mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-12-24 21:15:51 +01:00
fix: escaped slash in namespaced packages (#2193)
* fix: escaped slash in namespaced packages * run format on code * merge master branch (#2) * chore: fix start web issue * chore: use custom action for changeset this is temporary while I find the way to skip create github releases for alpha * chore: format as separated workflow (#2194) Co-authored-by: Juan Picado <juanpicado19@gmail.com> * merge master (#3) * chore: fix start web issue * chore: use custom action for changeset this is temporary while I find the way to skip create github releases for alpha * chore: format as separated workflow (#2194) Co-authored-by: Juan Picado <juanpicado19@gmail.com> * add changeset * format Co-authored-by: amit <amit@enso.security> Co-authored-by: Juan Picado <juanpicado19@gmail.com>
This commit is contained in:
parent
9ddce9dec7
commit
648575aa41
16
.changeset/many-vans-care.md
Normal file
16
.changeset/many-vans-care.md
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
'@verdaccio/tarball': patch
|
||||
'@verdaccio/mock': patch
|
||||
'@verdaccio/ui-theme': patch
|
||||
'@verdaccio/server': patch
|
||||
'@verdaccio/utils': patch
|
||||
'verdaccio': patch
|
||||
---
|
||||
|
||||
Bug Fixes
|
||||
|
||||
- fix escaped slash in namespaced packages
|
||||
|
||||
#### Related tickets
|
||||
|
||||
https://github.com/verdaccio/verdaccio/pull/2193
|
@ -2,7 +2,6 @@ import URL from 'url';
|
||||
import { Request } from 'express';
|
||||
import buildDebug from 'debug';
|
||||
|
||||
import { encodeScopedUri } from '@verdaccio/utils';
|
||||
import { getPublicUrl } from '@verdaccio/url';
|
||||
|
||||
const debug = buildDebug('verdaccio:core:url');
|
||||
@ -32,5 +31,5 @@ export function getLocalRegistryTarballUri(
|
||||
// header only set with proxy that setup with HTTPS
|
||||
const domainRegistry = getPublicUrl(urlPrefix || '', req);
|
||||
|
||||
return `${domainRegistry}${encodeScopedUri(pkgName)}/-/${tarballName}`;
|
||||
return `${domainRegistry}${pkgName}/-/${tarballName}`;
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ import {
|
||||
HTTP_STATUS,
|
||||
TOKEN_BEARER,
|
||||
} from '@verdaccio/commons-api';
|
||||
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
|
||||
import { buildToken } from '@verdaccio/utils';
|
||||
import { generateRandomHexString } from '@verdaccio/utils';
|
||||
import { Package } from '@verdaccio/types';
|
||||
import { response } from 'express';
|
||||
@ -70,7 +70,7 @@ export function putPackage(
|
||||
export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
|
||||
return new Promise((resolve) => {
|
||||
const del = request
|
||||
.put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
|
||||
.put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
|
||||
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
|
||||
|
||||
if (_.isNil(token) === false) {
|
||||
@ -216,18 +216,13 @@ export async function fetchPackageByVersionAndTag(
|
||||
}
|
||||
|
||||
export async function isExistPackage(app, packageName) {
|
||||
const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
|
||||
const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
|
||||
|
||||
return _.isNull(err);
|
||||
}
|
||||
|
||||
export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
|
||||
const [, res] = await getPackage(
|
||||
request(app),
|
||||
token as string,
|
||||
encodeScopedUri(packageName),
|
||||
HTTP_STATUS.OK
|
||||
);
|
||||
const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
|
||||
|
||||
const { versions } = res.body;
|
||||
const versionsKeys = Object.keys(versions);
|
||||
@ -236,5 +231,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
|
||||
}
|
||||
|
||||
export function generateUnPublishURI(pkgName) {
|
||||
return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
|
||||
