verdaccio/lib/index.js

var express = require('express');
var cookies = require('cookies');
var utils = require('./utils');
var Storage = require('./storage');
var Config = require('./config');
var UError = require('./error').UserError;
var basic_auth = require('./middleware').basic_auth;
var validate_name = require('./middleware').validate_name;
var media = require('./middleware').media;
var etagify = require('./middleware').etagify;
var expect_json = require('./middleware').expect_json;

module.exports = function(config_hash) {
	var config = new Config(config_hash);
	var storage = new Storage(config);

	var can = function(action) {
		return function(req, res, next) {
			if (config['allow_'+action](req.params.package, req.remoteUser)) {
				next();
			} else {
				next(new UError({
					status: 403,
					msg: 'user '+req.remoteUser+' not allowed to '+action+' it'
				}));
			}
		};
	};

	var app = express();
	app.use(express.logger());
	app.use(etagify);
	app.use(basic_auth(function(user, pass) {
		return config.authenticate(user, pass);
   }));
	app.use(express.bodyParser());

	// TODO: npm DO NOT support compression :(
	app.use(express.compress());

	app.param('package', validate_name);
	app.param('filename', validate_name);

/*	app.get('/', function(req, res) {
		res.send({
			error: 'unimplemented'
		});
	});*/

/*	app.get('/-/all', function(req, res) {
		var https = require('https');
		var JSONStream = require('JSONStream');
		var request = require('request')({
			url: 'https://registry.npmjs.org/-/all',
			ca: require('./npmsslkeys'),
		})
		.pipe(JSONStream.parse('*'))
		.on('data', function(d) {
			console.log(d);
		});
	});*/

	// TODO: anonymous user?
	app.get('/:package/:version?', can('access'), function(req, res, next) {
		storage.get_package(req.params.package, function(err, info) {
			if (err) return next(err);
			info = utils.filter_tarball_urls(info, req, config);

			// XXX: in some cases npm calls for /:package and for some cases 
			// for /:package/:version - should investigate that
			if (req.params.version) {
				if (info.versions[req.params.version] != null) {
					info = info.versions[req.params.version];
				} else {
					return next(new UError({
						status: 404,
						msg: 'version not found: ' + req.params.version
					}));
				}
			}
			res.send(info);
		});
	});

	app.get('/:package/-/:filename', can('access'), function(req, res, next) {
		var stream = storage.get_tarball(req.params.package, req.params.filename);
		stream.on('error', function(err) {
			return next(err);
		});
		res.header('content-type', 'application/octet-stream');
		stream.pipe(res);
	});
	
	//app.get('/*', function(req, res) {
	//	proxy.request(req, res);
	//});
	
	// placeholder 'cause npm require to be authenticated to publish
	// we do not do any real authentication yet
	app.post('/_session', cookies.express(), function(req, res) {
		res.cookies.set('AuthSession', String(Math.random()), {
			// npmjs.org sets 10h expire
			expires: new Date(Date.now() + 10*60*60*1000)
		});
		res.send({"ok":true,"name":"somebody","roles":[]});
	});

	app.get('/-/user/:argument', function(req, res, next) {
		// can't put 'org.couchdb.user' in route address for some reason
		if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');
		res.status(200);
		return res.send({
			ok: 'you are authenticated as "' + req.user + '"',
		});
	});

	app.put('/-/user/:argument', function(req, res, next) {
		// can't put 'org.couchdb.user' in route address for some reason
		if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');
		res.status(409);
		return res.send({
			error: 'registration is not implemented',
		});
	});

	app.put('/-/user/:argument/-rev/*', function(req, res, next) {
		// can't put 'org.couchdb.user' in route address for some reason
		if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');
		res.status(201);
		return res.send({
			ok: 'you are authenticated as "' + req.user + '"',
		});
	});

	// publishing a package
	app.put('/:package', can('publish'), media('application/json'), expect_json, function(req, res, next) {
		var name = req.params.package;
		try {
			var metadata = utils.validate_metadata(req.body, name);
		} catch(err) {
			return next(new UError({
				status: 422,
				msg: 'bad incoming package data',
			}));
		}

		storage.add_package(name, metadata, function(err) {
			if (err) return next(err);
			res.status(201);
			return res.send({
				ok: 'created new package'
			});
		});
	});

	// uploading package tarball
	app.put('/:package/-/:filename/*', can('publish'), media('application/octet-stream'), function(req, res, next) {
		var name = req.params.package;

		var stream = storage.add_tarball(name, req.params.filename);
		req.pipe(stream);
		stream.on('error', function(err) {
			return next(err);
		});
		stream.on('end', function() {
			res.status(201);
			return res.send({
				ok: 'tarball uploaded successfully'
			});
		});
	});
	
