Combine parse + blacklist middleware
This commit is contained in:
MICHAEL JACKSON
parent
ce493823d3
commit
b6b477e096
@ -6,8 +6,7 @@ const cors = require('cors')
|
|||||||
const morgan = require('morgan')
|
const morgan = require('morgan')
|
||||||
|
|
||||||
const { fetchStats } = require('./cloudflare')
|
const { fetchStats } = require('./cloudflare')
|
||||||
const parseURL = require('./middleware/parseURL')
|
const parsePackageURL = require('./middleware/parsePackageURL')
|
||||||
const checkBlacklist = require('./middleware/checkBlacklist')
|
|
||||||
const fetchPackage = require('./middleware/fetchPackage')
|
const fetchPackage = require('./middleware/fetchPackage')
|
||||||
const findFile = require('./middleware/findFile')
|
const findFile = require('./middleware/findFile')
|
||||||
const serveFile = require('./middleware/serveFile')
|
const serveFile = require('./middleware/serveFile')
|
||||||
@ -68,8 +67,7 @@ function createServer() {
|
|||||||
maxAge: '365d'
|
maxAge: '365d'
|
||||||
}))
|
}))
|
||||||
|
|
||||||
app.use(parseURL)
|
app.use(parsePackageURL)
|
||||||
app.use(checkBlacklist)
|
|
||||||
app.use(fetchPackage)
|
app.use(fetchPackage)
|
||||||
app.use(findFile)
|
app.use(findFile)
|
||||||
app.use(serveFile)
|
app.use(serveFile)
|
||||||
|
|||||||
@ -1,14 +0,0 @@
|
|||||||
const blacklist = require('../PackageBlacklist').blacklist
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check the blacklist to see if we can serve files from this package.
|
|
||||||
*/
|
|
||||||
function checkBlacklist(req, res, next) {
|
|
||||||
if (blacklist.includes(req.packageName)) {
|
|
||||||
res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
|
|
||||||
} else {
|
|
||||||
next()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
module.exports = checkBlacklist
|
|
||||||
@ -1,10 +1,11 @@
|
|||||||
const validateNPMPackageName = require('validate-npm-package-name')
|
const validateNPMPackageName = require('validate-npm-package-name')
|
||||||
|
const PackageBlacklist = require('../PackageBlacklist').blacklist
|
||||||
const PackageURL = require('../PackageURL')
|
const PackageURL = require('../PackageURL')
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parse and validate the URL.
|
* Parse and validate the URL.
|
||||||
*/
|
*/
|
||||||
function parseURL(req, res, next) {
|
function parsePackageURL(req, res, next) {
|
||||||
const url = PackageURL.parse(req.url)
|
const url = PackageURL.parse(req.url)
|
||||||
|
|
||||||
if (url == null)
|
if (url == null)
|
||||||
@ -16,6 +17,10 @@ function parseURL(req, res, next) {
|
|||||||
if (nameErrors)
|
if (nameErrors)
|
||||||
return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
|
return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
|
||||||
|
|
||||||
|
// Do not allow packages that have been blacklisted.
|
||||||
|
if (PackageBlacklist.includes(req.packageName))
|
||||||
|
return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
|
||||||
|
|
||||||
req.packageName = url.packageName
|
req.packageName = url.packageName
|
||||||
req.packageVersion = url.packageVersion
|
req.packageVersion = url.packageVersion
|
||||||
req.packageSpec = `${req.packageName}@${req.packageVersion}`
|
req.packageSpec = `${req.packageName}@${req.packageVersion}`
|
||||||
@ -27,4 +32,4 @@ function parseURL(req, res, next) {
|
|||||||
next()
|
next()
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = parseURL
|
module.exports = parsePackageURL
|
||||||
Loading…
x
Reference in New Issue
Block a user