0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-23 22:27:34 -05:00
verdaccio/docs/uplinks.md
Juan Picado @jotadeveloper a68d247a44
feat: add support for jwt on api (#896)
* feat: add support for jwt on api

* test: add unit test for sign token with jwt

add multiple scenarios with configuration file

* chore: add JWT verification on middleware

* chore: restore headless

* chore: restore middleware header validation

* refactor: fix login whether user exists

* refactor: JWT is signed asynchronously

* refactor: better structure and new naming convention

* test: add unit test for token signature

* test: add unit test for creating user with JWT enabled

#168

* docs: add security section jwt

* refactor: renable  web auth middleware

* test(auth): add legacy disabled scenario

* chore: update gitignore

* chore: add some es6 sugar

* feat: enable JWT token signature for new installations

* chore: add yaml files to git

I forgot add this before 😷

* chore: trace log on auth

in case we want more output
2018-08-21 08:05:34 +02:00

3 KiB

id title
uplinks Uplinks

An uplink is a link with an external registry that provides acccess to external packages.

Uplinks

Usage

uplinks:
  npmjs:
   url: https://registry.npmjs.org/
  server2:
    url: http://mirror.local.net/
    timeout: 100ms
  server3:
    url: http://mirror2.local.net:9000/
  baduplink:
    url: http://localhost:55666/

Configuration

You can define mutiple uplinks and each of them must have an unique name (key). They can have two properties:

Property Type Required Example Support Description Default
url string Yes https://registry.npmjs.org/ all The registry url npmjs
ca string No ~./ssl/client.crt' all SSL path certificate No default
timeout string No 100ms all set new timeout for the request 30s
maxage string No 10m all limit maximun failure request 2m
fail_timeout string No 10m all defines max time when a request becomes a failure 5m
max_fails number No 2 all limit maximun failure request 2
cache boolean No [true,false] >= 2.1 cache all remote tarballs in storage true
auth list No see below >= 2.5 assigns the header 'Authorization' more info disabled
headers list No authorization: "Bearer SecretJWToken==" all list of custom headers for the uplink disabled
strict_ssl boolean No [true,false] >= 3.0 If true, requires SSL certificates be valid. true

Auth property

The auth property allows you to use an auth token with an uplink. Using the default environment variable:

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token_env: true # defaults to `process.env['NPM_TOKEN']`   

or via a specified environment variable:

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token_env: FOO_TOKEN

token_env: FOO_TOKEN internally will use process.env['FOO_TOKEN']

or by directly specifying a token:

uplinks:
  private:
    url: https://private-registry.domain.com/registry
    auth:
      type: bearer
      token: "token"

Note: token has priority over token_env

You Must know

  • Uplinks must be registries compatible with the npm endpoints. Eg: verdaccio, sinopia@1.4.0, npmjs registry, yarn registry, JFrog, Nexus and more.
  • Setting cache to false will help to save space in your hard drive. This will avoid store tarballs but it will keep metadata in folders.
  • Exceed with multiple uplinks might slow down the lookup of your packages due for each request a npm client does, verdaccio does 1 call for each uplink.
  • The (timeout, maxage and fail_timeout) format follow the NGINX measurement units