	// adding a version
	app.put('/:package/:version/-tag/:tag', can('publish'), media('application/json'), expect_json, function(req, res, next) {
		var name = req.params.package;
		var version = req.params.version;
		var tag = req.params.tag;

		storage.add_version(name, version, req.body, tag, function(err) {
			if (err) return next(err);
			res.status(201);
			return res.send({
				ok: 'package published'
			});
		});
	});

	app.use(app.router);
	app.use(function(err, req, res, next) {
		if (err.status && err.msg && err.status >= 400 && err.status < 600) {
			res.status(err.status);
			res.send({error: err.msg});
		} else {
			console.log(err);
			console.log(err.stack);
			res.status(500);
			res.send({error: 'internal server error'});
		}
	});

	return app;
};
initial development 2013-05-31 08:26:11 +02:00			`var express = require('express');`
			`var cookies = require('cookies');`
			`var utils = require('./utils');`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`var Storage = require('./storage');`
			`var Config = require('./config');`
			`var UError = require('./error').UserError;`
			`var basic_auth = require('./middleware').basic_auth;`
			`var validate_name = require('./middleware').validate_name;`
			`var media = require('./middleware').media;`
add md5 etags for json 2013-07-03 03:49:24 +02:00			`var etagify = require('./middleware').etagify;`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`var expect_json = require('./middleware').expect_json;`
initial development 2013-05-31 08:26:11 +02:00
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`module.exports = function(config_hash) {`
			`var config = new Config(config_hash);`
			`var storage = new Storage(config);`

			`var can = function(action) {`
allow anonymous users (users without auth header) 2013-06-14 09:10:50 +02:00			`return function(req, res, next) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`if (config['allow_'+action](req.params.package, req.remoteUser)) {`
			`next();`
			`} else {`
			`next(new UError({`
			`status: 403,`
			`msg: 'user '+req.remoteUser+' not allowed to '+action+' it'`
			`}));`
			`}`
allow anonymous users (users without auth header) 2013-06-14 09:10:50 +02:00			`};`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`};`
working on drivers... 2013-06-01 00:57:28 +02:00
initial development 2013-05-31 08:26:11 +02:00			`var app = express();`
			`app.use(express.logger());`
add md5 etags for json 2013-07-03 03:49:24 +02:00			`app.use(etagify);`
allow anonymous users (users without auth header) 2013-06-14 09:10:50 +02:00			`app.use(basic_auth(function(user, pass) {`
			`return config.authenticate(user, pass);`
			`}));`
initial development 2013-05-31 08:26:11 +02:00			`app.use(express.bodyParser());`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
use compression if somebody asked for it 2013-06-20 19:10:33 +02:00			`// TODO: npm DO NOT support compression :(`
			`app.use(express.compress());`

initial development 2013-05-31 08:26:11 +02:00			`app.param('package', validate_name);`
working on drivers... 2013-06-01 00:57:28 +02:00			`app.param('filename', validate_name);`
initial development 2013-05-31 08:26:11 +02:00
			`/* app.get('/', function(req, res) {`
			`res.send({`
			`error: 'unimplemented'`
			`});`
			`});*/`

name change + a lot of work... 2013-06-08 03:16:28 +02:00			`/* app.get('/-/all', function(req, res) {`
			`var https = require('https');`
			`var JSONStream = require('JSONStream');`
			`var request = require('request')({`
			`url: 'https://registry.npmjs.org/-/all',`
			`ca: require('./npmsslkeys'),`
			`})`
			`.pipe(JSONStream.parse('*'))`
			`.on('data', function(d) {`
			`console.log(d);`
			`});`
			`});*/`

config file changes 2013-06-13 16:21:14 +02:00			`// TODO: anonymous user?`
			`app.get('/:package/:version?', can('access'), function(req, res, next) {`
initial development 2013-05-31 08:26:11 +02:00			`storage.get_package(req.params.package, function(err, info) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`if (err) return next(err);`
a lot of work done... 2013-06-18 20:14:55 +02:00			`info = utils.filter_tarball_urls(info, req, config);`
config file changes 2013-06-13 16:21:14 +02:00
			`// XXX: in some cases npm calls for /:package and for some cases`
			`// for /:package/:version - should investigate that`
			`if (req.params.version) {`
			`if (info.versions[req.params.version] != null) {`
			`info = info.versions[req.params.version];`
			`} else {`
			`return next(new UError({`
			`status: 404,`
			`msg: 'version not found: ' + req.params.version`
			`}));`
			`}`
			`}`
working on drivers... 2013-06-01 00:57:28 +02:00			`res.send(info);`
			`});`
			`});`

name change + a lot of work... 2013-06-08 03:16:28 +02:00			`app.get('/:package/-/:filename', can('access'), function(req, res, next) {`
working on streams 2013-06-20 15:07:34 +02:00			`var stream = storage.get_tarball(req.params.package, req.params.filename);`
			`stream.on('error', function(err) {`
			`return next(err);`
initial development 2013-05-31 08:26:11 +02:00			`});`
working on streams 2013-06-20 15:07:34 +02:00			`res.header('content-type', 'application/octet-stream');`
			`stream.pipe(res);`
initial development 2013-05-31 08:26:11 +02:00			`});`

