From ae93e039da83d6cec75c17926bfdcd7605a77e92 Mon Sep 17 00:00:00 2001
From: Juan Picado <juanpicado19@gmail.com>
Date: Sat, 15 Jul 2023 20:38:43 +0200
Subject: [PATCH] fix: expose middleware methods #3915 (#3934)

* fix: expose middleware methods #3915

* remove body-parser dep

* fix 404 issue
---
 .changeset/eight-clouds-look.md                |  7 +++++++
 packages/api/src/index.ts                      |  5 +----
 packages/middleware/src/index.ts               |  2 +-
 .../middleware/src/middlewares/validation.ts   | 18 ++++++++++++++++--
 .../middleware/src/middlewares/web/index.ts    |  3 +++
 .../middleware/src/middlewares/web/web-api.ts  | 13 ++++++++-----
 .../src/middlewares/web/web-middleware.ts      |  4 ++--
 packages/middleware/test/final.spec.ts         |  3 ++-
 packages/middleware/test/json.spec.ts          |  4 ++--
 packages/server/express/src/server.ts          |  3 ++-
 packages/tools/helpers/src/initializeServer.ts |  3 +--
 11 files changed, 45 insertions(+), 20 deletions(-)
 create mode 100644 .changeset/eight-clouds-look.md

diff --git a/.changeset/eight-clouds-look.md b/.changeset/eight-clouds-look.md
new file mode 100644
index 000000000..697a2501a
--- /dev/null
+++ b/.changeset/eight-clouds-look.md
@@ -0,0 +1,7 @@
+---
+'@verdaccio/api': minor
+'@verdaccio/middleware': minor
+'@verdaccio/server': minor
+---
+
+fix: expose middleware methods
diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts
index fb19188a9..3368e796e 100644
--- a/packages/api/src/index.ts
+++ b/packages/api/src/index.ts
@@ -1,4 +1,3 @@
-import bodyParser from 'body-parser';
 import express, { Router } from 'express';
 
 import { Auth } from '@verdaccio/auth';
@@ -43,7 +42,7 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   app.param('_rev', match(/^-rev$/));
   app.param('org_couchdb_user', match(/^org\.couchdb\.user:/));
   app.use(auth.apiJWTmiddleware());
-  app.use(bodyParser.json({ strict: false, limit: config.max_body_size || '10mb' }));
+  app.use(express.json({ strict: false, limit: config.max_body_size || '10mb' }));
   // @ts-ignore
   app.use(antiLoop(config));
   // encode / in a scoped package name to be matched as a single parameter in routes
@@ -51,14 +50,12 @@ export default function (config: Config, auth: Auth, storage: Storage): Router {
   // for "npm whoami"
   whoami(app);
   profile(app, auth, config);
-  // @deprecated endpoint, 404 by default
   search(app);
   user(app, auth, config);
   distTags(app, auth, storage);
   publish(app, auth, storage);
   ping(app);
   stars(app, storage);
-  // @ts-ignore
   v1Search(app, auth, storage);
   token(app, auth, storage, config);
   pkg(app, auth, storage);
diff --git a/packages/middleware/src/index.ts b/packages/middleware/src/index.ts
index 83bad2484..8aaec3786 100644
--- a/packages/middleware/src/index.ts
+++ b/packages/middleware/src/index.ts
@@ -9,7 +9,7 @@ export { final } from './middlewares/final';
 export { allow } from './middlewares/allow';
 export { rateLimit } from './middlewares/rate-limit';
 export { userAgent } from './middlewares/user-agent';
-export { webMiddleware } from './middlewares/web';
+export { webMiddleware, renderWebMiddleware } from './middlewares/web';
 export { errorReportingMiddleware, handleError } from './middlewares/error';
 export {
   log,
diff --git a/packages/middleware/src/middlewares/validation.ts b/packages/middleware/src/middlewares/validation.ts
index 163902740..c20c8e1e5 100644
--- a/packages/middleware/src/middlewares/validation.ts
+++ b/packages/middleware/src/middlewares/validation.ts
@@ -1,6 +1,14 @@
+import { NextFunction, Request, Response } from 'express';
+
 import { errorUtils, validationUtils } from '@verdaccio/core';
 
-export function validateName(_req, _res, next, value: string, name: string) {
+export function validateName(
+  _req: Request,
+  _res: Response,
+  next: NextFunction,
+  value: string,
+  name: string
+) {
   if (validationUtils.validateName(value)) {
     next();
   } else {
@@ -8,7 +16,13 @@ export function validateName(_req, _res, next, value: string, name: string) {
   }
 }
 
-export function validatePackage(_req, _res, next, value: string, name: string) {
+export function validatePackage(
+  _req: Request,
+  _res,
+  next: NextFunction,
+  value: string,
+  name: string
+) {
   if (validationUtils.validatePackage(value)) {
     next();
   } else {
diff --git a/packages/middleware/src/middlewares/web/index.ts b/packages/middleware/src/middlewares/web/index.ts
index 13bf500b5..bb7d03c71 100644
--- a/packages/middleware/src/middlewares/web/index.ts
+++ b/packages/middleware/src/middlewares/web/index.ts
@@ -1 +1,4 @@
 export { default as webMiddleware } from './web-middleware';
+export { webAPIMiddleware } from './web-api';
+export { setSecurityWebHeaders } from './security';
+export { renderWebMiddleware } from './render-web';
diff --git a/packages/middleware/src/middlewares/web/web-api.ts b/packages/middleware/src/middlewares/web/web-api.ts
index 950991df9..aa2761315 100644
--- a/packages/middleware/src/middlewares/web/web-api.ts
+++ b/packages/middleware/src/middlewares/web/web-api.ts
@@ -1,10 +1,13 @@
 import express from 'express';
-import { Router } from 'express';
+import { RequestHandler, Router } from 'express';
 
 import { validateName, validatePackage } from '../validation';
 import { setSecurityWebHeaders } from './security';
 
