1
0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-24 21:15:51 +01:00

fix: escaped slash in namespaced packages (#2193)

* fix: escaped slash in namespaced packages

* run format on code

* merge master branch (#2)

* chore: fix start web issue

* chore: use custom action for changeset

this is temporary while I find the way to skip create github releases for alpha

* chore: format as separated workflow (#2194)

Co-authored-by: Juan Picado <juanpicado19@gmail.com>

* merge master (#3)

* chore: fix start web issue

* chore: use custom action for changeset

this is temporary while I find the way to skip create github releases for alpha

* chore: format as separated workflow (#2194)

Co-authored-by: Juan Picado <juanpicado19@gmail.com>

* add changeset

* format

Co-authored-by: amit <amit@enso.security>
Co-authored-by: Juan Picado <juanpicado19@gmail.com>
This commit is contained in:
amit 2021-04-24 19:14:24 +04:00 committed by GitHub
parent 9ddce9dec7
commit 648575aa41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 41 additions and 50 deletions

@ -0,0 +1,16 @@
---
'@verdaccio/tarball': patch
'@verdaccio/mock': patch
'@verdaccio/ui-theme': patch
'@verdaccio/server': patch
'@verdaccio/utils': patch
'verdaccio': patch
---
Bug Fixes
- fix escaped slash in namespaced packages
#### Related tickets
https://github.com/verdaccio/verdaccio/pull/2193

@ -2,7 +2,6 @@ import URL from 'url';
import { Request } from 'express';
import buildDebug from 'debug';
import { encodeScopedUri } from '@verdaccio/utils';
import { getPublicUrl } from '@verdaccio/url';
const debug = buildDebug('verdaccio:core:url');
@ -32,5 +31,5 @@ export function getLocalRegistryTarballUri(
// header only set with proxy that setup with HTTPS
const domainRegistry = getPublicUrl(urlPrefix || '', req);
return `${domainRegistry}${encodeScopedUri(pkgName)}/-/${tarballName}`;
return `${domainRegistry}${pkgName}/-/${tarballName}`;
}

@ -10,7 +10,7 @@ import {
HTTP_STATUS,
TOKEN_BEARER,
} from '@verdaccio/commons-api';
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
import { buildToken } from '@verdaccio/utils';
import { generateRandomHexString } from '@verdaccio/utils';
import { Package } from '@verdaccio/types';
import { response } from 'express';
@ -70,7 +70,7 @@ export function putPackage(
export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
return new Promise((resolve) => {
const del = request
.put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
.put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
if (_.isNil(token) === false) {
@ -216,18 +216,13 @@ export async function fetchPackageByVersionAndTag(
}
export async function isExistPackage(app, packageName) {
const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
return _.isNull(err);
}
export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
const [, res] = await getPackage(
request(app),
token as string,
encodeScopedUri(packageName),
HTTP_STATUS.OK
);
const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
const { versions } = res.body;
const versionsKeys = Object.keys(versions);
@ -236,5 +231,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
}
export function generateUnPublishURI(pkgName) {
return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
}

