diff --git a/modules/__tests__/_blacklist-test.js b/modules/__tests__/_blacklist-test.js deleted file mode 100644 index 174d10d..0000000 --- a/modules/__tests__/_blacklist-test.js +++ /dev/null @@ -1,109 +0,0 @@ -import request from 'supertest'; - -import createServer from '../createServer'; -import clearBlacklist from './utils/clearBlacklist'; -import withToken from './utils/withToken'; - -describe('The /_blacklist endpoint', () => { - let server; - beforeEach(() => { - server = createServer(); - }); - - describe('POST /_blacklist', () => { - afterEach(clearBlacklist); - - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .post('/_blacklist') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.add" scope', () => { - it('can add to the blacklist', done => { - withToken({ blacklist: { add: true } }, token => { - request(server) - .post('/_blacklist') - .send({ token, packageName: 'bad-package' }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - }); - }); - - describe('GET /_blacklist', () => { - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .get('/_blacklist') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.read" scope', () => { - it('can read the blacklist', done => { - withToken({ blacklist: { read: true } }, token => { - request(server) - .get('/_blacklist?token=' + token) - .end((err, res) => { - expect(res.statusCode).toBe(200); - done(); - }); - }); - }); - }); - }); - - describe('DELETE /_blacklist/:packageName', () => { - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .delete('/_blacklist/bad-package') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.remove" scope', () => { - it('can remove a package from the blacklist', done => { - withToken({ blacklist: { remove: true } }, token => { - request(server) - .delete('/_blacklist/bad-package') - .send({ token }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - - it('can remove a scoped package from the blacklist', done => { - withToken({ blacklist: { remove: true } }, token => { - request(server) - .delete('/_blacklist/@scope/bad-package') - .send({ token }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - }); - }); -}); diff --git a/modules/__tests__/api-blacklist-test.js b/modules/__tests__/api-blacklist-test.js deleted file mode 100644 index adde9d6..0000000 --- a/modules/__tests__/api-blacklist-test.js +++ /dev/null @@ -1,109 +0,0 @@ -import request from 'supertest'; - -import createServer from '../createServer'; -import clearBlacklist from './utils/clearBlacklist'; -import withToken from './utils/withToken'; - -describe('The /api/blacklist endpoint', () => { - let server; - beforeEach(() => { - server = createServer(); - }); - - describe('POST /api/blacklist', () => { - afterEach(clearBlacklist); - - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .post('/api/blacklist') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.add" scope', () => { - it('can add to the blacklist', done => { - withToken({ blacklist: { add: true } }, token => { - request(server) - .post('/api/blacklist') - .send({ token, packageName: 'bad-package' }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - }); - }); - - describe('GET /api/blacklist', () => { - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .get('/api/blacklist') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.read" scope', () => { - it('can read the blacklist', done => { - withToken({ blacklist: { read: true } }, token => { - request(server) - .get('/api/blacklist?token=' + token) - .end((err, res) => { - expect(res.statusCode).toBe(200); - done(); - }); - }); - }); - }); - }); - - describe('DELETE /api/blacklist', () => { - describe('with no auth', () => { - it('is forbidden', done => { - request(server) - .delete('/api/blacklist') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - - describe('with the "blacklist.remove" scope', () => { - it('can remove a package from the blacklist', done => { - withToken({ blacklist: { remove: true } }, token => { - request(server) - .delete('/api/blacklist') - .send({ token, packageName: 'bad-package' }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - - it('can remove a scoped package from the blacklist', done => { - withToken({ blacklist: { remove: true } }, token => { - request(server) - .delete('/api/blacklist') - .send({ token, packageName: '@scope/bad-package' }) - .end((err, res) => { - expect(res.statusCode).toBe(200); - expect(res.body.ok).toBe(true); - done(); - }); - }); - }); - }); - }); -}); diff --git a/modules/__tests__/server-test.js b/modules/__tests__/server-test.js index 9ce80b1..0b4a852 100644 --- a/modules/__tests__/server-test.js +++ b/modules/__tests__/server-test.js @@ -1,8 +1,6 @@ import request from 'supertest'; import createServer from '../createServer'; -import clearBlacklist from './utils/clearBlacklist'; -import withBlacklist from './utils/withBlacklist'; describe('The server', () => { let server; @@ -48,19 +46,4 @@ describe('The server', () => { done(); }); }); - - describe('blacklisted packages', () => { - afterEach(clearBlacklist); - - it('does not serve blacklisted packages', done => { - withBlacklist(['bad-package'], () => { - request(server) - .get('/bad-package/index.js') - .end((err, res) => { - expect(res.statusCode).toBe(403); - done(); - }); - }); - }); - }); }); diff --git a/modules/__tests__/utils/clearBlacklist.js b/modules/__tests__/utils/clearBlacklist.js deleted file mode 100644 index 7a16f6f..0000000 --- a/modules/__tests__/utils/clearBlacklist.js +++ /dev/null @@ -1,5 +0,0 @@ -import { removeAllPackages } from '../../utils/blacklist'; - -export default function clearBlacklist(done) { - removeAllPackages().then(done, done); -} diff --git a/modules/__tests__/utils/withBlacklist.js b/modules/__tests__/utils/withBlacklist.js deleted file mode 100644 index bfad08a..0000000 --- a/modules/__tests__/utils/withBlacklist.js +++ /dev/null @@ -1,5 +0,0 @@ -import { addPackage } from '../../utils/blacklist'; - -export default function withBlacklist(blacklist, done) { - Promise.all(blacklist.map(addPackage)).then(done); -} diff --git a/modules/actions/addToBlacklist.js b/modules/actions/addToBlacklist.js deleted file mode 100644 index a4549c5..0000000 --- a/modules/actions/addToBlacklist.js +++ /dev/null @@ -1,47 +0,0 @@ -import validateNpmPackageName from 'validate-npm-package-name'; - -import { addPackage } from '../utils/blacklist'; - -export default function addToBlacklist(req, res) { - const packageName = req.body.packageName; - - if (!packageName) { - return res - .status(403) - .send({ error: 'Missing "packageName" body parameter' }); - } - - const nameErrors = validateNpmPackageName(packageName).errors; - - // Disallow invalid package names. - if (nameErrors) { - const reason = nameErrors.join(', '); - return res.status(403).send({ - error: `Invalid package name "${packageName}" (${reason})` - }); - } - - addPackage(packageName).then( - added => { - if (added) { - const userId = req.user.jti; - console.log( - `Package "${packageName}" was added to the blacklist by ${userId}` - ); - } - - res.send({ - ok: true, - message: `Package "${packageName}" was ${ - added ? 'added to' : 'already in' - } the blacklist` - }); - }, - error => { - console.error(error); - res.status(500).send({ - error: `Unable to add "${packageName}" to the blacklist` - }); - } - ); -} diff --git a/modules/actions/createAuth.js b/modules/actions/createAuth.js index cb57486..b4a5fd8 100644 --- a/modules/actions/createAuth.js +++ b/modules/actions/createAuth.js @@ -1,10 +1,6 @@ import { createToken } from '../utils/auth'; -const defaultScopes = { - blacklist: { - read: true - } -}; +const defaultScopes = {}; export default function createAuth(req, res) { createToken(defaultScopes).then( diff --git a/modules/actions/removeFromBlacklist.js b/modules/actions/removeFromBlacklist.js deleted file mode 100644 index 939819e..0000000 --- a/modules/actions/removeFromBlacklist.js +++ /dev/null @@ -1,50 +0,0 @@ -import validateNpmPackageName from 'validate-npm-package-name'; - -import { removePackage } from '../utils/blacklist'; - -export default function removeFromBlacklist(req, res) { - // TODO: Remove req.packageName when DELETE - // /_blacklist/:packageName API is removed - const packageName = req.body.packageName || req.packageName; - - if (!packageName) { - return res - .status(403) - .send({ error: 'Missing "packageName" body parameter' }); - } - - const nameErrors = validateNpmPackageName(packageName).errors; - - // Disallow invalid package names. - if (nameErrors) { - const reason = nameErrors.join(', '); - return res.status(403).send({ - error: `Invalid package name "${packageName}" (${reason})` - }); - } - - removePackage(packageName).then( - removed => { - if (removed) { - const userId = req.user.jti; - console.log( - `Package "${packageName}" was removed from the blacklist by ${userId}` - ); - } - - res.send({ - ok: true, - message: `Package "${packageName}" was ${ - removed ? 'removed from' : 'not in' - } the blacklist` - }); - }, - error => { - console.error(error); - - res.status(500).send({ - error: `Unable to remove "${packageName}" from the blacklist` - }); - } - ); -} diff --git a/modules/actions/showBlacklist.js b/modules/actions/showBlacklist.js deleted file mode 100644 index d80416a..0000000 --- a/modules/actions/showBlacklist.js +++ /dev/null @@ -1,15 +0,0 @@ -import { getPackages } from '../utils/blacklist'; - -export default function showBlacklist(req, res) { - getPackages().then( - blacklist => { - res.send({ blacklist }); - }, - error => { - console.error(error); - res.status(500).send({ - error: 'Unable to fetch blacklist' - }); - } - ); -} diff --git a/modules/functions/serveNpmPackageFile.js