verdaccio/lib/config.js

var assert = require('assert')
  , crypto = require('crypto')
  , minimatch = require('minimatch')
  , utils = require('./utils')

// [[a, [b, c]], d] -> [a, b, c, d]
function flatten(array) {
	var result = []
	for (var i=0; i<array.length; i++) {
		if (Array.isArray(array[i])) {
			result.push.apply(result, flatten(array[i]))
		} else {
			result.push(array[i])
		}
	}
	return result
}

function Config(config) {
	if (!(this instanceof Config)) return new Config(config)
	for (var i in config) {
		if (this[i] == null) this[i] = config[i]
	}

	// some weird shell scripts are valid yaml files parsed as string
	assert.equal(typeof(config), 'object', 'CONFIG: this doesn\'t look like a valid config file')

	assert(this.storage, 'CONFIG: storage path not defined')

	var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}

	var check_user_or_uplink = function(arg) {
		assert(arg !== 'all' || arg !== 'owner' || arg !== 'anonymous' || arg !== 'undefined' || arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg)
		assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg)
		assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg)
		users[arg] = true
	}

	;['users', 'uplinks', 'packages'].forEach(function(x) {
		if (this[x] == null) this[x] = {}
		assert(utils.is_object(this[x]), 'CONFIG: bad "'+x+'" value (object expected)')
	})

	for (var i in this.users) check_user_or_uplink(i)
	for (var i in this.uplinks) check_user_or_uplink(i)

	for (var i in this.users) {
		assert(this.users[i].password, 'CONFIG: no password for user: ' + i)
		assert(
			typeof(this.users[i].password) === 'string' && 
			this.users[i].password.match(/^[a-f0-9]{40}$/)
		, 'CONFIG: wrong password format for user: ' + i + ', sha1 expected')
	}

	for (var i in this.uplinks) {
		assert(this.uplinks[i].url, 'CONFIG: no url for uplink: ' + i)
		assert(
			typeof(this.uplinks[i].url) === 'string'
		, 'CONFIG: wrong url format for uplink: ' + i)
		this.uplinks[i].url = this.uplinks[i].url.replace(/\/$/, '')
	}

	function check_userlist(i, hash, action) {
		if (hash[action] == null) hash[action] = []

		// if it's a string, split it to array
		if (typeof(hash[action]) === 'string') {
			hash[action] = hash[action].split(/\s+/)
		}

		assert(
			typeof(hash[action]) === 'object' &&
			Array.isArray(hash[action])
		, 'CONFIG: bad "'+i+'" package '+action+' description (array or string expected)')
		hash[action] = flatten(hash[action])
		hash[action].forEach(function(user) {
			assert(
				users[user] != null
			, 'CONFIG: "'+i+'" package: user "'+user+'" doesn\'t exist')
		})
	}

	for (var i in this.packages) {
		assert(
			typeof(this.packages[i]) === 'object' &&
			!Array.isArray(this.packages[i])
		, 'CONFIG: bad "'+i+'" package description (object expected)')

		check_userlist(i, this.packages[i], 'allow_access')
		check_userlist(i, this.packages[i], 'allow_publish')
		check_userlist(i, this.packages[i], 'proxy_access')
		check_userlist(i, this.packages[i], 'proxy_publish')

		// deprecated
		check_userlist(i, this.packages[i], 'access')
		check_userlist(i, this.packages[i], 'proxy')
		check_userlist(i, this.packages[i], 'publish')
	}

	// loading these from ENV if aren't in config
	;['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {
		if (!(v in this)) {
			this[v] = process.env[v] || process.env[v.toUpperCase()]
		}
	}).bind(this))

	// unique identifier of this server (or a cluster), used to avoid loops
	if (!this.server_id) {
		this.server_id = crypto.pseudoRandomBytes(6).toString('hex')
	}

	return this
}

function allow_action(package, who, action) {
	for (var i in this.packages) {
		if (minimatch.makeRe(i).exec(package)) {
			return this.packages[i][action].reduce(function(prev, curr) {
				if (curr === String(who) || curr === 'all') return true
				return prev
			}, false)
		}
	}
	return false
}