@ -9,7 +9,7 @@ import {
API_MESSAGE,
TOKEN_BEARER,
} from '@verdaccio/commons-api';
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
import { buildToken } from '@verdaccio/utils';
import { setup, logger } from '@verdaccio/logger';
import { mockServer } from '@verdaccio/mock';
@ -481,7 +481,7 @@ describe('endpoint unit test', () => {
const version = '2.0.0';
const pkg = generatePackageMetadata(pkgName, version);
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
if (err) {
expect(err).toBeNull();
return done(err);
@ -490,7 +490,7 @@ describe('endpoint unit test', () => {
const newVersion = '2.0.1';
const [newErr] = await putPackage(
request(app),
`/${encodeScopedUri(pkgName)}`,
`/${pkgName}`,
generatePackageMetadata(pkgName, newVersion),
token
);
@ -557,7 +557,7 @@ describe('endpoint unit test', () => {
const [newErr] = await putPackage(
request(app),
`/${encodeScopedUri(pkgName)}`,
`/${pkgName}`,
generatePackageMetadata(pkgName, newVersion),
token
);
@ -606,7 +606,7 @@ describe('endpoint unit test', () => {
const [newErr, resp] = await putPackage(
request(app),
`/${encodeScopedUri(pkgName)}`,
`/${pkgName}`,
generatePackageMetadata(pkgName, newVersion),
token
);
@ -801,7 +801,7 @@ describe('endpoint unit test', () => {
test('should deprecate a package', async (done) => {
const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
if (err) {
expect(err).toBeNull();
return done(err);
@ -813,9 +813,9 @@ describe('endpoint unit test', () => {
test('should undeprecate a package', async (done) => {
let pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
await putPackage(request(app), `/${pkgName}`, pkg, token);
pkg = generateDeprecateMetadata(pkgName, version, '');
const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
if (err) {
expect(err).toBeNull();
return done(err);
@ -831,12 +831,7 @@ describe('endpoint unit test', () => {
let credentials = { name: 'only_publish', password: 'secretPass' };
let token = await getNewToken(request(app), credentials);
const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
const [err, res] = await putPackage(
request(app),
`/${encodeScopedUri(pkgName)}`,
pkg,
token
);
const [err, res] = await putPackage(request(app), `/${pkgName}`, pkg, token);
expect(err).not.toBeNull();
expect(res.body.error).toBeDefined();
expect(res.body.error).toMatch(
@ -844,12 +839,7 @@ describe('endpoint unit test', () => {
);
credentials = { name: 'only_unpublish', password: 'secretPass' };
token = await getNewToken(request(app), credentials);
const [err2, res2] = await putPackage(
request(app),
`/${encodeScopedUri(pkgName)}`,
pkg,
token
);
const [err2, res2] = await putPackage(request(app), `/${pkgName}`, pkg, token);
expect(err2).not.toBeNull();
expect(res2.body.error).toBeDefined();
expect(res2.body.error).toMatch(
@ -870,7 +860,7 @@ describe('endpoint unit test', () => {
...generateVersion(pkgName, '1.0.1'),
deprecated: 'get deprecated',
};
await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
await putPackage(request(app), `/${pkgName}`, pkg, token);
const [, res] = await getPackage(request(app), '', pkgName);
expect(res.body.versions[version].deprecated).toEqual('get deprecated');
expect(res.body.versions['1.0.1'].deprecated).toEqual('get deprecated');

@ -253,10 +253,6 @@ export function mask(str: string, charNum = 3): string {
return `${str.substr(0, charNum)}...${str.substr(-charNum)}`;
}
export function encodeScopedUri(packageName): string {
return packageName.replace(/\//g, '%2f');
}
export function hasDiffOneKey(versions): boolean {
return Object.keys(versions).length !== 1;
}

@ -13,7 +13,7 @@ export default function (server, server2) {
beforeAll(function () {
return server
.request({
uri: '/@test%2fscoped',
uri: '/@test/scoped',
headers: {
'content-type': HEADERS.JSON,
},
@ -54,7 +54,7 @@ export default function (server, server2) {
expect(body.name).toBe(SCOPE);
expect(body.versions[PKG_VERSION].name).toBe(SCOPE);
expect(body.versions[PKG_VERSION].dist.tarball).toBe(
`http://${DOMAIN_SERVERS}:${port}/@test%2fscoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
`http://${DOMAIN_SERVERS}:${port}/@test/scoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
);
expect(body[DIST_TAGS]).toEqual({ latest: PKG_VERSION });
});
@ -73,7 +73,7 @@ export default function (server, server2) {
.then(function (body) {
expect(body.name).toEqual(SCOPE);
expect(body.dist.tarball).toEqual(
`http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test%2fscoped/-/${PKG_NAME}-` +
`http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test/scoped/-/${PKG_NAME}-` +
`${PKG_VERSION}.tgz`
);
});

@ -2,7 +2,7 @@ import _ from 'lodash';
import request from 'supertest';
import { HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BEARER } from '@verdaccio/commons-api';
import { buildToken, encodeScopedUri } from '@verdaccio/utils';
import { buildToken } from '@verdaccio/utils';
import { generateRandomHexString } from '@verdaccio/utils';
import { Package } from '@verdaccio/types';
@ -46,7 +46,7 @@ export function putPackage(
export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
return new Promise((resolve) => {
let del = request
.put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
.put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
if (_.isNil(token) === false) {
@ -193,18 +193,13 @@ export async function fetchPackageByVersionAndTag(
}
export async function isExistPackage(app, packageName) {
const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
return _.isNull(err);
}
export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
const [, res] = await getPackage(
request(app),
token as string,
encodeScopedUri(packageName),
HTTP_STATUS.OK
);
const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
const { versions } = res.body;
const versionsKeys = Object.keys(versions);
@ -213,5 +208,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
}
export function generateUnPublishURI(pkgName) {
return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
}