Merge pull request #644 from verdaccio/fix-610

fix: flow performance issues with lodash #610

package.json

@@ -51,7 +51,7 @@
     "@commitlint/cli": "6.1.3",
     "@commitlint/config-conventional": "6.1.3",
     "@commitlint/travis-cli": "6.1.3",
-    "@verdaccio/types": "2.0.2",
+    "@verdaccio/types": "2.0.3",
     "babel-cli": "6.26.0",
     "babel-core": "6.26.0",
     "babel-eslint": "8.2.2",
@@ -90,7 +90,7 @@
     "eslint-plugin-react": "7.7.0",
     "extract-text-webpack-plugin": "3.0.2",
     "file-loader": "1.1.11",
-    "flow-bin": "0.67.1",
+    "flow-bin": "0.69.0",
     "flow-runtime": "0.17.0",
     "friendly-errors-webpack-plugin": "1.6.1",
     "github-markdown-css": "2.10.0",

src/lib/auth.js

@@ -4,7 +4,6 @@ import {loadPlugin} from '../lib/plugin-loader';
 import Crypto from 'crypto';
 import jwt from 'jsonwebtoken';
 import {ErrorCode} from './utils';
-const Error = require('http-errors');
 
 import type {Config, Logger, Callback} from '@verdaccio/types';
 import type {$Response, NextFunction} from 'express';
@@ -47,7 +46,9 @@ class Auth {
           return prev;
         }, false);
 
-        if (ok) return cb(null, true);
+        if (ok) {
+          return cb(null, true);
+        }
 
         if (user.name) {
           cb(ErrorCode.get403('user ' + user.name + ' is not allowed to ' + action + ' package ' + pkg.name));
@@ -373,7 +374,7 @@ class Auth {
     try {
       decoded = jwt.verify(token, this.secret);
     } catch (err) {
-      throw Error[401](err.message);
+      throw ErrorCode.getCode(401, err.message);
     }
 
     return decoded;

src/lib/config.js

@@ -8,6 +8,8 @@ const Utils = require('./utils');
 const pkginfo = require('pkginfo')(module); // eslint-disable-line no-unused-vars
 const pkgVersion = module.exports.version;
 const pkgName = module.exports.name;
+const strategicConfigProps = ['users', 'uplinks', 'packages'];
+const allowedEnvConfig = ['http_proxy', 'https_proxy', 'no_proxy'];
 
 /**
  * [[a, [b, c]], d] -> [a, b, c, d]
@@ -16,7 +18,7 @@ const pkgName = module.exports.name;
  */
 function flatten(array) {
   let result = [];
-  for (let i=0; i<array.length; i++) {
+  for (let i=0; i < array.length; i++) {
     if (Array.isArray(array[i])) {
       /* eslint prefer-spread: "off" */
       result.push.apply(result, flatten(array[i]));
@@ -27,6 +29,39 @@ function flatten(array) {
   return result;
 }
 
+function checkUserOrUplink(item, users) {
+  assert(item !== 'all' && item !== 'owner'
+    && item !== 'anonymous' && item !== 'undefined' && item !== 'none', 'CONFIG: reserved user/uplink name: ' + item);
+  assert(!item.match(/\s/), 'CONFIG: invalid user name: ' + item);
+  assert(users[item] == null, 'CONFIG: duplicate user/uplink name: ' + item);
+  users[item] = true;
+}
+
+/**
+ * Normalise user list.
+ * @return {Array}
+ */
+function normalizeUserlist() {
+  let result = [];
+  /* eslint prefer-rest-params: "off" */
+
+  for (let i=0; i < arguments.length; i++) {
+    if (arguments[i] == null) {
+      continue;
+    }
+
+    // if it's a string, split it to array
+    if (typeof(arguments[i]) === 'string') {
+      result.push(arguments[i].split(/\s+/));
+    } else if (Array.isArray(arguments[i])) {
+      result.push(arguments[i]);
+    } else {
+      throw Error('CONFIG: bad package acl (array or string expected): ' + JSON.stringify(arguments[i]));
+    }
+  }
+  return flatten(result);
+}
+
 /**
  * Coordinates the application configuration
  */
@@ -37,21 +72,6 @@ class Config {
    */
   constructor(config) {
     const self = this;
-    for (let i in config) {
-      if (self[i] == null) {
-        self[i] = config[i];
-      }
-    }
-
-    if (!self.user_agent) {
-      self.user_agent = `${pkgName}/${pkgVersion}`;
-    }
-
-    // some weird shell scripts are valid yaml files parsed as string
-    assert.equal(typeof(config), 'object', 'CONFIG: it doesn\'t look like a valid config file');
-
-    assert(self.storage, 'CONFIG: storage path not defined');
-
     const users = {
       all: true,
       anonymous: true,
@@ -60,23 +80,32 @@ class Config {
       none: true,
     };
 