			`//app.get('/*', function(req, res) {`
			`// proxy.request(req, res);`
			`//});`

			`// placeholder 'cause npm require to be authenticated to publish`
			`// we do not do any real authentication yet`
			`app.post('/_session', cookies.express(), function(req, res) {`
			`res.cookies.set('AuthSession', String(Math.random()), {`
			`// npmjs.org sets 10h expire`
			`expires: new Date(Date.now() + 106060*1000)`
			`});`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`res.send({"ok":true,"name":"somebody","roles":[]});`
			`});`

			`app.get('/-/user/:argument', function(req, res, next) {`
			`// can't put 'org.couchdb.user' in route address for some reason`
			`if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');`
			`res.status(200);`
			`return res.send({`
upstream error handling 2013-06-14 09:56:02 +02:00			`ok: 'you are authenticated as "' + req.user + '"',`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`});`
			`});`

			`app.put('/-/user/:argument', function(req, res, next) {`
upstream error handling 2013-06-14 09:56:02 +02:00			`// can't put 'org.couchdb.user' in route address for some reason`
			`if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');`
			`res.status(409);`
			`return res.send({`
			`error: 'registration is not implemented',`
			`});`
			`});`

			`app.put('/-/user/:argument/-rev/*', function(req, res, next) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`// can't put 'org.couchdb.user' in route address for some reason`
			`if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route');`
			`res.status(201);`
			`return res.send({`
upstream error handling 2013-06-14 09:56:02 +02:00			`ok: 'you are authenticated as "' + req.user + '"',`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`});`
initial development 2013-05-31 08:26:11 +02:00			`});`

			`// publishing a package`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`app.put('/:package', can('publish'), media('application/json'), expect_json, function(req, res, next) {`
initial development 2013-05-31 08:26:11 +02:00			`var name = req.params.package;`
working on drivers... 2013-06-01 00:57:28 +02:00			`try {`
			`var metadata = utils.validate_metadata(req.body, name);`
			`} catch(err) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`return next(new UError({`
working on drivers... 2013-06-01 00:57:28 +02:00			`status: 422,`
			`msg: 'bad incoming package data',`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}));`
initial development 2013-05-31 08:26:11 +02:00			`}`

working on drivers... 2013-06-01 00:57:28 +02:00			`storage.add_package(name, metadata, function(err) {`
initial development 2013-05-31 08:26:11 +02:00			`if (err) return next(err);`
working on drivers... 2013-06-01 00:57:28 +02:00			`res.status(201);`
			`return res.send({`
			`ok: 'created new package'`
			`});`
initial development 2013-05-31 08:26:11 +02:00			`});`
			`});`

			`// uploading package tarball`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`app.put('/:package/-/:filename/*', can('publish'), media('application/octet-stream'), function(req, res, next) {`
working on drivers... 2013-06-01 00:57:28 +02:00			`var name = req.params.package;`

working on streams 2013-06-20 15:07:34 +02:00			`var stream = storage.add_tarball(name, req.params.filename);`
			`req.pipe(stream);`
			`stream.on('error', function(err) {`
			`return next(err);`
			`});`
			`stream.on('end', function() {`
working on drivers... 2013-06-01 00:57:28 +02:00			`res.status(201);`
			`return res.send({`
			`ok: 'tarball uploaded successfully'`
			`});`
initial development 2013-05-31 08:26:11 +02:00			`});`
			`});`

			`// adding a version`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`app.put('/:package/:version/-tag/:tag', can('publish'), media('application/json'), expect_json, function(req, res, next) {`
initial development 2013-05-31 08:26:11 +02:00			`var name = req.params.package;`
working on drivers... 2013-06-01 00:57:28 +02:00			`var version = req.params.version;`
			`var tag = req.params.tag;`
initial development 2013-05-31 08:26:11 +02:00
working on drivers... 2013-06-01 00:57:28 +02:00			`storage.add_version(name, version, req.body, tag, function(err) {`
initial development 2013-05-31 08:26:11 +02:00			`if (err) return next(err);`
working on drivers... 2013-06-01 00:57:28 +02:00			`res.status(201);`
			`return res.send({`
			`ok: 'package published'`
			`});`
initial development 2013-05-31 08:26:11 +02:00			`});`
			`});`

working on drivers... 2013-06-01 00:57:28 +02:00			`app.use(app.router);`
			`app.use(function(err, req, res, next) {`
			`if (err.status && err.msg && err.status >= 400 && err.status < 600) {`
			`res.status(err.status);`
			`res.send({error: err.msg});`
			`} else {`
			`console.log(err);`
			`console.log(err.stack);`
			`res.status(500);`
			`res.send({error: 'internal server error'});`
			`}`
			`});`

initial development 2013-05-31 08:26:11 +02:00			`return app;`
			`};`