Add support for scoped packages in blacklist URLs
This commit is contained in:
parent
4e31fd02cf
commit
36efac099f
|
@ -199,6 +199,19 @@ describe('The server', () => {
|
|||
})
|
||||
})
|
||||
})
|
||||
|
||||
it('can remove a scoped package from the blacklist', done => {
|
||||
withToken({ blacklist: { remove: true } }, token => {
|
||||
request(server)
|
||||
.delete('/_blacklist/@scope/bad-package')
|
||||
.send({ token })
|
||||
.end((err, res) => {
|
||||
expect(res.statusCode).toBe(200)
|
||||
expect(res.body.ok).toBe(true)
|
||||
done()
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
@ -2,17 +2,7 @@ const validateNpmPackageName = require('validate-npm-package-name')
|
|||
const BlacklistAPI = require('../BlacklistAPI')
|
||||
|
||||
function removeFromBlacklist(req, res) {
|
||||
const packageName = req.params.packageName
|
||||
|
||||
const nameErrors = validateNpmPackageName(packageName).errors
|
||||
|
||||
// Disallow invalid package names.
|
||||
if (nameErrors) {
|
||||
const reason = nameErrors.join(', ')
|
||||
return res.status(403).send({
|
||||
error: `Invalid package name "${packageName}" (${reason})`
|
||||
})
|
||||
}
|
||||
const packageName = req.packageName
|
||||
|
||||
BlacklistAPI.removePackage(packageName).then(
|
||||
removed => {
|
||||
|
@ -25,13 +15,14 @@ function removeFromBlacklist(req, res) {
|
|||
|
||||
res.send({
|
||||
ok: true,
|
||||
message: `Package "${packageName}" was ${removed
|
||||
? 'removed from'
|
||||
: 'not in'} the blacklist`
|
||||
message: `Package "${packageName}" was ${
|
||||
removed ? 'removed from' : 'not in'
|
||||
} the blacklist`
|
||||
})
|
||||
},
|
||||
error => {
|
||||
console.error(error)
|
||||
|
||||
res.status(500).send({
|
||||
error: `Unable to remove "${packageName}" from the blacklist`
|
||||
})
|
||||
|
|
|
@ -11,6 +11,7 @@ const parseURL = require('./middleware/parseURL')
|
|||
const requireAuth = require('./middleware/requireAuth')
|
||||
const serveFile = require('./middleware/serveFile')
|
||||
const userToken = require('./middleware/userToken')
|
||||
const validatePackageURL = require('./middleware/validatePackageURL')
|
||||
|
||||
morgan.token('fwd', function(req) {
|
||||
return req.get('x-forwarded-for').replace(/\s/g, '')
|
||||
|
@ -27,6 +28,12 @@ function errorHandler(err, req, res, next) {
|
|||
next(err)
|
||||
}
|
||||
|
||||
function createRouter(setup) {
|
||||
const app = express.Router()
|
||||
setup(app)
|
||||
return app
|
||||
}
|
||||
|
||||
function createServer() {
|
||||
const app = express()
|
||||
|
||||
|
@ -61,21 +68,27 @@ function createServer() {
|
|||
app.post('/_auth', require('./actions/createAuth'))
|
||||
app.get('/_auth', require('./actions/showAuth'))
|
||||
|
||||
app.post(
|
||||
app.use(
|
||||
'/_blacklist',
|
||||
createRouter(app => {
|
||||
app.post(
|
||||
'/',
|
||||
requireAuth('blacklist.add'),
|
||||
require('./actions/addToBlacklist')
|
||||
)
|
||||
app.get(
|
||||
'/_blacklist',
|
||||
'/',
|
||||
requireAuth('blacklist.read'),
|
||||
require('./actions/showBlacklist')
|
||||
)
|
||||
app.delete(
|
||||
'/_blacklist/:packageName',
|
||||
/.*/,
|
||||
requireAuth('blacklist.remove'),
|
||||
validatePackageURL,
|
||||
require('./actions/removeFromBlacklist')
|
||||
)
|
||||
})
|
||||
)
|
||||
|
||||
if (process.env.NODE_ENV !== 'test') {
|
||||
app.get('/_stats', require('./actions/showStats'))
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
const parsePackageURL = require('../utils/parsePackageURL')
|
||||
|
||||
/**
|
||||
* Adds various properties to the request object to do with the
|
||||
* package/file being requested.
|
||||
*/
|
||||
function validatePackageURL(req, res, next) {
|
||||
const url = parsePackageURL(req.url)
|
||||
|
||||
if (url == null) {
|
||||
return res.status(403).send({ error: `Invalid URL: ${req.url}` })
|
||||
}
|
||||
|
||||
req.packageName = url.packageName
|
||||
req.packageVersion = url.packageVersion
|
||||
req.packageSpec = `${url.packageName}@${url.packageVersion}`
|
||||
req.pathname = url.pathname
|
||||
req.filename = url.filename
|
||||
req.search = url.search
|
||||
req.query = url.query
|
||||
|
||||
next()
|
||||
}
|
||||
|
||||
module.exports = validatePackageURL
|
Loading…
Reference in New Issue