-    const check_user_or_uplink = function(arg) {
+    for (let configProp in config) {
-        assert(arg !== 'all' && arg !== 'owner'
+      if (self[configProp] == null) {
-          && arg !== 'anonymous' && arg !== 'undefined' && arg !== 'none', 'CONFIG: reserved user/uplink name: ' + arg);
+        self[configProp] = config[configProp];
-        assert(!arg.match(/\s/), 'CONFIG: invalid user name: ' + arg);
+      }
-        assert(users[arg] == null, 'CONFIG: duplicate user/uplink name: ' + arg);
-        users[arg] = true;
-      };
 
-      // sanity check for strategic config properties
+    }
-    ['users', 'uplinks', 'packages'].forEach(function(x) {
+    if (!self.user_agent) {
+      self.user_agent = `${pkgName}/${pkgVersion}`;
+
+    }
+
+    // some weird shell scripts are valid yaml files parsed as string
+    assert.equal(typeof(config), 'object', 'CONFIG: it doesn\'t look like a valid config file');
+
+    assert(self.storage, 'CONFIG: storage path not defined');
+
+     // sanity check for strategic config properties
+    strategicConfigProps.forEach(function(x) {
       if (self[x] == null) self[x] = {};
       assert(Utils.isObject(self[x]), `CONFIG: bad "${x}" value (object expected)`);
     });
+
     // sanity check for users
     for (let i in self.users) {
       if (Object.prototype.hasOwnProperty.call(self.users, i)) {
-        check_user_or_uplink(i);
+        checkUserOrUplink(i, users);
       }
     }
     // sanity check for uplinks
@@ -86,47 +115,26 @@ class Config {
         self.uplinks[i].cache = true;
       }
       if (Object.prototype.hasOwnProperty.call(self.uplinks, i)) {
-        check_user_or_uplink(i);
+        checkUserOrUplink(i, users);
-      }
-    }
-    for (let i in self.users) {
-      if (Object.prototype.hasOwnProperty.call(self.users, i)) {
-        assert(self.users[i].password, 'CONFIG: no password for user: ' + i);
-        assert(typeof(self.users[i].password) === 'string' &&
-          self.users[i].password.match(/^[a-f0-9]{40}$/)
-          , 'CONFIG: wrong password format for user: ' + i + ', sha1 expected');
-      }
-    }
-    for (let i in self.uplinks) {
-      if (Object.prototype.hasOwnProperty.call(self.uplinks, i)) {
-        assert(self.uplinks[i].url, 'CONFIG: no url for uplink: ' + i);
-        assert( typeof(self.uplinks[i].url) === 'string'
-          , 'CONFIG: wrong url format for uplink: ' + i);
-        self.uplinks[i].url = self.uplinks[i].url.replace(/\/$/, '');
       }
     }
 
-    /**
+    for (let user in self.users) {
-     * Normalise user list.
+      if (Object.prototype.hasOwnProperty.call(self.users, user)) {
-     * @return {Array}
+        assert(self.users[user].password, 'CONFIG: no password for user: ' + user);
-     */
+        assert(typeof(self.users[user].password) === 'string' &&
-    function normalize_userlist() {
+          self.users[user].password.match(/^[a-f0-9]{40}$/)
-      let result = [];
+          , 'CONFIG: wrong password format for user: ' + user + ', sha1 expected');
-      /* eslint prefer-rest-params: "off" */
+      }
-
+    }
-      for (let i=0; i<arguments.length; i++) {
+
-        if (arguments[i] == null) continue;
+    for (let uplink in self.uplinks) {
-
+      if (Object.prototype.hasOwnProperty.call(self.uplinks, uplink)) {
-        // if it's a string, split it to array
+        assert(self.uplinks[uplink].url, 'CONFIG: no url for uplink: ' + uplink);
-        if (typeof(arguments[i]) === 'string') {
+        assert( typeof(self.uplinks[uplink].url) === 'string'
-          result.push(arguments[i].split(/\s+/));
+          , 'CONFIG: wrong url format for uplink: ' + uplink);
-        } else if (Array.isArray(arguments[i])) {
+        self.uplinks[uplink].url = self.uplinks[uplink].url.replace(/\/$/, '');
-          result.push(arguments[i]);
-        } else {
-          throw Error('CONFIG: bad package acl (array or string expected): ' + JSON.stringify(arguments[i]));
-        }
       }
-      return flatten(result);
     }
 
