github.com/verdaccio
1
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-02-21 07:29:37 +01:00
Code Releases Wiki Activity

docs: add scope proxy example and cleanup grammar/wording.

Browse Source
This commit is contained in:
jharris4 2018-06-07 10:32:30 -04:00
parent 3060ff8280
commit 39aabd3155
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docs/packages.md
View File

@ -3,9 +3,9 @@ id: packages
title: "Package Access" title: "Package Access"
--- ---
It's a series of contrains that allow or restrict access to the local storage based in specific criteria. It's a series of contraints that allow or restrict access to the local storage based in specific criteria.
The security constraints remains on shoulders of the plugin being used, by default `verdaccio` uses the [htpasswd plugin](https://github.com/verdaccio/verdaccio-htpasswd). If you use a different plugin the behaviour might be different. The default plugin does not handles by itself `allow_access` and `allow_publish`, it's use an internal fallback in case the plugin is not ready for it. The security constraints remain on the shoulders of the plugin being used, by default `verdaccio` uses the [htpasswd plugin](https://github.com/verdaccio/verdaccio-htpasswd). If you use a different plugin the behaviour might be different. The default plugin does not handle `allow_access` and `allow_publish` by itself, it uses an internal fallback in case the plugin is not ready for it.
For more information about permissions visit [the authentification section in the wiki](auth.md). For more information about permissions visit [the authentification section in the wiki](auth.md).
@ -45,14 +45,14 @@ The list of valid groups according the default plugins are
```js ```js
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous' '$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous'
``` ```
All users recieves all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be. All users recieve all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of `htpasswd` return the username as a group. For instance, if you are logged as `npmUser` the list of groups will be.
```js ```js
// groups without '$' are going to be deprecated eventually // groups without '$' are going to be deprecated eventually
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous', 'npmUser' '$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous', 'npmUser'
``` ```
If you want to protect specific set packages under your group, you need todo something like this. Let's use a `Regex` that covers all prefixed `npmuser-` packages. We recomend use a prefix for your packages, in that way it'd be easier to protect them. If you want to protect specific set packages under your group, you need to do something like this. Let's use a `Regex` that covers all prefixed `npmuser-` packages. We recomend using a prefix for your packages, in that way it will be easier to protect them.
```yaml ```yaml
packages: packages:
@ -72,11 +72,11 @@ npm ERR! 403 Forbidden: npmuser-core@latest
npm ERR! A complete log of this run can be found in: npm ERR! A complete log of this run can be found in:
npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log
``` ```
You can change the existing behaviour using a different plugin authentication. `verdaccio` just check whether the user that try to access or publish specific package belongs to the right group. You can change the existing behaviour using a different plugin authentication. `verdaccio` just checks whether the user that tried to access or publish a specific package belongs to the right group.
#### Set multiple groups #### Set multiple groups
Define multiple access groups is fairly easy, just define them with a white space between them. Defining multiple access groups is fairly easy, just define them with a white space between them.
```yaml ```yaml
'company-*': 'company-*':
@ -92,7 +92,7 @@ Define multiple access groups is fairly easy, just define them with a white spac
#### Blocking access to set of packages #### Blocking access to set of packages
If you want to block the acccess/publish to a specific group of packages. Just, do not define `access` and `publish`. If you want to block the acccess/publish to a specific group of packages. Just do not define `access` and `publish`.
```yaml ```yaml
packages: packages:
@ -103,7 +103,7 @@ packages:
``` ```
#### Blocking proxying a set of specific packages #### Blocking proxying a set of specific packages
You might want to block one or several packages to fetch from remote repositories., but, at the same time, allow others to access different *uplinks*. You might want to block one or several packages from fetching from remote repositories., but, at the same time, allow others to access different *uplinks*.
Let's see the following example: Let's see the following example:
@ -115,18 +115,22 @@ packages:
'my-company-*': 'my-company-*':
access: $all access: $all
publish: $authenticated publish: $authenticated
'@my-local-scope/*':
access: $all
publish: $authenticated
'**': '**':
access: all access: all
publish: $authenticated publish: $authenticated
proxy: npmjs proxy: npmjs
``` ```
Let's describe what we want with the example above: Let's describe what we want with the above example:
* I want to host my own `jquery` dependency but I need to avoid proxying it. * I want to host my own `jquery` dependency but I need to avoid proxying it.
* I want all dependencies that match with `my-company-*` but I need to avoid proxying them. * I want all dependencies that match with `my-company-*` but I need to avoid proxying them.
* I want to proxying all the rest dependencies. * I want all dependencies that are in the `my-local-scope` scope but I need to avoid proxying them.
* I want proxying for all the rest of the dependencies.
Be **aware that the order of your packages definitions is important and always use double wilcard**. Because if you do not include it `verdaccio` will include it for you and the way how your dependencies are solved will be affected. Be **aware that the order of your packages definitions is important and always use double wilcard**. Because if you do not include it `verdaccio` will include it for you and the way that your dependencies are resolved will be affected.
### Configuration ### Configuration
@ -139,7 +143,7 @@ publish | string | No | $authenticated | all | define groups allowed to publish
proxy | string | No |npmjs | all | limit look ups for specific uplink proxy | string | No |npmjs | all | limit look ups for specific uplink
storage | boolean | No | [true,false] | all | TODO storage | boolean | No | [true,false] | all | TODO
> We higlight recommend do not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and soon will be removed, please use the short version of each of those (**access**/**publish**/**proxy**). > We higlight the we recommend to not use **allow_access**/**allow_publish** and **proxy_access** anymore, those are deprecated and will soon be removed, please use the short version of each of those (**access**/**publish**/**proxy**).