186526/unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove blacklist code

Browse Source
This commit is contained in:
Michael Jackson
2019-01-15 08:06:12 -08:00
parent 5e7323f389
commit dc2950d60f
14 changed files with 3 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
modules/__tests__/_blacklist-test.js
View File

@ -1,109 +0,0 @@
import request from 'supertest';
import createServer from '../createServer';
import clearBlacklist from './utils/clearBlacklist';
import withToken from './utils/withToken';
describe('The /_blacklist endpoint', () => {
let server;
beforeEach(() => {
server = createServer();
});
describe('POST /_blacklist', () => {
afterEach(clearBlacklist);
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.post('/_blacklist')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.add" scope', () => {
it('can add to the blacklist', done => {
withToken({ blacklist: { add: true } }, token => {
request(server)
.post('/_blacklist')
.send({ token, packageName: 'bad-package' })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
});
});
describe('GET /_blacklist', () => {
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.get('/_blacklist')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.read" scope', () => {
it('can read the blacklist', done => {
withToken({ blacklist: { read: true } }, token => {
request(server)
.get('/_blacklist?token=' + token)
.end((err, res) => {
expect(res.statusCode).toBe(200);
done();
});
});
});
});
});
describe('DELETE /_blacklist/:packageName', () => {
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.delete('/_blacklist/bad-package')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.remove" scope', () => {
it('can remove a package from the blacklist', done => {
withToken({ blacklist: { remove: true } }, token => {
request(server)
.delete('/_blacklist/bad-package')
.send({ token })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
it('can remove a scoped package from the blacklist', done => {
withToken({ blacklist: { remove: true } }, token => {
request(server)
.delete('/_blacklist/@scope/bad-package')
.send({ token })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
});
});
});

109
modules/__tests__/api-blacklist-test.js
View File

@ -1,109 +0,0 @@
import request from 'supertest';
import createServer from '../createServer';
import clearBlacklist from './utils/clearBlacklist';
import withToken from './utils/withToken';
describe('The /api/blacklist endpoint', () => {
let server;
beforeEach(() => {
server = createServer();
});
describe('POST /api/blacklist', () => {
afterEach(clearBlacklist);
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.post('/api/blacklist')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.add" scope', () => {
it('can add to the blacklist', done => {
withToken({ blacklist: { add: true } }, token => {
request(server)
.post('/api/blacklist')
.send({ token, packageName: 'bad-package' })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
});
});
describe('GET /api/blacklist', () => {
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.get('/api/blacklist')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.read" scope', () => {
it('can read the blacklist', done => {
withToken({ blacklist: { read: true } }, token => {
request(server)
.get('/api/blacklist?token=' + token)
.end((err, res) => {
expect(res.statusCode).toBe(200);
done();
});
});
});
});
});
describe('DELETE /api/blacklist', () => {
describe('with no auth', () => {
it('is forbidden', done => {
request(server)
.delete('/api/blacklist')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
describe('with the "blacklist.remove" scope', () => {
it('can remove a package from the blacklist', done => {
withToken({ blacklist: { remove: true } }, token => {
request(server)
.delete('/api/blacklist')
.send({ token, packageName: 'bad-package' })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
it('can remove a scoped package from the blacklist', done => {
withToken({ blacklist: { remove: true } }, token => {
request(server)
.delete('/api/blacklist')
.send({ token, packageName: '@scope/bad-package' })
.end((err, res) => {
expect(res.statusCode).toBe(200);
expect(res.body.ok).toBe(true);
done();
});
});
});
});
});
});

17
modules/__tests__/server-test.js
View File

@ -1,8 +1,6 @@
import request from 'supertest'; import request from 'supertest';
import createServer from '../createServer'; import createServer from '../createServer';
import clearBlacklist from './utils/clearBlacklist';
import withBlacklist from './utils/withBlacklist';
describe('The server', () => { describe('The server', () => {
let server; let server;
@ -48,19 +46,4 @@ describe('The server', () => {
done(); done();
}); });
}); });
describe('blacklisted packages', () => {
afterEach(clearBlacklist);
it('does not serve blacklisted packages', done => {
withBlacklist(['bad-package'], () => {
request(server)
.get('/bad-package/index.js')
.end((err, res) => {
expect(res.statusCode).toBe(403);
done();
});
});
});
});
}); });

5
modules/__tests__/utils/clearBlacklist.js
View File

@ -1,5 +0,0 @@
import { removeAllPackages } from '../../utils/blacklist';
export default function clearBlacklist(done) {
removeAllPackages().then(done, done);
}

5
modules/__tests__/utils/withBlacklist.js
View File

@ -1,5 +0,0 @@
import { addPackage } from '../../utils/blacklist';
export default function withBlacklist(blacklist, done) {
Promise.all(blacklist.map(addPackage)).then(done);
}

47
modules/actions/addToBlacklist.js
View File

@ -1,47 +0,0 @@
import validateNpmPackageName from 'validate-npm-package-name';
import { addPackage } from '../utils/blacklist';
export default function addToBlacklist(req, res) {
const packageName = req.body.packageName;
if (!packageName) {
return res
.status(403)
.send({ error: 'Missing "packageName" body parameter' });
}
const nameErrors = validateNpmPackageName(packageName).errors;
// Disallow invalid package names.
if (nameErrors) {
const reason = nameErrors.join(', ');
return res.status(403).send({
error: `Invalid package name "${packageName}" (${reason})`
});
}
addPackage(packageName).then(
added => {
if (added) {
const userId = req.user.jti;
console.log(
`Package "${packageName}" was added to the blacklist by ${userId}`
);
}
res.send({
ok: true,
message: `Package "${packageName}" was ${
added ? 'added to' : 'already in'
} the blacklist`
});
},
error => {
console.error(error);
res.status(500).send({
error: `Unable to add "${packageName}" to the blacklist`
});
}
);
}