     // add a default rule for all packages to make writing plugins easier
@@ -134,35 +142,26 @@ class Config {
       self.packages['**'] = {};
     }
 
-    for (let i in self.packages) {
+    for (let pkg in self.packages) {
-      if (Object.prototype.hasOwnProperty.call(self.packages, i)) {
+      if (Object.prototype.hasOwnProperty.call(self.packages, pkg)) {
         assert(
-          typeof(self.packages[i]) === 'object' &&
+          typeof(self.packages[pkg]) === 'object' &&
-          !Array.isArray(self.packages[i])
+          !Array.isArray(self.packages[pkg])
-          , 'CONFIG: bad "'+i+'" package description (object expected)');
+          , 'CONFIG: bad "'+pkg+'" package description (object expected)');
 
-        self.packages[i].access = normalize_userlist(
+        self.packages[pkg].access = normalizeUserlist(self.packages[pkg].allow_access, self.packages[pkg].access);
-          self.packages[i].allow_access,
+        delete self.packages[pkg].allow_access;
-          self.packages[i].access
-        );
-        delete self.packages[i].allow_access;
 
-        self.packages[i].publish = normalize_userlist(
+        self.packages[pkg].publish = normalizeUserlist(self.packages[pkg].allow_publish, self.packages[pkg].publish);
-          self.packages[i].allow_publish,
+        delete self.packages[pkg].allow_publish;
-          self.packages[i].publish
-        );
-        delete self.packages[i].allow_publish;
 
-        self.packages[i].proxy = normalize_userlist(
+        self.packages[pkg].proxy = normalizeUserlist(self.packages[pkg].proxy_access, self.packages[pkg].proxy);
-          self.packages[i].proxy_access,
+        delete self.packages[pkg].proxy_access;
-          self.packages[i].proxy
-        );
-        delete self.packages[i].proxy_access;
       }
     }
 
     // loading these from ENV if aren't in config
-    ['http_proxy', 'https_proxy', 'no_proxy'].forEach((function(v) {
+    allowedEnvConfig.forEach((function(v) {
       if (!(v in self)) {
         self[v] = process.env[v] || process.env[v.toUpperCase()];
       }

yarn.lock

@@ -242,9 +242,9 @@
   version "1.0.0"
   resolved "https://registry.npmjs.org/@verdaccio/streams/-/streams-1.0.0.tgz#d5d24c6747208728b9fd16b908e3932c3fb1f864"
 
-"@verdaccio/types@2.0.2":
+"@verdaccio/types@2.0.3":
-  version "2.0.2"
+  version "2.0.3"
-  resolved "https://registry.npmjs.org/@verdaccio/types/-/types-2.0.2.tgz#2a60faa458bbb5eaf3cdb6db1ef95c8d2e2fa5ed"
+  resolved "https://registry.npmjs.org/@verdaccio/types/-/types-2.0.3.tgz#ae72544af5f867975bc68d8862b040611f1b80ed"
 
 JSONStream@1.3.2, JSONStream@^1.0.4:
   version "1.3.2"
@@ -3652,9 +3652,9 @@ flatten@^1.0.2:
   version "1.0.2"
   resolved "https://registry.npmjs.org/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782"
 
-flow-bin@0.67.1:
+flow-bin@0.69.0:
-  version "0.67.1"
+  version "0.69.0"
-  resolved "https://registry.npmjs.org/flow-bin/-/flow-bin-0.67.1.tgz#eabb7197cce870ac9442cfd04251c7ddc30377db"
+  resolved "https://registry.npmjs.org/flow-bin/-/flow-bin-0.69.0.tgz#053159a684a6051fcbf0b71a2eb19a9679082da6"
 
 flow-config-parser@^0.3.0:
   version "0.3.0"