Combine parse + blacklist middleware
This commit is contained in:
MICHAEL JACKSON
parent
ce493823d3
commit
b6b477e096
server
|
|
@ -6,8 +6,7 @@ const cors = require('cors')
|
|||
const morgan = require('morgan')
|
||||
|
||||
const { fetchStats } = require('./cloudflare')
|
||||
const parseURL = require('./middleware/parseURL')
|
||||
const checkBlacklist = require('./middleware/checkBlacklist')
|
||||
const parsePackageURL = require('./middleware/parsePackageURL')
|
||||
const fetchPackage = require('./middleware/fetchPackage')
|
||||
const findFile = require('./middleware/findFile')
|
||||
const serveFile = require('./middleware/serveFile')
|
||||
|
|
@ -68,8 +67,7 @@ function createServer() {
|
|||
maxAge: '365d'
|
||||
}))
|
||||
|
||||
app.use(parseURL)
|
||||
app.use(checkBlacklist)
|
||||
app.use(parsePackageURL)
|
||||
app.use(fetchPackage)
|
||||
app.use(findFile)
|
||||
app.use(serveFile)
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
const blacklist = require('../PackageBlacklist').blacklist
|
||||
|
||||
/**
|
||||
* Check the blacklist to see if we can serve files from this package.
|
||||
*/
|
||||
function checkBlacklist(req, res, next) {
|
||||
if (blacklist.includes(req.packageName)) {
|
||||
res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
|
||||
} else {
|
||||
next()
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = checkBlacklist
|
||||
|
|
@ -1,10 +1,11 @@
|
|||
const validateNPMPackageName = require('validate-npm-package-name')
|
||||
const PackageBlacklist = require('../PackageBlacklist').blacklist
|
||||
const PackageURL = require('../PackageURL')
|
||||
|
||||
/**
|
||||
* Parse and validate the URL.
|
||||
*/
|
||||
function parseURL(req, res, next) {
|
||||
function parsePackageURL(req, res, next) {
|
||||
const url = PackageURL.parse(req.url)
|
||||
|
||||
if (url == null)
|
||||
|
|
@ -16,6 +17,10 @@ function parseURL(req, res, next) {
|
|||
if (nameErrors)
|
||||
return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
|
||||
|
||||
// Do not allow packages that have been blacklisted.
|
||||
if (PackageBlacklist.includes(req.packageName))
|
||||
return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
|
||||
|
||||
req.packageName = url.packageName
|
||||
req.packageVersion = url.packageVersion
|
||||
req.packageSpec = `${req.packageName}@${req.packageVersion}`
|
||||
|
|
@ -27,4 +32,4 @@ function parseURL(req, res, next) {
|
|||
next()
|
||||
}
|
||||
|
||||
module.exports = parseURL
|
||||
module.exports = parsePackageURL
|
||||
Loading…
Reference in New Issue