Config.prototype.allow_access = function(package, user) {
	return allow_action.call(this, package, user, 'allow_access') || allow_action.call(this, package, user, 'access')
}

Config.prototype.allow_publish = function(package, user) {
	return allow_action.call(this, package, user, 'allow_publish') || allow_action.call(this, package, user, 'publish')
}

Config.prototype.proxy_access = function(package, uplink) {
	return allow_action.call(this, package, uplink, 'proxy_access') || allow_action.call(this, package, uplink, 'proxy')
}

Config.prototype.proxy_publish = function(package, uplink) {
	return allow_action.call(this, package, uplink, 'proxy_publish')
}

Config.prototype.authenticate = function(user, password) {
	if (this.users[user] == null) return false
	return crypto.createHash('sha1').update(password).digest('hex') === this.users[user].password
}

module.exports = Config
added utils.is_object function for convenience 2013-10-22 09:29:57 +02:00			`var assert = require('assert')`
			`, crypto = require('crypto')`
			`, minimatch = require('minimatch')`
			`, utils = require('./utils')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`// [[a, [b, c]], d] -> [a, b, c, d]`
			`function flatten(array) {`
style fix 2013-10-26 14:18:36 +02:00			`var result = []`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i=0; i<array.length; i++) {`
			`if (Array.isArray(array[i])) {`
style fix 2013-10-26 14:18:36 +02:00			`result.push.apply(result, flatten(array[i]))`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`} else {`
style fix 2013-10-26 14:18:36 +02:00			`result.push(array[i])`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
			`}`
style fix 2013-10-26 14:18:36 +02:00			`return result`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`function Config(config) {`
style fix 2013-10-26 14:18:36 +02:00			`if (!(this instanceof Config)) return new Config(config)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i in config) {`
style fix 2013-10-26 14:18:36 +02:00			`if (this[i] == null) this[i] = config[i]`
config file error handling 2013-09-25 11:29:39 +02:00			`}`

			`// some weird shell scripts are valid yaml files parsed as string`
style fix 2013-10-26 14:18:36 +02:00			`assert.equal(typeof(config), 'object', 'CONFIG: this doesn\'t look like a valid config file')`

			`assert(this.storage, 'CONFIG: storage path not defined')`

			`var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`var check_user_or_uplink = function(arg) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(arg !== 'all' \|\| arg !== 'owner' \|\| arg !== 'anonymous' \|\| arg !== 'undefined' \|\| arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg)`
			`assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg)`
			`assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg)`
			`users[arg] = true`
			`}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
style fix 2013-10-26 14:18:36 +02:00			`;['users', 'uplinks', 'packages'].forEach(function(x) {`
			`if (this[x] == null) this[x] = {}`
			`assert(utils.is_object(this[x]), 'CONFIG: bad "'+x+'" value (object expected)')`
			`})`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
style fix 2013-10-26 14:18:36 +02:00			`for (var i in this.users) check_user_or_uplink(i)`
			`for (var i in this.uplinks) check_user_or_uplink(i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
			`for (var i in this.users) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(this.users[i].password, 'CONFIG: no password for user: ' + i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
			`typeof(this.users[i].password) === 'string' &&`
			`this.users[i].password.match(/^[a-f0-9]{40}$/)`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: wrong password format for user: ' + i + ', sha1 expected')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
style fix 2013-10-26 14:18:36 +02:00
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`for (var i in this.uplinks) {`
style fix 2013-10-26 14:18:36 +02:00			`assert(this.uplinks[i].url, 'CONFIG: no url for uplink: ' + i)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
			`typeof(this.uplinks[i].url) === 'string'`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: wrong url format for uplink: ' + i)`
			`this.uplinks[i].url = this.uplinks[i].url.replace(/\/$/, '')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
style fix 2013-10-26 14:18:36 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`function check_userlist(i, hash, action) {`
style fix 2013-10-26 14:18:36 +02:00			`if (hash[action] == null) hash[action] = []`
config file changes 2013-06-13 16:21:14 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`// if it's a string, split it to array`
			`if (typeof(hash[action]) === 'string') {`
style fix 2013-10-26 14:18:36 +02:00			`hash[action] = hash[action].split(/\s+/)`
jshinting 2013-10-01 20:02:23 +02:00			`}`
config file changes 2013-06-13 16:21:14 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`assert(`
			`typeof(hash[action]) === 'object' &&`
			`Array.isArray(hash[action])`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: bad "'+i+'" package '+action+' description (array or string expected)')`
			`hash[action] = flatten(hash[action])`
jshinting 2013-10-01 20:02:23 +02:00			`hash[action].forEach(function(user) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
jshinting 2013-10-01 20:02:23 +02:00			`users[user] != null`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: "'+i+'" package: user "'+user+'" doesn\'t exist')`
			`})`
jshinting 2013-10-01 20:02:23 +02:00			`}`
name change + a lot of work... 2013-06-08 03:16:28 +02:00
jshinting 2013-10-01 20:02:23 +02:00			`for (var i in this.packages) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`assert(`
			`typeof(this.packages[i]) === 'object' &&`
			`!Array.isArray(this.packages[i])`
style fix 2013-10-26 14:18:36 +02:00			`, 'CONFIG: bad "'+i+'" package description (object expected)')`
fixing config file handling 2013-09-24 08:27:27 +02:00
style fix 2013-10-26 14:18:36 +02:00			`check_userlist(i, this.packages[i], 'allow_access')`
			`check_userlist(i, this.packages[i], 'allow_publish')`
			`check_userlist(i, this.packages[i], 'proxy_access')`
			`check_userlist(i, this.packages[i], 'proxy_publish')`
fixing config file handling 2013-09-24 08:27:27 +02:00
			`// deprecated`
style fix 2013-10-26 14:18:36 +02:00			`check_userlist(i, this.packages[i], 'access')`
			`check_userlist(i, this.packages[i], 'proxy')`
			`check_userlist(i, this.packages[i], 'publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

