Add back checkBlacklist middleware

2017-08-16 23:03:28 -07:00 · 2017-08-16 23:03:28 -07:00 · b9c6c0fc61
parent 1173f91091
commit b9c6c0fc61
3 changed files with 28 additions and 7 deletions
--- a/server/createServer.js
+++ b/server/createServer.js
@ -7,12 +7,24 @@ const morgan = require('morgan')

 const { fetchStats } = require('./cloudflare')

+const checkBlacklist = require('./middleware/checkBlacklist')
 const checkMinDailyDownloads = require('./middleware/checkMinDailyDownloads')
 const parsePackageURL = require('./middleware/parsePackageURL')
 const fetchFile = require('./middleware/fetchFile')
 const serveFile = require('./middleware/serveFile')
 const serveMetadata = require('./middleware/serveMetadata')

+/**
+ * A list of packages we refuse to serve.
+ */
+const PackageBlacklist = require('./PackageBlacklist').blacklist
+
+/**
+ * The minimum number of times a package must be downloaded on
+ * average in order to be available on the CDN.
+ */
+const MinDailyDownloads = 100
+
 morgan.token('fwd', function (req) {
  return req.get('x-forwarded-for').replace(/\s/g, '')
 })
@ -71,14 +83,16 @@ function createServer() {

  app.use('/_meta',
    parsePackageURL,
-    checkMinDailyDownloads(100),
+    checkBlacklist(PackageBlacklist),
+    checkMinDailyDownloads(MinDailyDownloads),
    fetchFile,
    serveMetadata
  )

  app.use('/',
    parsePackageURL,
-    checkMinDailyDownloads(100),
+    checkBlacklist(PackageBlacklist),
+    checkMinDailyDownloads(MinDailyDownloads),
    fetchFile,
    serveFile
  )
--- a/server/middleware/checkBlacklist.js
+++ b/server/middleware/checkBlacklist.js
@ -0,0 +1,12 @@
+function checkBlacklist(blacklist) {
+  return function (req, res, next) {
+    // Do not allow packages that have been blacklisted.
+    if (blacklist.includes(req.packageName)) {
+      res.status(403).type('text').send(`Package "${req.packageName}" is blacklisted`)
+    } else {
+      next()
+    }
+  }
+}
+
+module.exports = checkBlacklist
--- a/server/middleware/parsePackageURL.js
+++ b/server/middleware/parsePackageURL.js
@ -1,5 +1,4 @@
 const validateNPMPackageName = require('validate-npm-package-name')
-const PackageBlacklist = require('../PackageBlacklist').blacklist
 const PackageURL = require('../PackageURL')

 /**
@ -17,10 +16,6 @@ function parsePackageURL(req, res, next) {
  if (nameErrors)
    return res.status(403).type('text').send(`Invalid package name: ${url.packageName} (${nameErrors.join(', ')})`)

-  // Do not allow packages that have been blacklisted.
-  if (PackageBlacklist.includes(req.packageName))
-    return res.status(403).type('text').send(`Package ${req.packageName} is blacklisted`)
-
  req.packageName = url.packageName
  req.packageVersion = url.packageVersion
  req.packageSpec = `${req.packageName}@${req.packageVersion}`