diff --git a/src/api/endpoint/api/dist-tags.js b/src/api/endpoint/api/dist-tags.js index 02b8c6ee3..31f5fe7aa 100644 --- a/src/api/endpoint/api/dist-tags.js +++ b/src/api/endpoint/api/dist-tags.js @@ -1,11 +1,10 @@ -const Middleware = require('../../web/middleware'); +const {media, allow} = require('../../web/middleware'); const mime = require('mime'); const _ = require('lodash'); -const media = Middleware.media; export default function(route, auth, storage) { - const can = Middleware.allow(auth); + const can = allow(auth); const tag_package_version = function(req, res, next) { if (_.isString(req.body) === false) { return next('route'); diff --git a/src/api/endpoint/api/package.js b/src/api/endpoint/api/package.js index d8e7e0bbb..257eb1c42 100644 --- a/src/api/endpoint/api/package.js +++ b/src/api/endpoint/api/package.js @@ -1,11 +1,11 @@ const _ = require('lodash'); const createError = require('http-errors'); -const Middleware = require('../../web/middleware'); +const {allow} = require('../../web/middleware'); const Utils = require('../../../lib/utils'); export default function(route, auth, storage, config) { - const can = Middleware.allow(auth); + const can = allow(auth); // TODO: anonymous user? route.get('/:package/:version?', can('access'), function(req, res, next) { const getPackageMetaCallback = function(err, info) { diff --git a/src/api/endpoint/api/publish.js b/src/api/endpoint/api/publish.js index 84b6c7efb..813ca688e 100644 --- a/src/api/endpoint/api/publish.js +++ b/src/api/endpoint/api/publish.js @@ -2,17 +2,15 @@ const _ = require('lodash'); const Path = require('path'); const createError = require('http-errors'); -const Middleware = require('../../web/middleware'); +const {media, expect_json, allow} = require('../../web/middleware'); const Notify = require('../../../lib/notify'); const Utils = require('../../../lib/utils'); const mime = require('mime'); -const media = Middleware.media; -const expect_json = Middleware.expect_json; const notify = Notify.notify; export default function(router, auth, storage, config) { - const can = Middleware.allow(auth); + const can = allow(auth); // publishing a package router.put('/:package/:_rev?/:revision?', can('publish'), media(mime.getType('json')), expect_json, function(req, res, next) { diff --git a/src/api/endpoint/index.js b/src/api/endpoint/index.js index 8d49f1329..84050fd99 100644 --- a/src/api/endpoint/index.js +++ b/src/api/endpoint/index.js @@ -13,25 +13,21 @@ import publish from './api/publish'; import search from './api/search'; import pkg from './api/package'; -const Middleware = require('../web/middleware'); -const match = Middleware.match; -const validateName = Middleware.validate_name; -const validatePkg = Middleware.validate_package; -const encodeScopePackage = Middleware.encodeScopePackage; +const {match, validate_name, validatePackage, encodeScopePackage, anti_loop} = require('../web/middleware'); -module.exports = function(config: Config, auth: IAuth, storage: IStorage) { +export default function(config: Config, auth: IAuth, storage: IStorage) { /* eslint new-cap:off */ const app = express.Router(); /* eslint new-cap:off */ // validate all of these params as a package name // this might be too harsh, so ask if it causes trouble - app.param('package', validatePkg); - app.param('filename', validateName); - app.param('tag', validateName); - app.param('version', validateName); - app.param('revision', validateName); - app.param('token', validateName); + app.param('package', validatePackage); + app.param('filename', validate_name); + app.param('tag', validate_name); + app.param('version', validate_name); + app.param('revision', validate_name); + app.param('token', validate_name); // these can't be safely put into express url for some reason // TODO: For some reason? what reason? @@ -42,7 +38,7 @@ module.exports = function(config: Config, auth: IAuth, storage: IStorage) { app.use(auth.basic_middleware()); // app.use(auth.bearer_middleware()) app.use(bodyParser.json({strict: false, limit: config.max_body_size || '10mb'})); - app.use(Middleware.anti_loop(config)); + app.use(anti_loop(config)); // encode / in a scoped package name to be matched as a single parameter in routes app.use(encodeScopePackage); // for "npm whoami" @@ -55,4 +51,4 @@ module.exports = function(config: Config, auth: IAuth, storage: IStorage) { ping(app); return app; -}; +} diff --git a/src/api/index.js b/src/api/index.js index 68f3e3145..28128daac 100644 --- a/src/api/index.js +++ b/src/api/index.js @@ -7,13 +7,14 @@ import Storage from '../lib/storage'; import {loadPlugin} from '../lib/plugin-loader'; import hookDebug from './debug'; import Auth from '../lib/auth'; +import apiEndpoint from './endpoint'; const Logger = require('../lib/logger'); const Config = require('../lib/config'); const Middleware = require('./web/middleware'); const Cats = require('../lib/status-cats'); -module.exports = function(configHash) { +export default function(configHash) { // Config Logger.setup(configHash.logs); const config = new Config(configHash); @@ -58,7 +59,7 @@ module.exports = function(configHash) { }); // For npm request - app.use(require('./endpoint')(config, auth, storage)); + app.use(apiEndpoint(config, auth, storage)); // For WebUI & WebUI API if (_.get(config, 'web.enable', true)) { @@ -95,5 +96,4 @@ module.exports = function(configHash) { app.use(Middleware.final); return app; -}; - +} diff --git a/src/api/web/api.js b/src/api/web/api.js index 502ca0438..6176faa89 100644 --- a/src/api/web/api.js +++ b/src/api/web/api.js @@ -5,7 +5,7 @@ import addPackageWebApi from './endpoint/package'; import addSearchWebApi from './endpoint/search'; import Search from '../../lib/search'; -import {match, validate_name, validate_package, securityIframe} from './middleware'; +import {match, validate_name, validatePackage, securityIframe} from './middleware'; const route = Router(); /* eslint new-cap: 0 */ @@ -18,7 +18,7 @@ module.exports = function(config, auth, storage) { // validate all of these params as a package name // this might be too harsh, so ask if it causes trouble - route.param('package', validate_package); + route.param('package', validatePackage); route.param('filename', validate_name); route.param('version', validate_name); route.param('anything', match(/.*/)); diff --git a/src/api/web/index.js b/src/api/web/index.js index 48972e410..76da937e8 100644 --- a/src/api/web/index.js +++ b/src/api/web/index.js @@ -4,7 +4,7 @@ import fs from 'fs'; import Search from '../../lib/search'; import * as Utils from '../../lib/utils'; -const Middleware = require('./middleware'); +const {securityIframe} = require('./middleware'); /* eslint new-cap:off */ const router = express.Router(); const env = require('../../config/env'); @@ -15,7 +15,7 @@ module.exports = function(config, auth, storage) { Search.configureStorage(storage); router.use(auth.jwtMiddleware()); - router.use(Middleware.securityIframe); + router.use(securityIframe); // Static router.get('/-/static/:filename', function(req, res, next) { diff --git a/src/api/web/middleware.js b/src/api/web/middleware.js index 3210997ab..329a87800 100644 --- a/src/api/web/middleware.js +++ b/src/api/web/middleware.js @@ -1,13 +1,17 @@ /* eslint prefer-rest-params: "off" */ -const crypto = require('crypto'); -const _ = require('lodash'); +import crypto from 'crypto'; +import _ from 'lodash'; +import { + validate_name as utilValidateName, + validate_package as utilValidatePackage, + isObject} from '../../lib/utils'; + const createError = require('http-errors'); -const utils = require('../../lib/utils'); const Logger = require('../../lib/logger'); -module.exports.match = function match(regexp) { +export function match(regexp) { return function(req, res, next, value) { if (regexp.exec(value)) { next(); @@ -15,37 +19,37 @@ module.exports.match = function match(regexp) { next('route'); } }; -}; +} -module.exports.securityIframe = function securityIframe(req, res, next) { +export function securityIframe(req, res, next) { // disable loading in frames (clickjacking, etc.) res.header('X-Frame-Options', 'deny'); next(); -}; +} -module.exports.validate_name = function validate_name(req, res, next, value, name) { +export function validate_name(req, res, next, value, name) { if (value.charAt(0) === '-') { // special case in couchdb usually next('route'); - } else if (utils.validate_name(value)) { + } else if (utilValidateName(value)) { next(); } else { next( createError[403]('invalid ' + name) ); } -}; +} -module.exports.validate_package = function validate_package(req, res, next, value, name) { +export function validatePackage(req, res, next, value, name) { if (value.charAt(0) === '-') { // special case in couchdb usually next('route'); - } else if (utils.validate_package(value)) { + } else if (utilValidatePackage(value)) { next(); } else { next( createError[403]('invalid ' + name) ); } -}; +} -module.exports.media = function media(expect) { +export function media(expect) { return function(req, res, next) { if (req.headers['content-type'] !