verdaccio/lib/config.js

var assert = require('assert')
  , crypto = require('crypto')
  , minimatch = require('minimatch')
  , utils = require('./utils')

// [[a, [b, c]], d] -> [a, b, c, d]
function flatten(array) {
	var result = []
	for (var i=0; i<array.length; i++) {
		if (Array.isArray(array[i])) {
			result.push.apply(result, flatten(array[i]))
		} else {
			result.push(array[i])
		}
	}
	return result
}

function Config(config) {
	if (!(this instanceof Config)) return new Config(config)
	for (var i in config) {
		if (this[i] == null) this[i] = config[i]
	}

	// some weird shell scripts are valid yaml files parsed as string
	assert.equal(typeof(config), 'object', 'CONFIG: this doesn\'t look like a valid config file')

	assert(this.storage, 'CONFIG: storage path not defined')

	var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}

	var check_user_or_uplink = function(arg) {
		assert(arg !== 'all' || arg !== 'owner' || arg !== 'anonymous' || arg !== 'undefined' || arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg)
		assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg)
		assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg)
		users[arg] = true
	}

	;['users', 'uplinks', 'packages'].forEach(function(x) {
		if (this[x] == null) this[x] = {}
		assert(utils.is_object(this[x]), 'CONFIG: bad "'+x+'" value (object expected)')
	})

	for (var i in this.users) check_user_or_uplink(i)
	for (var i in this.uplinks) check_user_or_uplink(i)

	for (var i in this.users) {
		assert(this.users[i].password, 'CONFIG: no password for user: ' + i)
		assert(
			typeof(this.users[i].password) === 'string' &&
			this.users[i].password.match(/^[a-f0-9]{40}$/)
		, 'CONFIG: wrong password format for user: ' + i + ', sha1 expected')
	}

	for (var i in this.uplinks) {
		assert(this.uplinks[i].url, 'CONFIG: no url for uplink: ' + i)
		assert(
			typeof(this.uplinks[i].url) === 'string'
		, 'CONFIG: wrong url format for uplink: ' + i)
		this.uplinks[i].url = this.uplinks[i].url.replace(/\/$/, '')
	}

	function check_userlist(i, hash, action) {
		if (hash[action] == null) hash[action] = []

		// if it's a string, split it to array
		if (typeof(hash[action]) === 'string') {
			hash[action] = hash[action].split(/\s+/)
		}

		assert(
			typeof(hash[action]) === 'object' &&
			Array.isArray(hash[action])
		, 'CONFIG: bad "'+i+'" package '+action+' description (array or string expected)')
		hash[action] = flatten(hash[action])
		hash[action].forEach(function(user) {
			assert(
				users[user] != null
			, 'CONFIG: "'+i+'" package: user "'+user+'" doesn\'t exist')
		})
	}

	for (var i in this.packages) {
		assert(
			typeof(this.packages[i]) === 'object' &&
			!Array.isArray(this.packages[i])
		, 'CONFIG: bad "'+i+'" package description (object expected)')

		check_userlist(i, this.packages[i], 'allow_access')
		check_userlist(i, this.packages[i], 'allow_publish')
		check_userlist(i, this.packages[i], 'proxy_access')
		check_userlist(i, this.packages[i], 'proxy_publish')

		// deprecated
		check_userlist(i, this.packages[i], 'access')
		check_userlist(i, this.packages[i], 'proxy')
		check_userlist(i, this.packages[i], 'publish')
	}

	// loading these from ENV if aren't in config
	;['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {
		if (!(v in this)) {
			this[v] = process.env[v] || process.env[v.toUpperCase()]
		}
	}).bind(this))

	// unique identifier of this server (or a cluster), used to avoid loops
	if (!this.server_id) {
		this.server_id = crypto.pseudoRandomBytes(6).toString('hex')
	}

	// default for sinopia 0.7.x, may be changed in the future
	if (this.ignore_latest_tag == null) this.ignore_latest_tag = true

	return this
}

function allow_action(package, who, action) {
	return (this.get_package_setting(package, action) || []).reduce(function(prev, curr) {
		if (curr === String(who) || curr === 'all') return true
		return prev
	}, false)
}

