From b6b477e09696b3574dec950136cf74c96e6bd3c3 Mon Sep 17 00:00:00 2001
From: MICHAEL JACKSON <mjijackson@gmail.com>
Date: Wed, 16 Aug 2017 14:55:40 -0700
Subject: [PATCH] Combine parse + blacklist middleware

---
 server/createServer.js                             |  6 ++----
 server/middleware/checkBlacklist.js                | 14 --------------
 .../middleware/{parseURL.js => parsePackageURL.js} |  9 +++++++--
 3 files changed, 9 insertions(+), 20 deletions(-)
 delete mode 100644 server/middleware/checkBlacklist.js
 rename server/middleware/{parseURL.js => parsePackageURL.js} (70%)

diff --git a/server/createServer.js b/server/createServer.js
index 0bd98a5..4612f13 100644
--- a/server/createServer.js
+++ b/server/createServer.js
@@ -6,8 +6,7 @@ const cors = require('cors')
 const morgan = require('morgan')
 
 const { fetchStats } = require('./cloudflare')
-const parseURL = require('./middleware/parseURL')
-const checkBlacklist = require('./middleware/checkBlacklist')
+const parsePackageURL = require('./middleware/parsePackageURL')
 const fetchPackage = require('./middleware/fetchPackage')
 const findFile = require('./middleware/findFile')
 const serveFile = require('./middleware/serveFile')
@@ -68,8 +67,7 @@ function createServer() {
     maxAge: '365d'
   }))
 
-  app.use(parseURL)
-  app.use(checkBlacklist)
+  app.use(parsePackageURL)
   app.use(fetchPackage)
   app.use(findFile)
   app.use(serveFile)
diff --git a/server/middleware/checkBlacklist.js b/server/middleware/checkBlacklist.js
deleted file mode 100644
index bb90103..0000000
--- a/server/middleware/checkBlacklist.js
+++ /dev/null
@@ -1,14 +0,0 @@
-const blacklist = require('../PackageBlacklist').blacklist
-
-/**
- * Check the blacklist to see if we can serve files from this package.
- */
-function checkBlacklist(req, res, next) {
-  if (blacklist.includes(req.packageName)) {
-    res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
-  } else {
-    next()
-  }
-}
-
-module.exports = checkBlacklist
diff --git a/server/middleware/parseURL.js b/server/middleware/parsePackageURL.js
similarity index 70%
rename from server/middleware/parseURL.js
rename to server/middleware/parsePackageURL.js
index 71305ef..6239cfd 100644
--- a/server/middleware/parseURL.js
+++ b/server/middleware/parsePackageURL.js
@@ -1,10 +1,11 @@
 const validateNPMPackageName = require('validate-npm-package-name')
+const PackageBlacklist = require('../PackageBlacklist').blacklist
 const PackageURL = require('../PackageURL')
 
 /**
  * Parse and validate the URL.
  */
-function parseURL(req, res, next) {
+function parsePackageURL(req, res, next) {
   const url = PackageURL.parse(req.url)
 
   if (url == null)
@@ -16,6 +17,10 @@ function parseURL(req, res, next) {
   if (nameErrors)
     return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
 
+  // Do not allow packages that have been blacklisted.
+  if (PackageBlacklist.includes(req.packageName))
+    return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
+
   req.packageName = url.packageName
   req.packageVersion = url.packageVersion
   req.packageSpec = `${req.packageName}@${req.packageVersion}`
@@ -27,4 +32,4 @@ function parseURL(req, res, next) {
   next()
 }
 
-module.exports = parseURL
+module.exports = parsePackageURL