Add support for scoped packages in blacklist URLs

This commit is contained in:
MICHAEL JACKSON 2017-11-14 16:47:57 -08:00
parent 4e31fd02cf
commit 36efac099f
4 changed files with 69 additions and 27 deletions

View File

@ -199,6 +199,19 @@ describe('The server', () => {
})
})
})
it('can remove a scoped package from the blacklist', done => {
withToken({ blacklist: { remove: true } }, token => {
request(server)
.delete('/_blacklist/@scope/bad-package')
.send({ token })
.end((err, res) => {
expect(res.statusCode).toBe(200)
expect(res.body.ok).toBe(true)
done()
})
})
})
})
})
})

View File

@ -2,17 +2,7 @@ const validateNpmPackageName = require('validate-npm-package-name')
const BlacklistAPI = require('../BlacklistAPI')
function removeFromBlacklist(req, res) {
const packageName = req.params.packageName
const nameErrors = validateNpmPackageName(packageName).errors
// Disallow invalid package names.
if (nameErrors) {
const reason = nameErrors.join(', ')
return res.status(403).send({
error: `Invalid package name "${packageName}" (${reason})`
})
}
const packageName = req.packageName
BlacklistAPI.removePackage(packageName).then(
removed => {
@ -25,13 +15,14 @@ function removeFromBlacklist(req, res) {
res.send({
ok: true,
message: `Package "${packageName}" was ${removed
? 'removed from'
: 'not in'} the blacklist`
message: `Package "${packageName}" was ${
removed ? 'removed from' : 'not in'
} the blacklist`
})
},
error => {
console.error(error)
res.status(500).send({
error: `Unable to remove "${packageName}" from the blacklist`
})

View File

@ -11,6 +11,7 @@ const parseURL = require('./middleware/parseURL')
const requireAuth = require('./middleware/requireAuth')
const serveFile = require('./middleware/serveFile')
const userToken = require('./middleware/userToken')
const validatePackageURL = require('./middleware/validatePackageURL')
morgan.token('fwd', function(req) {
return req.get('x-forwarded-for').replace(/\s/g, '')
@ -27,6 +28,12 @@ function errorHandler(err, req, res, next) {
next(err)
}
function createRouter(setup) {
const app = express.Router()
setup(app)
return app
}
function createServer() {
const app = express()
@ -61,20 +68,26 @@ function createServer() {
app.post('/_auth', require('./actions/createAuth'))
app.get('/_auth', require('./actions/showAuth'))
app.post(
app.use(
'/_blacklist',
requireAuth('blacklist.add'),
require('./actions/addToBlacklist')
)
app.get(
'/_blacklist',
requireAuth('blacklist.read'),
require('./actions/showBlacklist')
)
app.delete(
'/_blacklist/:packageName',
requireAuth('blacklist.remove'),
require('./actions/removeFromBlacklist')
createRouter(app => {
app.post(
'/',
requireAuth('blacklist.add'),
require('./actions/addToBlacklist')
)
app.get(
'/',
requireAuth('blacklist.read'),
require('./actions/showBlacklist')
)
app.delete(
/.*/,
requireAuth('blacklist.remove'),
validatePackageURL,
require('./actions/removeFromBlacklist')
)
})
)
if (process.env.NODE_ENV !== 'test') {

View File

@ -0,0 +1,25 @@
const parsePackageURL = require('../utils/parsePackageURL')
/**
* Adds various properties to the request object to do with the
* package/file being requested.
*/
function validatePackageURL(req, res, next) {
const url = parsePackageURL(req.url)
if (url == null) {
return res.status(403).send({ error: `Invalid URL: ${req.url}` })
}
req.packageName = url.packageName
req.packageVersion = url.packageVersion
req.packageSpec = `${url.packageName}@${url.packageVersion}`
req.pathname = url.pathname
req.filename = url.filename
req.search = url.search
req.query = url.query
next()
}
module.exports = validatePackageURL