Add support for scoped packages in blacklist URLs
This commit is contained in:
MICHAEL JACKSON
parent
4e31fd02cf
commit
36efac099f
|
|
@ -199,6 +199,19 @@ describe('The server', () => {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('can remove a scoped package from the blacklist', done => {
|
||||||
|
withToken({ blacklist: { remove: true } }, token => {
|
||||||
|
request(server)
|
||||||
|
.delete('/_blacklist/@scope/bad-package')
|
||||||
|
.send({ token })
|
||||||
|
.end((err, res) => {
|
||||||
|
expect(res.statusCode).toBe(200)
|
||||||
|
expect(res.body.ok).toBe(true)
|
||||||
|
done()
|
||||||
|
})
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -2,17 +2,7 @@ const validateNpmPackageName = require('validate-npm-package-name')
|
||||||
const BlacklistAPI = require('../BlacklistAPI')
|
const BlacklistAPI = require('../BlacklistAPI')
|
||||||
|
|
||||||
function removeFromBlacklist(req, res) {
|
function removeFromBlacklist(req, res) {
|
||||||
const packageName = req.params.packageName
|
const packageName = req.packageName
|
||||||
|
|
||||||
const nameErrors = validateNpmPackageName(packageName).errors
|
|
||||||
|
|
||||||
// Disallow invalid package names.
|
|
||||||
if (nameErrors) {
|
|
||||||
const reason = nameErrors.join(', ')
|
|
||||||
return res.status(403).send({
|
|
||||||
error: `Invalid package name "${packageName}" (${reason})`
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
BlacklistAPI.removePackage(packageName).then(
|
BlacklistAPI.removePackage(packageName).then(
|
||||||
removed => {
|
removed => {
|
||||||
|
|
@ -25,13 +15,14 @@ function removeFromBlacklist(req, res) {
|
||||||
|
|
||||||
res.send({
|
res.send({
|
||||||
ok: true,
|
ok: true,
|
||||||
message: `Package "${packageName}" was ${removed
|
message: `Package "${packageName}" was ${
|
||||||
? 'removed from'
|
removed ? 'removed from' : 'not in'
|
||||||
: 'not in'} the blacklist`
|
} the blacklist`
|
||||||
})
|
})
|
||||||
},
|
},
|
||||||
error => {
|
error => {
|
||||||
console.error(error)
|
console.error(error)
|
||||||
|
|
||||||
res.status(500).send({
|
res.status(500).send({
|
||||||
error: `Unable to remove "${packageName}" from the blacklist`
|
error: `Unable to remove "${packageName}" from the blacklist`
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ const parseURL = require('./middleware/parseURL')
|
||||||
const requireAuth = require('./middleware/requireAuth')
|
const requireAuth = require('./middleware/requireAuth')
|
||||||
const serveFile = require('./middleware/serveFile')
|
const serveFile = require('./middleware/serveFile')
|
||||||
const userToken = require('./middleware/userToken')
|
const userToken = require('./middleware/userToken')
|
||||||
|
const validatePackageURL = require('./middleware/validatePackageURL')
|
||||||
|
|
||||||
morgan.token('fwd', function(req) {
|
morgan.token('fwd', function(req) {
|
||||||
return req.get('x-forwarded-for').replace(/\s/g, '')
|
return req.get('x-forwarded-for').replace(/\s/g, '')
|
||||||
|
|
@ -27,6 +28,12 @@ function errorHandler(err, req, res, next) {
|
||||||
next(err)
|
next(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function createRouter(setup) {
|
||||||
|
const app = express.Router()
|
||||||
|
setup(app)
|
||||||
|
return app
|
||||||
|
}
|
||||||
|
|
||||||
function createServer() {
|
function createServer() {
|
||||||
const app = express()
|
const app = express()
|
||||||
|
|
||||||
|
|
@ -61,20 +68,26 @@ function createServer() {
|
||||||
app.post('/_auth', require('./actions/createAuth'))
|
app.post('/_auth', require('./actions/createAuth'))
|
||||||
app.get('/_auth', require('./actions/showAuth'))
|
app.get('/_auth', require('./actions/showAuth'))
|
||||||
|
|
||||||
app.post(
|
app.use(
|
||||||
'/_blacklist',
|
'/_blacklist',
|
||||||
requireAuth('blacklist.add'),
|
createRouter(app => {
|
||||||
require('./actions/addToBlacklist')
|
app.post(
|
||||||
)
|
'/',
|
||||||
app.get(
|
requireAuth('blacklist.add'),
|
||||||
'/_blacklist',
|
require('./actions/addToBlacklist')
|
||||||
requireAuth('blacklist.read'),
|
)
|
||||||
require('./actions/showBlacklist')
|
app.get(
|
||||||
)
|
'/',
|
||||||
app.delete(
|
requireAuth('blacklist.read'),
|
||||||
'/_blacklist/:packageName',
|
require('./actions/showBlacklist')
|
||||||
requireAuth('blacklist.remove'),
|
)
|
||||||
require('./actions/removeFromBlacklist')
|
app.delete(
|
||||||
|
/.*/,
|
||||||
|
requireAuth('blacklist.remove'),
|
||||||
|
validatePackageURL,
|
||||||
|
require('./actions/removeFromBlacklist')
|
||||||
|
)
|
||||||
|
})
|
||||||
)
|
)
|
||||||
|
|
||||||
if (process.env.NODE_ENV !== 'test') {
|
if (process.env.NODE_ENV !== 'test') {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,25 @@
|
||||||
|
const parsePackageURL = require('../utils/parsePackageURL')
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adds various properties to the request object to do with the
|
||||||
|
* package/file being requested.
|
||||||
|
*/
|
||||||
|
function validatePackageURL(req, res, next) {
|
||||||
|
const url = parsePackageURL(req.url)
|
||||||
|
|
||||||
|
if (url == null) {
|
||||||
|
return res.status(403).send({ error: `Invalid URL: ${req.url}` })
|
||||||
|
}
|
||||||
|
|
||||||
|
req.packageName = url.packageName
|
||||||
|
req.packageVersion = url.packageVersion
|
||||||
|
req.packageSpec = `${url.packageName}@${url.packageVersion}`
|
||||||
|
req.pathname = url.pathname
|
||||||
|
req.filename = url.filename
|
||||||
|
req.search = url.search
|
||||||
|
req.query = url.query
|
||||||
|
|
||||||
|
next()
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = validatePackageURL
|
||||||
Loading…
Reference in New Issue