return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ import {
|
||||
API_MESSAGE,
|
||||
TOKEN_BEARER,
|
||||
} from '@verdaccio/commons-api';
|
||||
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
|
||||
import { buildToken } from '@verdaccio/utils';
|
||||
import { setup, logger } from '@verdaccio/logger';
|
||||
|
||||
import { mockServer } from '@verdaccio/mock';
|
||||
@ -481,7 +481,7 @@ describe('endpoint unit test', () => {
|
||||
const version = '2.0.0';
|
||||
const pkg = generatePackageMetadata(pkgName, version);
|
||||
|
||||
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
|
||||
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
if (err) {
|
||||
expect(err).toBeNull();
|
||||
return done(err);
|
||||
@ -490,7 +490,7 @@ describe('endpoint unit test', () => {
|
||||
const newVersion = '2.0.1';
|
||||
const [newErr] = await putPackage(
|
||||
request(app),
|
||||
`/${encodeScopedUri(pkgName)}`,
|
||||
`/${pkgName}`,
|
||||
generatePackageMetadata(pkgName, newVersion),
|
||||
token
|
||||
);
|
||||
@ -557,7 +557,7 @@ describe('endpoint unit test', () => {
|
||||
|
||||
const [newErr] = await putPackage(
|
||||
request(app),
|
||||
`/${encodeScopedUri(pkgName)}`,
|
||||
`/${pkgName}`,
|
||||
generatePackageMetadata(pkgName, newVersion),
|
||||
token
|
||||
);
|
||||
@ -606,7 +606,7 @@ describe('endpoint unit test', () => {
|
||||
|
||||
const [newErr, resp] = await putPackage(
|
||||
request(app),
|
||||
`/${encodeScopedUri(pkgName)}`,
|
||||
`/${pkgName}`,
|
||||
generatePackageMetadata(pkgName, newVersion),
|
||||
token
|
||||
);
|
||||
@ -801,7 +801,7 @@ describe('endpoint unit test', () => {
|
||||
|
||||
test('should deprecate a package', async (done) => {
|
||||
const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
|
||||
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
|
||||
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
if (err) {
|
||||
expect(err).toBeNull();
|
||||
return done(err);
|
||||
@ -813,9 +813,9 @@ describe('endpoint unit test', () => {
|
||||
|
||||
test('should undeprecate a package', async (done) => {
|
||||
let pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
|
||||
await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
|
||||
await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
pkg = generateDeprecateMetadata(pkgName, version, '');
|
||||
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
|
||||
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
if (err) {
|
||||
expect(err).toBeNull();
|
||||
return done(err);
|
||||
@ -831,12 +831,7 @@ describe('endpoint unit test', () => {
|
||||
let credentials = { name: 'only_publish', password: 'secretPass' };
|
||||
let token = await getNewToken(request(app), credentials);
|
||||
const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
|
||||
const [err, res] = await putPackage(
|
||||
request(app),
|
||||
`/${encodeScopedUri(pkgName)}`,
|
||||
pkg,
|
||||
token
|
||||
);
|
||||
const [err, res] = await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
expect(err).not.toBeNull();
|
||||
expect(res.body.error).toBeDefined();
|
||||
expect(res.body.error).toMatch(
|
||||
@ -844,12 +839,7 @@ describe('endpoint unit test', () => {
|
||||
);
|
||||
credentials = { name: 'only_unpublish', password: 'secretPass' };
|
||||
token = await getNewToken(request(app), credentials);
|
||||
const [err2, res2] = await putPackage(
|
||||
request(app),
|
||||
`/${encodeScopedUri(pkgName)}`,
|
||||
pkg,
|
||||
token
|
||||
);
|
||||
const [err2, res2] = await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
expect(err2).not.toBeNull();
|
||||
expect(res2.body.error).toBeDefined();
|
||||
expect(res2.body.error).toMatch(
|
||||
@ -870,7 +860,7 @@ describe('endpoint unit test', () => {
|
||||
...generateVersion(pkgName, '1.0.1'),
|
||||
deprecated: 'get deprecated',
|
||||