Config.prototype.allow_access = function(package, user) {
	return allow_action.call(this, package, user, 'allow_access') || allow_action.call(this, package, user, 'access')
}

Config.prototype.allow_publish = function(package, user) {
	return allow_action.call(this, package, user, 'allow_publish') || allow_action.call(this, package, user, 'publish')
}

Config.prototype.proxy_access = function(package, uplink) {
	return allow_action.call(this, package, uplink, 'proxy_access') || allow_action.call(this, package, uplink, 'proxy')
}

Config.prototype.proxy_publish = function(package, uplink) {
	return allow_action.call(this, package, uplink, 'proxy_publish')
}

Config.prototype.get_package_setting = function(package, setting) {
	for (var i in this.packages) {
		if (minimatch.makeRe(i).exec(package)) {
			return this.packages[i][setting]
		}
	}
	return undefined
}

Config.prototype.authenticate = function(user, password) {
	if (this.users[user] == null) return false
	return crypto.createHash('sha1').update(password).digest('hex') === this.users[user].password
}

module.exports = Config

var parse_interval_table = {
	'': 1000,
	ms: 1,
	s: 1000,
	m: 60*1000,
	h: 60*60*1000,
	d: 86400000,
	w: 7*86400000,
	M: 30*86400000,
	y: 365*86400000,
}

module.exports.parse_interval = function(interval) {
	if (typeof(interval) === 'number') return interval * 1000

	var result = 0
	var last_suffix = Infinity
	interval.split(/\s+/).forEach(function(x) {
		if (!x) return
		var m = x.match(/^((0|[1-9][0-9]*)(\.[0-9]+)?)(ms|s|m|h|d|w|M|y|)$/)
		if (!m
		||  parse_interval_table[m[4]] >= last_suffix
		||  (m[4] === '' && last_suffix !== Infinity)) {
			throw new Error('invalid interval: ' + interval)
		}
		last_suffix = parse_interval_table[m[4]]
		result += Number(m[1]) * parse_interval_table[m[4]]
	})
	return result
}
added utils.is_object function for convenience 2013-10-22 09:29:57 +02:00			`var assert = require('assert')`
			`, crypto = require('crypto')`
			`, minimatch = require('minimatch')`
			`, utils = require('./utils')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`// [[a, [b, c]], d] -> [a, b, c, d]`
			`function flatten(array) {`
style fix 2013-10-26 14:18:36 +02:00			`var result = []`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i=0; i<array.length; i++) {`
			`if (Array.isArray(array[i])) {`
style fix 2013-10-26 14:18:36 +02:00			`result.push.apply(result, flatten(array[i]))`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`} else {`
style fix 2013-10-26 14:18:36 +02:00			`result.push(array[i])`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
			`}`
style fix 2013-10-26 14:18:36 +02:00			`return result`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`function Config(config) {`
style fix 2013-10-26 14:18:36 +02:00			`if (!(this instanceof Config)) return new Config(config)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i in config) {`
style fix 2013-10-26 14:18:36 +02:00			`if (this[i] == null) this[i] = config[i]`
config file error handling 2013-09-25 11:29:39 +02:00			`}`

			`// some weird shell scripts are valid yaml files parsed as string`
style fix 2013-10-26 14:18:36 +02:00			`assert.equal(typeof(config), 'object', 'CONFIG: this doesn\'t look like a valid config file')`