== expect) { next( createError[415]('wrong content-type, expect: ' + expect @@ -54,24 +58,24 @@ module.exports.media = function media(expect) { next(); } }; -}; +} -module.exports.encodeScopePackage = function(req, res, next) { +export function encodeScopePackage(req, res, next) { if (req.url.indexOf('@') !== -1) { // e.g.: /@org/pkg/1.2.3 -> /@org%2Fpkg/1.2.3, /@org%2Fpkg/1.2.3 -> /@org%2Fpkg/1.2.3 req.url = req.url.replace(/^(\/@[^\/%]+)\/(?!$)/, '$1%2F'); } next(); -}; +} -module.exports.expect_json = function expect_json(req, res, next) { - if (!utils.isObject(req.body)) { +export function expect_json(req, res, next) { + if (!isObject(req.body)) { return next( createError[400]('can\'t parse incoming json') ); } next(); -}; +} -module.exports.anti_loop = function(config) { +export function anti_loop(config) { return function(req, res, next) { if (req.headers.via != null) { let arr = req.headers.via.split(','); @@ -85,7 +89,7 @@ module.exports.anti_loop = function(config) { } next(); }; -}; +} /** * Express doesn't do etags with requests <= 1024b @@ -99,7 +103,7 @@ function md5sum(data) { } -module.exports.allow = function(auth) { +export function allow(auth) { return function(action) { return function(req, res, next) { req.pause(); @@ -122,9 +126,9 @@ module.exports.allow = function(auth) { }); }; }; -}; +} -module.exports.final = function(body, req, res, next) { + export function final(body, req, res, next) { if (res.statusCode === 401 && !res.getHeader('WWW-Authenticate')) { // they say it's required for 401, so... res.header('WWW-Authenticate', 'Basic, Bearer'); @@ -165,9 +169,9 @@ module.exports.final = function(body, req, res, next) { } res.send(body); -}; +} -module.exports.log = function(req, res, next) { +export function log(req, res, next) { // logger req.log = Logger.logger.child({sub: 'in'}); @@ -175,6 +179,7 @@ module.exports.log = function(req, res, next) { if (_.isNil(_auth) === false) { req.headers.authorization = ''; } + let _cookie = req.headers.cookie; if (_.isNil(_cookie) === false) { req.headers.cookie = ''; @@ -248,10 +253,10 @@ module.exports.log = function(req, res, next) { log(); }; next(); -}; +} // Middleware -module.exports.errorReportingMiddleware = function(req, res, next) { +export function errorReportingMiddleware(req, res, next) { res.report_error = res.report_error || function(err) { if (err.status && err.status >= 400 && err.status < 600) { if (_.isNil(res.headersSent) === false) { @@ -273,5 +278,4 @@ module.exports.errorReportingMiddleware = function(req, res, next) { } }; next(); -}; - +} diff --git a/src/lib/bootstrap.js b/src/lib/bootstrap.js index 5353f7dde..5e2f64287 100644 --- a/src/lib/bootstrap.js +++ b/src/lib/bootstrap.js @@ -5,9 +5,9 @@ import fs from 'fs'; import http from'http'; import https from 'https'; import constants from 'constants'; +import server from '../api/index'; +import {parse_address} from './utils'; -const server = require('../api/index'); -const Utils = require('./utils'); const logger = require('./logger'); /** @@ -34,7 +34,7 @@ export function getListListenAddresses(argListen, configListen) { addresses = ['4873']; } addresses = addresses.map(function(addr) { - const parsedAddr = Utils.parse_address(addr); + const parsedAddr = parse_address(addr); if (!parsedAddr) { logger.logger.warn({addr: addr}, diff --git a/test/unit/basic_system.spec.js b/test/unit/basic_system.spec.js index 0f6886c89..6a7236bde 100644 --- a/test/unit/basic_system.spec.js +++ b/test/unit/basic_system.spec.js @@ -1,10 +1,10 @@ -'use strict'; +import verdaccio from '../../src/api/index'; const assert = require('assert'); const express = require('express'); const request = require('request'); const rimraf = require('rimraf'); -const verdaccio = require('../../src/api/index'); + const config = require('./partials/config'); const app = express();