github.com
/
verdaccio
mirror of https://github.com/verdaccio/verdaccio.git
1
0
Fork 0
Code Releases Wiki Activity

better access control for search 

For each of the packages check if user has access to it and remove
package info from the result if he doesn't.

ref #65
This commit is contained in:
Alex Kocharin 2014-06-22 18:34:51 +04:00
parent 17d8ab7dcd
commit d9accbb6a7
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/index.js
View File

@ -171,10 +171,14 @@ module.exports = function(config_hash) {
})
// searching packages
app.get('/-/all/:package?', can('access'), function(req, res, next) {
app.get('/-/all/:since?', function(req, res, next) {
storage.search(req.param.startkey || 0, {req: req}, function(err, result) {
if (err) return next(err)
for (var pkg in result) {
if (!config.allow_access(pkg, req.remoteUser)) {
delete result[pkg]
}
}
return res.send(result)
})
})