			`assert(this.storage, 'CONFIG: storage path not defined')`

			`var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`var check_user_or_uplink = function(arg) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(arg !== 'all' \|\| arg !== 'owner' \|\| arg !== 'anonymous' \|\| arg !== 'undefined' \|\| arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg)`
			`assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg)`
			`assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg)`
			`users[arg] = true`
			`}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
style fix 2013-10-26 14:18:36 +02:00			`;['users', 'uplinks', 'packages'].forEach(function(x) {`
			`if (this[x] == null) this[x] = {}`
			`assert(utils.is_object(this[x]), 'CONFIG: bad "'+x+'" value (object expected)')`
			`})`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
style fix 2013-10-26 14:18:36 +02:00			`for (var i in this.users) check_user_or_uplink(i)`
			`for (var i in this.uplinks) check_user_or_uplink(i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`for (var i in this.users) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(this.users[i].password, 'CONFIG: no password for user: ' + i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
fs interface refactoring 2014-01-13 17:48:51 +01:00			`typeof(this.users[i].password) === 'string' &&`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`this.users[i].password.match(/^[a-f0-9]{40}$/)`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: wrong password format for user: ' + i + ', sha1 expected')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
style fix 2013-10-26 14:18:36 +02:00
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i in this.uplinks) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(this.uplinks[i].url, 'CONFIG: no url for uplink: ' + i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
			`typeof(this.uplinks[i].url) === 'string'`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: wrong url format for uplink: ' + i)`
			`this.uplinks[i].url = this.uplinks[i].url.replace(/\/$/, '')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
style fix 2013-10-26 14:18:36 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`function check_userlist(i, hash, action) {`
style fix 2013-10-26 14:18:36 +02:00			`if (hash[action] == null) hash[action] = []`
config file changes 2013-06-13 16:21:14 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`// if it's a string, split it to array`
			`if (typeof(hash[action]) === 'string') {`
style fix 2013-10-26 14:18:36 +02:00			`hash[action] = hash[action].split(/\s+/)`
jshinting 2013-10-01 20:02:23 +02:00			`}`
config file changes 2013-06-13 16:21:14 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`assert(`
			`typeof(hash[action]) === 'object' &&`
			`Array.isArray(hash[action])`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: bad "'+i+'" package '+action+' description (array or string expected)')`
			`hash[action] = flatten(hash[action])`
jshinting 2013-10-01 20:02:23 +02:00			`hash[action].forEach(function(user) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
jshinting 2013-10-01 20:02:23 +02:00			`users[user] != null`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: "'+i+'" package: user "'+user+'" doesn\'t exist')`
			`})`
jshinting 2013-10-01 20:02:23 +02:00			`}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`for (var i in this.packages) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
			`typeof(this.packages[i]) === 'object' &&`
			`!Array.isArray(this.packages[i])`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: bad "'+i+'" package description (object expected)')`
fixing config file handling 2013-09-24 08:27:27 +02:00
style fix 2013-10-26 14:18:36 +02:00			`check_userlist(i, this.packages[i], 'allow_access')`
			`check_userlist(i, this.packages[i], 'allow_publish')`
			`check_userlist(i, this.packages[i], 'proxy_access')`
			`check_userlist(i, this.packages[i], 'proxy_publish')`
fixing config file handling 2013-09-24 08:27:27 +02:00
			`// deprecated`
style fix 2013-10-26 14:18:36 +02:00			`check_userlist(i, this.packages[i], 'access')`
			`check_userlist(i, this.packages[i], 'proxy')`
			`check_userlist(i, this.packages[i], 'publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

retrieving proxy values from environment if present 2013-11-24 18:08:20 +01:00			`// loading these from ENV if aren't in config`
			`;['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {`
			`if (!(v in this)) {`
			`this[v] = process.env[v] \|\| process.env[v.toUpperCase()]`
			`}`
			`}).bind(this))`

detecting http loops 2013-12-09 04:59:31 +01:00			`// unique identifier of this server (or a cluster), used to avoid loops`
			`if (!this.server_id) {`
			`this.server_id = crypto.pseudoRandomBytes(6).toString('hex')`
			`}`

making latest tag behaviour configurable 2014-03-29 03:31:34 +01:00			`// default for sinopia 0.7.x, may be changed in the future`
			`if (this.ignore_latest_tag == null) this.ignore_latest_tag = true`

style fix 2013-10-26 14:18:36 +02:00			`return this`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`function allow_action(package, who, action) {`
fs interface refactoring 2014-01-13 17:48:51 +01:00			`return (this.get_package_setting(package, action) \|\| []).reduce(function(prev, curr) {`
			`if (curr === String(who) \|\| curr === 'all') return true`
			`return prev`
			`}, false)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`Config.prototype.allow_access = function(package, user) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, user, 'allow_access') \|\| allow_action.call(this, package, user, 'access')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`Config.prototype.allow_publish = function(package, user) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, user, 'allow_publish') \|\| allow_action.call(this, package, user, 'publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

