From b9c6c0fc61ac20a865ef0c800ea95f8ee500deaa Mon Sep 17 00:00:00 2001 From: MICHAEL JACKSON Date: Wed, 16 Aug 2017 23:03:28 -0700 Subject: [PATCH] Add back checkBlacklist middleware --- server/createServer.js | 18 ++++++++++++++++-- server/middleware/checkBlacklist.js | 12 ++++++++++++ server/middleware/parsePackageURL.js | 5 ----- 3 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 server/middleware/checkBlacklist.js diff --git a/server/createServer.js b/server/createServer.js index 8046ffb..82866a1 100644 --- a/server/createServer.js +++ b/server/createServer.js @@ -7,12 +7,24 @@ const morgan = require('morgan') const { fetchStats } = require('./cloudflare') +const checkBlacklist = require('./middleware/checkBlacklist') const checkMinDailyDownloads = require('./middleware/checkMinDailyDownloads') const parsePackageURL = require('./middleware/parsePackageURL') const fetchFile = require('./middleware/fetchFile') const serveFile = require('./middleware/serveFile') const serveMetadata = require('./middleware/serveMetadata') +/** + * A list of packages we refuse to serve. + */ +const PackageBlacklist = require('./PackageBlacklist').blacklist + +/** + * The minimum number of times a package must be downloaded on + * average in order to be available on the CDN. + */ +const MinDailyDownloads = 100 + morgan.token('fwd', function (req) { return req.get('x-forwarded-for').replace(/\s/g, '') }) @@ -71,14 +83,16 @@ function createServer() { app.use('/_meta', parsePackageURL, - checkMinDailyDownloads(100), + checkBlacklist(PackageBlacklist), + checkMinDailyDownloads(MinDailyDownloads), fetchFile, serveMetadata ) app.use('/', parsePackageURL, - checkMinDailyDownloads(100), + checkBlacklist(PackageBlacklist), + checkMinDailyDownloads(MinDailyDownloads), fetchFile, serveFile ) diff --git a/server/middleware/checkBlacklist.js b/server/middleware/checkBlacklist.js new file mode 100644 index 0000000..07b09a5 --- /dev/null +++ b/server/middleware/checkBlacklist.js @@ -0,0 +1,12 @@ +function checkBlacklist(blacklist) { + return function (req, res, next) { + // Do not allow packages that have been blacklisted. + if (blacklist.includes(req.packageName)) { + res.status(403).type('text').send(`Package "${req.packageName}" is blacklisted`) + } else { + next() + } + } +} + +module.exports = checkBlacklist diff --git a/server/middleware/parsePackageURL.js b/server/middleware/parsePackageURL.js index 6239cfd..48ed043 100644 --- a/server/middleware/parsePackageURL.js +++ b/server/middleware/parsePackageURL.js @@ -1,5 +1,4 @@ const validateNPMPackageName = require('validate-npm-package-name') -const PackageBlacklist = require('../PackageBlacklist').blacklist const PackageURL = require('../PackageURL') /** @@ -17,10 +16,6 @@ function parsePackageURL(req, res, next) { if (nameErrors) return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`) - // Do not allow packages that have been blacklisted. - if (PackageBlacklist.includes(req.packageName)) - return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`) - req.packageName = url.packageName req.packageVersion = url.packageVersion req.packageSpec = `${req.packageName}@${req.packageVersion}`