (req.params.scope) {
-        packageName = `@${req.params.scope}/${packageName}`;
-      }
+      const packageName = req.params.scope ? `@${req.params.scope}/${req.params.package}` : req.params.package;
+      const packageVersion = req.params.filename ? getVersionFromTarball(req.params.filename) : undefined;
+
       // $FlowFixMe
-      auth['allow_' + action](packageName, req.remote_user, function(error, allowed) {
+      auth['allow_' + action]({ packageName, packageVersion }, req.remote_user, function(error, allowed) {
         req.resume();
         if (error) {
           next(error);

src/api/web/endpoint/package.js

@@ -7,6 +7,7 @@ import _ from 'lodash';
 import { addScope, addGravatarSupport, deleteProperties, sortByName, parseReadme } from '../../../lib/utils';
 import { allow } from '../../middleware';
 import { DIST_TAGS, HEADER_TYPE, HEADERS, HTTP_STATUS } from '../../../lib/constants';
+import logger from '../../../lib/logger';
 import type { Router } from 'express';
 import type { IAuth, $ResponseExtend, $RequestExtend, $NextFunctionVer, IStorageHandler, $SidebarPackage } from '../../../../types';
 import type { Config } from '@verdaccio/types';
@@ -17,7 +18,7 @@ function addPackageWebApi(route: Router, storage: IStorageHandler, auth: IAuth,
   const checkAllow = (name, remoteUser) =>
     new Promise((resolve, reject) => {
       try {
-        auth.allow_access(name, remoteUser, (err, allowed) => {
+        auth.allow_access({ packageName: name }, remoteUser, (err, allowed) => {
           if (err) {
             resolve(false);
           } else {
@@ -44,6 +45,7 @@ function addPackageWebApi(route: Router, storage: IStorageHandler, auth: IAuth,
               permissions.push(pkg);
             }
           } catch (err) {
+            logger.logger.error({ name: pkg.name, error: err }, 'permission process for @{name} has failed: @{error}');
             throw err;
           }
         }

src/api/web/endpoint/search.js

@@ -20,7 +20,7 @@ function addSearchWebApi(route: Router, storage: IStorageHandler, auth: IAuth) {
         uplinksLook: false,
         callback: (err, entry) => {
           if (!err && entry) {
-            auth.allow_access(entry.name, req.remote_user, function(err, allowed) {
+            auth.allow_access({ packageName: entry.name }, req.remote_user, function(err, allowed) {
               if (err || !allowed) {
                 return;
               }

src/lib/auth.js

@@ -23,7 +23,7 @@ import {
 import { convertPayloadToBase64, ErrorCode } from './utils';
 import { getMatchedPackagesSpec } from './config-utils';
 
-import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security } from '@verdaccio/types';
+import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security, AuthPluginPackage } from '@verdaccio/types';
 import type { $Response, NextFunction } from 'express';
 import type { $RequestExtend, IAuth } from '../../types';
 
@@ -160,10 +160,10 @@ class Auth implements IAuth {
   /**
    * Allow user to access a package.
    */
-  allow_access(packageName: string, user: RemoteUser, callback: Callback) {
+  allow_access({ packageName, packageVersion }: AuthPluginPackage, user: RemoteUser, callback: Callback) {
     const plugins = this.plugins.slice(0);
     // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
     const self = this;
     this.logger.trace({ packageName }, 'allow access for @{packageName}');
 
@@ -193,11 +193,11 @@ class Auth implements IAuth {
   /**
    * Allow user to publish a package.
    */
-  allow_publish(packageName: string, user: string, callback: Callback) {
+  allow_publish({ packageName, packageVersion }: AuthPluginPackage, user: string, callback: Callback) {
     const plugins = this.plugins.slice(0);
     const self = this;
     // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
     this.logger.trace({ packageName }, 'allow publish for @{packageName}');
 
     (function next() {

src/lib/local-storage.js

@@ -642,7 +642,7 @@ class LocalStorage implements IStorage {
     const { packages } = this.config;
 
     if (packages) {
-      const listPackagesConf = Object.keys(packages || {});
+      const listPackagesConf = Object.keys(packages);
 
       listPackagesConf.map(pkg => {
         if (packages[pkg].storage) {

src/lib/storage.js

@@ -322,17 +322,20 @@ class Storage implements IStorageHandler {
         );
         lstream.on('error', function(err) {
           self.logger.error({ err: err }, 'uplink error: @{err.message}');
-          cb(), (cb = function() {});
+          cb();
+          cb = function() {};
         });
         lstream.on('end', function() {
-          cb(), (cb = function() {});
+          cb();
+          cb = function() {};
         });
 
         stream.abort = function() {
           if (lstream.abort) {
             lstream.abort();
           }
-          cb(), (cb = function() {});
+          cb();
+          cb = function() {};
         };
       },
       // executed after all series
@@ -411,7 +414,7 @@ class Storage implements IStorageHandler {
     const upLinks = [];
     const hasToLookIntoUplinks = _.isNil(options.uplinksLook) || options.uplinksLook;
 