-export function webMiddleware(tokenMiddleware, webEndpointsApi) {
+export function webAPIMiddleware(
+  tokenMiddleware: RequestHandler,
+  webEndpointsApi: RequestHandler
+): Router {
   // eslint-disable-next-line new-cap
   const route = Router();
   // validate all of these params as a package name
@@ -13,15 +16,15 @@ export function webMiddleware(tokenMiddleware, webEndpointsApi) {
   route.param('filename', validateName);
   route.param('version', validateName);
   route.use(express.urlencoded({ extended: false }));
+  route.use(setSecurityWebHeaders);
 
   if (typeof tokenMiddleware === 'function') {
     route.use(tokenMiddleware);
   }
 
-  route.use(setSecurityWebHeaders);
-
-  if (webEndpointsApi) {
+  if (typeof webEndpointsApi === 'function') {
     route.use(webEndpointsApi);
   }
+
   return route;
 }
diff --git a/packages/middleware/src/middlewares/web/web-middleware.ts b/packages/middleware/src/middlewares/web/web-middleware.ts
index 92494ebd6..04d945285 100644
--- a/packages/middleware/src/middlewares/web/web-middleware.ts
+++ b/packages/middleware/src/middlewares/web/web-middleware.ts
@@ -1,7 +1,7 @@
 import express from 'express';
 
 import { renderWebMiddleware } from './render-web';
-import { webMiddleware } from './web-api';
+import { webAPIMiddleware } from './web-api';
 
 export default (config, middlewares, pluginOptions): any => {
   // eslint-disable-next-line new-cap
@@ -10,6 +10,6 @@ export default (config, middlewares, pluginOptions): any => {
   // render web
   router.use('/', renderWebMiddleware(config, tokenMiddleware, pluginOptions));
   // web endpoints, search, packages, etc
-  router.use('/-/verdaccio/', webMiddleware(tokenMiddleware, webEndpointsApi));
+  router.use('/-/verdaccio/', webAPIMiddleware(tokenMiddleware, webEndpointsApi));
   return router;
 };
diff --git a/packages/middleware/test/final.spec.ts b/packages/middleware/test/final.spec.ts
index 3a09a0ace..6cfdc0dc7 100644
--- a/packages/middleware/test/final.spec.ts
+++ b/packages/middleware/test/final.spec.ts
@@ -1,4 +1,3 @@
-import bodyParser from 'body-parser';
 import express from 'express';
 import request from 'supertest';
 
@@ -6,6 +5,8 @@ import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
 
 import { final } from '../src';
 
+const bodyParser = express;
+
 test('handle error as object', async () => {
   const app = express();
   app.use(bodyParser.json({ strict: false, limit: '10mb' }));
diff --git a/packages/middleware/test/json.spec.ts b/packages/middleware/test/json.spec.ts
index 0d44040dc..f4891d6be 100644
--- a/packages/middleware/test/json.spec.ts
+++ b/packages/middleware/test/json.spec.ts
@@ -1,4 +1,4 @@
-import bodyParser from 'body-parser';
+import express from 'express';
 import request from 'supertest';
 
 import { HEADERS, HTTP_STATUS } from '@verdaccio/core';
@@ -8,7 +8,7 @@ import { getApp } from './helper';
 
 test('body is json', async () => {
   const app = getApp([]);
-  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.use(express.json({ strict: false, limit: '10mb' }));
   // @ts-ignore
   app.put('/json', expectJson, (req, res) => {
     res.status(HTTP_STATUS.OK).json({});
diff --git a/packages/server/express/src/server.ts b/packages/server/express/src/server.ts
index 754f41578..bb929ab92 100644
--- a/packages/server/express/src/server.ts
+++ b/packages/server/express/src/server.ts
@@ -89,7 +89,8 @@ const defineAPI = async function (config: IConfig, storage: Storage): Promise<an
       res.locals.app_version = version ?? '';
       next();
     });
-    app.use(await webMiddleware(config, auth, storage));
+    const middleware = await webMiddleware(config, auth, storage);
+    app.use(middleware);
   } else {
     app.get('/', function (req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
       next(errorUtils.getNotFound(API_ERROR.WEB_DISABLED));
diff --git a/packages/tools/helpers/src/initializeServer.ts b/packages/tools/helpers/src/initializeServer.ts
index 70d65a2a8..3a6e93683 100644
--- a/packages/tools/helpers/src/initializeServer.ts
+++ b/packages/tools/helpers/src/initializeServer.ts
@@ -1,4 +1,3 @@
-import bodyParser from 'body-parser';
 import buildDebug from 'debug';
 import express, { Application } from 'express';
 import os from 'os';
@@ -30,7 +29,7 @@ export async function initializeServer(
   const auth: Auth = new Auth(config);
   await auth.init();
   // TODO: this might not be need it, used in apiEndpoints
-  app.use(bodyParser.json({ strict: false, limit: '10mb' }));
+  app.use(express.json({ strict: false, limit: '10mb' }));
   // @ts-ignore
   app.use(errorReportingMiddleware(logger));
   for (let route of routesMiddleware) {