retrieving proxy values from environment if present 2013-11-24 18:08:20 +01:00			`// loading these from ENV if aren't in config`
			`;['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {`
			`if (!(v in this)) {`
			`this[v] = process.env[v] \|\| process.env[v.toUpperCase()]`
			`}`
			`}).bind(this))`

detecting http loops 2013-12-09 04:59:31 +01:00			`// unique identifier of this server (or a cluster), used to avoid loops`
			`if (!this.server_id) {`
			`this.server_id = crypto.pseudoRandomBytes(6).toString('hex')`
			`}`

style fix 2013-10-26 14:18:36 +02:00			`return this`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`function allow_action(package, who, action) {`
			`for (var i in this.packages) {`
using minimatch instead of regexps 2013-06-14 11:27:08 +02:00			`if (minimatch.makeRe(i).exec(package)) {`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`return this.packages[i][action].reduce(function(prev, curr) {`
style fix 2013-10-26 14:18:36 +02:00			`if (curr === String(who) \|\| curr === 'all') return true`
			`return prev`
			`}, false)`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`
			`}`
style fix 2013-10-26 14:18:36 +02:00			`return false`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`Config.prototype.allow_access = function(package, user) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, user, 'allow_access') \|\| allow_action.call(this, package, user, 'access')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`Config.prototype.allow_publish = function(package, user) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, user, 'allow_publish') \|\| allow_action.call(this, package, user, 'publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

change config file format + comments 2013-09-24 06:27:47 +02:00			`Config.prototype.proxy_access = function(package, uplink) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, uplink, 'proxy_access') \|\| allow_action.call(this, package, uplink, 'proxy')`
change config file format + comments 2013-09-24 06:27:47 +02:00			`}`

fixing bugs preventing access to upstream 2013-09-27 09:48:01 +02:00			`Config.prototype.proxy_publish = function(package, uplink) {`
style fix 2013-10-26 14:18:36 +02:00			`return allow_action.call(this, package, uplink, 'proxy_publish')`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

			`Config.prototype.authenticate = function(user, password) {`
style fix 2013-10-26 14:18:36 +02:00			`if (this.users[user] == null) return false`
			`return crypto.createHash('sha1').update(password).digest('hex') === this.users[user].password`
name change + a lot of work... 2013-06-08 03:16:28 +02:00			`}`

style fix 2013-10-26 14:18:36 +02:00			`module.exports = Config`
name change + a lot of work... 2013-06-08 03:16:28 +02:00