-    if (!packageInfo || packageInfo === null) {
+    if (!packageInfo) {
       exists = false;
       packageInfo = generatePackageTemplate(name);
     }

src/lib/up-storage.js

@@ -145,7 +145,7 @@ class ProxyStorage implements IProxy {
           let error;
           const responseLength = err ? 0 : body.length;
           // $FlowFixMe
-          processBody(err, body);
+          processBody();
           logActivity();
           // $FlowFixMe
           cb(err, res, body);
@@ -552,7 +552,7 @@ class ProxyStorage implements IProxy {
       // https://github.com/rlidwka/sinopia/issues/254
       //
       if (this.proxy === false) {
-        headers['X-Forwarded-For'] = (req && req.headers['x-forwarded-for'] ? req.headers['x-forwarded-for'] + ', ' : '') + req.connection.remoteAddress;
+        headers['X-Forwarded-For'] = (req.headers['x-forwarded-for'] ? req.headers['x-forwarded-for'] + ', ' : '') + req.connection.remoteAddress;
       }
     }
 

src/lib/utils.js

@@ -502,3 +502,13 @@ export function parseReadme(packageName: string, readme: string): string {
 export function buildToken(type: string, token: string): string {
   return `${_.capitalize(type)} ${token}`;
 }
+
+/**
+ * return package version from tarball name
+ * @param {String} name
+ * @returns {String}
+ */
+export function getVersionFromTarball(name: string) {
+  // $FlowFixMe
+  return /.+-(\d.+)\.tgz/.test(name) ? name.match(/.+-(\d.+)\.tgz/)[1] : undefined;
+}

src/utils/user.js

@@ -34,11 +34,10 @@ export const GENERIC_AVATAR: string = `
  * Generate gravatar url from email address
  */
 export function generateGravatarUrl(email: string = '', online: boolean = true): string {
-  let emailCopy = email;
   if (online) {
     if (_.isString(email) && _.size(email) > 0) {
-      emailCopy = email.trim().toLocaleLowerCase();
-      const emailMD5 = stringToMD5(emailCopy);
+      email = email.trim().toLocaleLowerCase();
+      const emailMD5 = stringToMD5(email);
       return `https://www.gravatar.com/avatar/${emailMD5}`;
     }
     return GENERIC_AVATAR;

test/flow/plugins/middleware/example.middleware.plugin.js

@@ -24,7 +24,7 @@ export default class ExampleMiddlewarePlugin implements IPluginMiddleware {
 			name: 'test'
 		};
 		auth.authenticate('user', 'password', () => {});
-		auth.allow_access('packageName', remoteUser, () => {});
+		auth.allow_access({packageName: 'packageName'}, remoteUser, () => {});
 		auth.add_user('user', 'password', () => {});
 		auth.aesEncrypt(new Buffer('pass'));
 		// storage

test/unit/api/utils.spec.js

@@ -11,7 +11,8 @@ import {
   combineBaseUrl,
   getVersion,
   normalizeDistTags,
-  getWebProtocol
+  getWebProtocol,
+  getVersionFromTarball
 } from '../../../src/lib/utils';
 import { DIST_TAGS } from '../../../src/lib/constants';
 import Logger, { setup } from '../../../src/lib/logger';
@@ -259,6 +260,21 @@ describe('Utilities', () => {
         }).toThrow(expect.hasAssertions());
       });
     });
+
+    describe('getVersionFromTarball', () => {
+      test('should get the right version', () => {
+        const simpleName = 'test-name-4.2.12.tgz'
+        const complexName = 'test-5.6.4-beta.2.tgz'
+        const otherComplexName = 'test-3.5.0-6.tgz'
+        expect(getVersionFromTarball(simpleName)).toEqual('4.2.12')
+        expect(getVersionFromTarball(complexName)).toEqual('5.6.4-beta.2')
+        expect(getVersionFromTarball(otherComplexName)).toEqual('3.5.0-6')
+      })
+
+      test('should don\'n fall at incorrect tarball name', () => {
+        expect(getVersionFromTarball('incorrectName')).toBeUndefined()
+      })
+    });
   });
 
   describe('String utilities', () => {

yarn.lock

@@ -1181,10 +1181,10 @@
   resolved "https://registry.npmjs.org/@verdaccio/streams/-/streams-1.0.0.tgz#d5d24c6747208728b9fd16b908e3932c3fb1f864"
   integrity sha512-AjEo5LXk4Yf0SaXSc3y4i1t+wxY552O7WrVJPtnC6H7nUsSrygg/ODCG1RSKelskOq6b5p/LyXnsTkmCFXyjDQ==
 
-"@verdaccio/types@4.1.3":
-  version "4.1.3"
-  resolved "https://registry.npmjs.org/@verdaccio/types/-/types-4.1.3.tgz#72881020b5f56865b32c94114fa66e9bf627f0f7"
-  integrity sha512-DjTlLqrtaLb9ykRYAawRflYVgUyRn1A204xEC39ucaF06kZJbNu0Awm+kBhHsM9CsgM47r3z65vRJDSJNhkzjQ==
+"@verdaccio/types@4.1.4":
+  version "4.1.4"
+  resolved "https://registry.npmjs.org/@verdaccio/types/-/types-4.1.4.tgz#6144410b9fd63d916aa279378a4946c701a82586"
+  integrity sha512-0kNIQvMakoHIk1dpgnXVgQ5qwxJGTtMpJkLZKiN5WpLi5yuQtjc+kD/0EWDV4164pKg1KUU6YFLpbcXWxR8zvQ==
 
 "@webassemblyjs/ast@1.7.8":
   version "1.7.8"