b/modules/functions/serveNpmPackageFile.js index 35da72d..96fcf4c 100644 --- a/modules/functions/serveNpmPackageFile.js +++ b/modules/functions/serveNpmPackageFile.js @@ -1,7 +1,6 @@ import express from 'express'; import cors from 'cors'; -// import checkBlacklist from '../middleware/checkBlacklist'; import fetchPackage from '../middleware/fetchPackage'; import findFile from '../middleware/findFile'; import redirectLegacyURLs from '../middleware/redirectLegacyURLs'; @@ -17,7 +16,6 @@ app.use(redirectLegacyURLs); app.use(validatePackageURL); app.use(validatePackageName); app.use(validateQuery); -// app.use(checkBlacklist); app.use(fetchPackage); app.use(findFile); app.use(serveFile); diff --git a/modules/middleware/checkBlacklist.js b/modules/middleware/checkBlacklist.js deleted file mode 100644 index da6117c..0000000 --- a/modules/middleware/checkBlacklist.js +++ /dev/null @@ -1,23 +0,0 @@ -import { includesPackage } from '../utils/blacklist'; - -export default function checkBlacklist(req, res, next) { - includesPackage(req.packageName).then( - blacklisted => { - // Disallow packages that have been blacklisted. - if (blacklisted) { - res - .status(403) - .type('text') - .send(`Package "${req.packageName}" is blacklisted`); - } else { - next(); - } - }, - error => { - console.error('Unable to fetch the blacklist: %s', error); - - // Continue anyway. - next(); - } - ); -} diff --git a/modules/utils/__tests__/blacklist-test.js b/modules/utils/__tests__/blacklist-test.js deleted file mode 100644 index 1098eeb..0000000 --- a/modules/utils/__tests__/blacklist-test.js +++ /dev/null @@ -1,24 +0,0 @@ -import * as blacklist from '../blacklist'; - -describe('Blacklist API', () => { - beforeEach(done => { - blacklist.removeAllPackages().then(() => done(), done); - }); - - it('adds and removes packages to/from the blacklist', done => { - const packageName = 'bad-package'; - - blacklist.addPackage(packageName).then(() => { - blacklist.getPackages().then(packageNames => { - expect(packageNames).toEqual([packageName]); - - blacklist.removePackage(packageName).then(() => { - blacklist.getPackages().then(packageNames => { - expect(packageNames).toEqual([]); - done(); - }); - }); - }); - }); - }); -}); diff --git a/modules/utils/blacklist.js b/modules/utils/blacklist.js deleted file mode 100644 index a568b9a..0000000 --- a/modules/utils/blacklist.js +++ /dev/null @@ -1,63 +0,0 @@ -import data from './data'; - -const blacklistSet = 'blacklisted-packages'; - -export function addPackage(packageName) { - return new Promise((resolve, reject) => { - data.sadd(blacklistSet, packageName, (error, value) => { - if (error) { - reject(error); - } else { - resolve(value === 1); - } - }); - }); -} - -export function removePackage(packageName) { - return new Promise((resolve, reject) => { - data.srem(blacklistSet, packageName, (error, value) => { - if (error) { - reject(error); - } else { - resolve(value === 1); - } - }); - }); -} - -export function removeAllPackages() { - return new Promise((resolve, reject) => { - data.del(blacklistSet, error => { - if (error) { - reject(error); - } else { - resolve(); - } - }); - }); -} - -export function getPackages() { - return new Promise((resolve, reject) => { - data.smembers(blacklistSet, (error, value) => { - if (error) { - reject(error); - } else { - resolve(value); - } - }); - }); -} - -export function includesPackage(packageName) { - return new Promise((resolve, reject) => { - data.sismember(blacklistSet, packageName, (error, value) => { - if (error) { - reject(error); - } else { - resolve(value === 1); - } - }); - }); -} diff --git a/modules/utils/stats.js b/modules/utils/stats.js index 7c1c726..aadfb4b 100644 --- a/modules/utils/stats.js +++ b/modules/utils/stats.js @@ -1,18 +1,5 @@ // import data from './data'; import * as cloudflare from './cloudflare'; -// import * as blacklist from './blacklist'; - -// function prunePackages(packagesMap) { -// return Promise.all( -// Object.keys(packagesMap).map(packageName => -// blacklist.includesPackage(packageName).then(blacklisted => { -// if (blacklisted) { -// delete packagesMap[packageName]; -// } -// }) -// ) -// ).then(() => packagesMap); -// } // export function createDayKey(date) { // return `${date.getUTCFullYear()}-${date.getUTCMonth()}-${date.getUTCDate()}`; @@ -49,15 +36,11 @@ import * as cloudflare from './cloudflare'; // } // function getPackageRequests(date, n = 100) { -// return getScoresMap(`stats-packageRequests-${createDayKey(date)}`, n).then( -// prunePackages -// ); +// return getScoresMap(`stats-packageRequests-${createDayKey(date)}`, n); // } // function getPackageBandwidth(date, n = 100) { -// return getScoresMap(`stats-packageBytes-${createDayKey(date)}`, n).then( -// prunePackages -// ); +// return getScoresMap(`stats-packageBytes-${createDayKey(date)}`, n); // } // function getProtocolRequests(date) {