change config file format + comments 2013-09-24 06:27:47 +02:00			`Config.prototype.proxy_access = function(package, uplink) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, uplink, 'proxy_access') \|\| allow_action.call(this, package, uplink, 'proxy')`
change config file format + comments 2013-09-24 06:27:47 +02:00			`}`

fixing bugs preventing access to upstream 2013-09-27 09:48:01 +02:00			`Config.prototype.proxy_publish = function(package, uplink) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, uplink, 'proxy_publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

fs interface refactoring 2014-01-13 17:48:51 +01:00			`Config.prototype.get_package_setting = function(package, setting) {`
			`for (var i in this.packages) {`
			`if (minimatch.makeRe(i).exec(package)) {`
			`return this.packages[i][setting]`
			`}`
			`}`
			`return undefined`
			`}`

name change + a lot of work... 2013-06-08 03:16:28 +02:00			`Config.prototype.authenticate = function(user, password) {`
style fix 2013-10-26 14:18:36 +02:00			`if (this.users[user] == null) return false`
			`return crypto.createHash('sha1').update(password).digest('hex') === this.users[user].password`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

style fix 2013-10-26 14:18:36 +02:00			`module.exports = Config`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
change interval formatting in config All intervals are now in milliseconds. But you can add multiples ("ms", "s", "m", "h", "d", "M", "y") to set value using different units. For example, value "1.5h" would mean 1.5 hours. 2014-03-08 04:49:59 +01:00			`var parse_interval_table = {`
change intervals formatting to match nginx see http://wiki.nginx.org/ConfigNotation 2014-03-08 05:37:16 +01:00			`'': 1000,`
change interval formatting in config All intervals are now in milliseconds. But you can add multiples ("ms", "s", "m", "h", "d", "M", "y") to set value using different units. For example, value "1.5h" would mean 1.5 hours. 2014-03-08 04:49:59 +01:00			`ms: 1,`
			`s: 1000,`
			`m: 60*1000,`
			`h: 60601000,`
			`d: 86400000,`
change intervals formatting to match nginx see http://wiki.nginx.org/ConfigNotation 2014-03-08 05:37:16 +01:00			`w: 7*86400000,`
change interval formatting in config All intervals are now in milliseconds. But you can add multiples ("ms", "s", "m", "h", "d", "M", "y") to set value using different units. For example, value "1.5h" would mean 1.5 hours. 2014-03-08 04:49:59 +01:00			`M: 30*86400000,`
change intervals formatting to match nginx see http://wiki.nginx.org/ConfigNotation 2014-03-08 05:37:16 +01:00			`y: 365*86400000,`
change interval formatting in config All intervals are now in milliseconds. But you can add multiples ("ms", "s", "m", "h", "d", "M", "y") to set value using different units. For example, value "1.5h" would mean 1.5 hours. 2014-03-08 04:49:59 +01:00			`}`

			`module.exports.parse_interval = function(interval) {`
change intervals formatting to match nginx see http://wiki.nginx.org/ConfigNotation 2014-03-08 05:37:16 +01:00			`if (typeof(interval) === 'number') return interval * 1000`

			`var result = 0`
			`var last_suffix = Infinity`
			`interval.split(/\s+/).forEach(function(x) {`
trim intervals 2014-03-08 05:38:37 +01:00			`if (!x) return`
change intervals formatting to match nginx see http://wiki.nginx.org/ConfigNotation 2014-03-08 05:37:16 +01:00			`var m = x.match(/^((0\|[1-9][0-9]*)(\.[0-9]+)?)(ms\|s\|m\|h\|d\|w\|M\|y\|)$/)`
			`if (!m`
			`\|\| parse_interval_table[m[4]] >= last_suffix`
			`\|\| (m[4] === '' && last_suffix !== Infinity)) {`
			`throw new Error('invalid interval: ' + interval)`
			`}`
			`last_suffix = parse_interval_table[m[4]]`
			`result += Number(m[1]) * parse_interval_table[m[4]]`
			`})`
			`return result`
change interval formatting in config All intervals are now in milliseconds. But you can add multiples ("ms", "s", "m", "h", "d", "M", "y") to set value using different units. For example, value "1.5h" would mean 1.5 hours. 2014-03-08 04:49:59 +01:00			`}`