add scoped packages draft
This commit is contained in:
Alex Kocharin
parent
972551e838
commit
a425c5e2ff
|
|
@ -22,6 +22,11 @@ uplinks:
|
|||
url: https://registry.npmjs.org/
|
||||
|
||||
packages:
|
||||
'@*/*':
|
||||
# scoped packages
|
||||
allow_access: $all
|
||||
allow_publish: $authenticated
|
||||
|
||||
'*':
|
||||
# allow all users (including non-authenticated users) to read and
|
||||
# publish all packages
|
||||
|
|
|
|||
|
|
@ -2,12 +2,14 @@ var Cookies = require('cookies')
|
|||
var express = require('express')
|
||||
var expressJson5 = require('express-json5')
|
||||
var Error = require('http-errors')
|
||||
var Path = require('path')
|
||||
var Middleware = require('./middleware')
|
||||
var Utils = require('./utils')
|
||||
var expect_json = Middleware.expect_json
|
||||
var match = Middleware.match
|
||||
var media = Middleware.media
|
||||
var validate_name = Middleware.validate_name
|
||||
var validate_pkg = Middleware.validate_package
|
||||
|
||||
module.exports = function(config, auth, storage) {
|
||||
var app = express.Router()
|
||||
|
|
@ -15,7 +17,7 @@ module.exports = function(config, auth, storage) {
|
|||
|
||||
// validate all of these params as a package name
|
||||
// this might be too harsh, so ask if it causes trouble
|
||||
app.param('package', validate_name)
|
||||
app.param('package', validate_pkg)
|
||||
app.param('filename', validate_name)
|
||||
app.param('tag', validate_name)
|
||||
app.param('version', validate_name)
|
||||
|
|
@ -209,7 +211,7 @@ module.exports = function(config, auth, storage) {
|
|||
|
||||
// at this point document is either created or existed before
|
||||
var t1 = Object.keys(metadata._attachments)[0]
|
||||
create_tarball(t1, metadata._attachments[t1], function(err) {
|
||||
create_tarball(Path.basename(t1), metadata._attachments[t1], function(err) {
|
||||
if (err) return next(err)
|
||||
|
||||
var t2 = Object.keys(metadata.versions)[0]
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ var Search = require('./search')
|
|||
var Middleware = require('./middleware')
|
||||
var match = Middleware.match
|
||||
var validate_name = Middleware.validate_name
|
||||
var validate_pkg = Middleware.validate_package
|
||||
|
||||
module.exports = function(config, auth, storage) {
|
||||
var app = express.Router()
|
||||
|
|
@ -16,7 +17,7 @@ module.exports = function(config, auth, storage) {
|
|||
|
||||
// validate all of these params as a package name
|
||||
// this might be too harsh, so ask if it causes trouble
|
||||
app.param('package', validate_name)
|
||||
app.param('package', validate_pkg)
|
||||
app.param('filename', validate_name)
|
||||
app.param('version', validate_name)
|
||||
app.param('anything', match(/.*/))
|
||||
|
|
|
|||
|
|
@ -291,8 +291,8 @@ Storage.prototype.change_package = function(name, metadata, revision, callback)
|
|||
}
|
||||
|
||||
Storage.prototype.remove_tarball = function(name, filename, revision, callback) {
|
||||
var self = this
|
||||
assert(Utils.validate_name(filename))
|
||||
var self = this
|
||||
|
||||
self.update_package(name, function updater(data, cb) {
|
||||
if (data._attachments[filename]) {
|
||||
|
|
|
|||
|
|
@ -24,6 +24,17 @@ module.exports.validate_name = function validate_name(req, res, next, value, nam
|
|||
}
|
||||
}
|
||||
|
||||
module.exports.validate_package = function validate_package(req, res, next, value, name) {
|
||||
if (value.charAt(0) === '-') {
|
||||
// special case in couchdb usually
|
||||
next('route')
|
||||
} else if (utils.validate_package(value)) {
|
||||
next()
|
||||
} else {
|
||||
next( Error[403]('invalid ' + name) )
|
||||
}
|
||||
}
|
||||
|
||||
module.exports.media = function media(expect) {
|
||||
return function(req, res, next) {
|
||||
if (req.headers['content-type'] !== expect) {
|
||||
|
|
|
|||
13
lib/utils.js
13
lib/utils.js
|
|
@ -3,6 +3,19 @@ var Semver = require('semver')
|
|||
var URL = require('url')
|
||||
var Logger = require('./logger')
|
||||
|
||||
module.exports.validate_package = function(name) {
|
||||
name = name.split('/', 2)
|
||||
if (name.length === 1) {
|
||||
// normal package
|
||||
return module.exports.validate_name(name[0])
|
||||
} else {
|
||||
// scoped package
|
||||
return name[0][0] === '@'
|
||||
&& module.exports.validate_name(name[0].slice(1))
|
||||
&& module.exports.validate_name(name[1])
|
||||
}
|
||||
}
|
||||
|
||||
// from normalize-package-data/lib/fixer.js
|
||||
module.exports.validate_name = function(name) {
|
||||
if (typeof(name) !== 'string') return false
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ describe('Func', function() {
|
|||
async.map([server, server2], function(server, cb) {
|
||||
server.auth('test', 'test', function(res, body) {
|
||||
assert.equal(res.statusCode, 201)
|
||||
assert.notEqual(body.ok.indexOf('"test"'), -1)
|
||||
assert.notEqual(body.ok.indexOf("'test'"), -1)
|
||||
cb()
|
||||
})
|
||||
}, cb)
|
||||
|
|
|
|||
Loading…
Reference in New Issue