186526
/
unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add back checkBlacklist middleware

This commit is contained in:
MICHAEL JACKSON 2017-08-16 23:03:28 -07:00
parent 1173f91091
commit b9c6c0fc61
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/createServer.js
View File

@ -7,12 +7,24 @@ const morgan = require('morgan')
const { fetchStats } = require('./cloudflare') const { fetchStats } = require('./cloudflare')
const checkBlacklist = require('./middleware/checkBlacklist')
const checkMinDailyDownloads = require('./middleware/checkMinDailyDownloads') const checkMinDailyDownloads = require('./middleware/checkMinDailyDownloads')
const parsePackageURL = require('./middleware/parsePackageURL') const parsePackageURL = require('./middleware/parsePackageURL')
const fetchFile = require('./middleware/fetchFile') const fetchFile = require('./middleware/fetchFile')
const serveFile = require('./middleware/serveFile') const serveFile = require('./middleware/serveFile')
const serveMetadata = require('./middleware/serveMetadata') const serveMetadata = require('./middleware/serveMetadata')
/**
* A list of packages we refuse to serve.
*/
const PackageBlacklist = require('./PackageBlacklist').blacklist
/**
* The minimum number of times a package must be downloaded on
* average in order to be available on the CDN.
*/
const MinDailyDownloads = 100
morgan.token('fwd', function (req) { morgan.token('fwd', function (req) {
return req.get('x-forwarded-for').replace(/\s/g, '') return req.get('x-forwarded-for').replace(/\s/g, '')
}) })
@ -71,14 +83,16 @@ function createServer() {
app.use('/_meta', app.use('/_meta',
parsePackageURL, parsePackageURL,
checkMinDailyDownloads(100), checkBlacklist(PackageBlacklist),
checkMinDailyDownloads(MinDailyDownloads),
fetchFile, fetchFile,
serveMetadata serveMetadata
) )
app.use('/', app.use('/',
parsePackageURL, parsePackageURL,
checkMinDailyDownloads(100), checkBlacklist(PackageBlacklist),
checkMinDailyDownloads(MinDailyDownloads),
fetchFile, fetchFile,
serveFile serveFile
) )

12
server/middleware/checkBlacklist.js Normal file
View File

@ -0,0 +1,12 @@
function checkBlacklist(blacklist) {
return function (req, res, next) {
// Do not allow packages that have been blacklisted.
if (blacklist.includes(req.packageName)) {
res.status(403).type('text').send(`Package "${req.packageName}" is blacklisted`)
} else {
next()
}
}
}
module.exports = checkBlacklist

5
server/middleware/parsePackageURL.js
View File

@ -1,5 +1,4 @@
const validateNPMPackageName = require('validate-npm-package-name') const validateNPMPackageName = require('validate-npm-package-name')
const PackageBlacklist = require('../PackageBlacklist').blacklist
const PackageURL = require('../PackageURL') const PackageURL = require('../PackageURL')
/** /**
@ -17,10 +16,6 @@ function parsePackageURL(req, res, next) {
if (nameErrors) if (nameErrors)
return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`) return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)
// Do not allow packages that have been blacklisted.
if (PackageBlacklist.includes(req.packageName))
return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
req.packageName = url.packageName req.packageName = url.packageName
req.packageVersion = url.packageVersion req.packageVersion = url.packageVersion
req.packageSpec = `${req.packageName}@${req.packageVersion}` req.packageSpec = `${req.packageName}@${req.packageVersion}`