};
|
||||
await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
|
||||
await putPackage(request(app), `/${pkgName}`, pkg, token);
|
||||
const [, res] = await getPackage(request(app), '', pkgName);
|
||||
expect(res.body.versions[version].deprecated).toEqual('get deprecated');
|
||||
expect(res.body.versions['1.0.1'].deprecated).toEqual('get deprecated');
|
||||
|
@ -253,10 +253,6 @@ export function mask(str: string, charNum = 3): string {
|
||||
return `${str.substr(0, charNum)}...${str.substr(-charNum)}`;
|
||||
}
|
||||
|
||||
export function encodeScopedUri(packageName): string {
|
||||
return packageName.replace(/\//g, '%2f');
|
||||
}
|
||||
|
||||
export function hasDiffOneKey(versions): boolean {
|
||||
return Object.keys(versions).length !== 1;
|
||||
}
|
||||
|
@ -13,7 +13,7 @@ export default function (server, server2) {
|
||||
beforeAll(function () {
|
||||
return server
|
||||
.request({
|
||||
uri: '/@test%2fscoped',
|
||||
uri: '/@test/scoped',
|
||||
headers: {
|
||||
'content-type': HEADERS.JSON,
|
||||
},
|
||||
@ -54,7 +54,7 @@ export default function (server, server2) {
|
||||
expect(body.name).toBe(SCOPE);
|
||||
expect(body.versions[PKG_VERSION].name).toBe(SCOPE);
|
||||
expect(body.versions[PKG_VERSION].dist.tarball).toBe(
|
||||
`http://${DOMAIN_SERVERS}:${port}/@test%2fscoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
|
||||
`http://${DOMAIN_SERVERS}:${port}/@test/scoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
|
||||
);
|
||||
expect(body[DIST_TAGS]).toEqual({ latest: PKG_VERSION });
|
||||
});
|
||||
@ -73,7 +73,7 @@ export default function (server, server2) {
|
||||
.then(function (body) {
|
||||
expect(body.name).toEqual(SCOPE);
|
||||
expect(body.dist.tarball).toEqual(
|
||||
`http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test%2fscoped/-/${PKG_NAME}-` +
|
||||
`http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test/scoped/-/${PKG_NAME}-` +
|
||||
`${PKG_VERSION}.tgz`
|
||||
);
|
||||
});
|
||||
|
@ -2,7 +2,7 @@ import _ from 'lodash';
|
||||
import request from 'supertest';
|
||||
|
||||
import { HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BEARER } from '@verdaccio/commons-api';
|
||||
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
|
||||
import { buildToken } from '@verdaccio/utils';
|
||||
import { generateRandomHexString } from '@verdaccio/utils';
|
||||
import { Package } from '@verdaccio/types';
|
||||
|
||||
@ -46,7 +46,7 @@ export function putPackage(
|
||||
export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
|
||||
return new Promise((resolve) => {
|
||||
let del = request
|
||||
.put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
|
||||
.put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
|
||||
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
|
||||
|
||||
if (_.isNil(token) === false) {
|
||||
@ -193,18 +193,13 @@ export async function fetchPackageByVersionAndTag(
|
||||
}
|
||||
|
||||
export async function isExistPackage(app, packageName) {
|
||||
const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
|
||||
const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
|
||||
|
||||
return _.isNull(err);
|
||||
}
|
||||
|
||||
export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
|
||||
const [, res] = await getPackage(
|
||||
request(app),
|
||||
token as string,
|
||||
encodeScopedUri(packageName),
|
||||
HTTP_STATUS.OK
|
||||
);
|
||||
const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
|
||||
|
||||
const { versions } = res.body;
|
||||
const versionsKeys = Object.keys(versions);
|
||||
@ -213,5 +208,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
|
||||
}
|
||||
|
||||
export function generateUnPublishURI(pkgName) {
|
||||
return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
|
||||
return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user