6
modules/actions/createAuth.js
View File

@ -1,10 +1,6 @@
import { createToken } from '../utils/auth'; import { createToken } from '../utils/auth';
const defaultScopes = { const defaultScopes = {};
blacklist: {
read: true
}
};
export default function createAuth(req, res) { export default function createAuth(req, res) {
createToken(defaultScopes).then( createToken(defaultScopes).then(

50
modules/actions/removeFromBlacklist.js
View File

@ -1,50 +0,0 @@
import validateNpmPackageName from 'validate-npm-package-name';
import { removePackage } from '../utils/blacklist';
export default function removeFromBlacklist(req, res) {
// TODO: Remove req.packageName when DELETE
// /_blacklist/:packageName API is removed
const packageName = req.body.packageName || req.packageName;
if (!packageName) {
return res
.status(403)
.send({ error: 'Missing "packageName" body parameter' });
}
const nameErrors = validateNpmPackageName(packageName).errors;
// Disallow invalid package names.
if (nameErrors) {
const reason = nameErrors.join(', ');
return res.status(403).send({
error: `Invalid package name "${packageName}" (${reason})`
});
}
removePackage(packageName).then(
removed => {
if (removed) {
const userId = req.user.jti;
console.log(
`Package "${packageName}" was removed from the blacklist by ${userId}`
);
}
res.send({
ok: true,
message: `Package "${packageName}" was ${
removed ? 'removed from' : 'not in'
} the blacklist`
});
},
error => {
console.error(error);
res.status(500).send({
error: `Unable to remove "${packageName}" from the blacklist`
});
}
);
}

15
modules/actions/showBlacklist.js
View File

@ -1,15 +0,0 @@
import { getPackages } from '../utils/blacklist';
export default function showBlacklist(req, res) {
getPackages().then(
blacklist => {
res.send({ blacklist });
},
error => {
console.error(error);
res.status(500).send({
error: 'Unable to fetch blacklist'
});
}
);
}

2
modules/functions/serveNpmPackageFile.js
View File

@ -1,7 +1,6 @@
import express from 'express'; import express from 'express';
import cors from 'cors'; import cors from 'cors';
// import checkBlacklist from '../middleware/checkBlacklist';
import fetchPackage from '../middleware/fetchPackage'; import fetchPackage from '../middleware/fetchPackage';
import findFile from '../middleware/findFile'; import findFile from '../middleware/findFile';
import redirectLegacyURLs from '../middleware/redirectLegacyURLs'; import redirectLegacyURLs from '../middleware/redirectLegacyURLs';
@ -17,7 +16,6 @@ app.use(redirectLegacyURLs);
app.use(validatePackageURL); app.use(validatePackageURL);
app.use(validatePackageName); app.use(validatePackageName);
app.use(validateQuery); app.use(validateQuery);
// app.use(checkBlacklist);
app.use(fetchPackage); app.use(fetchPackage);
app.use(findFile); app.use(findFile);
app.use(serveFile); app.use(serveFile);

23
modules/middleware/checkBlacklist.js
View File

@ -1,23 +0,0 @@
import { includesPackage } from '../utils/blacklist';
export default function checkBlacklist(req, res, next) {
includesPackage(req.packageName).then(
blacklisted => {
// Disallow packages that have been blacklisted.
if (blacklisted) {
res
.status(403)
.type('text')
.send(`Package "${req.packageName}" is blacklisted`);
} else {
next();
}
},
error => {
console.error('Unable to fetch the blacklist: %s', error);
// Continue anyway.
next();
}
);
}

24
modules/utils/__tests__/blacklist-test.js
View File

@ -1,24 +0,0 @@
import * as blacklist from '../blacklist';
describe('Blacklist API', () => {
beforeEach(done => {
blacklist.removeAllPackages().then(() => done(), done);
});
it('adds and removes packages to/from the blacklist', done => {
const packageName = 'bad-package';
blacklist.addPackage(packageName).then(() => {
blacklist.getPackages().then(packageNames => {
expect(packageNames).toEqual([packageName]);
blacklist.removePackage(packageName).then(() => {
blacklist.getPackages().then(packageNames => {
expect(packageNames).toEqual([]);
done();
});
});
});
});
});
});

63
modules/utils/blacklist.js
View File

@ -1,63 +0,0 @@
import data from './data';
const blacklistSet = 'blacklisted-packages';
export function addPackage(packageName) {
return new Promise((resolve, reject) => {
data.sadd(blacklistSet, packageName, (error, value) => {
if (error) {
reject(error);
} else {
resolve(value === 1);
}
});
});
}
export function removePackage(packageName) {
return new Promise((resolve, reject) => {
data.srem(blacklistSet, packageName, (error, value) => {
if (error) {
reject(error);
} else {
resolve(value === 1);
}
});
});
}
export function removeAllPackages() {
return new Promise((resolve, reject) => {
data.del(blacklistSet, error => {
if (error) {
reject(error);
} else {
resolve();
}
});
});
}
export function getPackages() {
return new Promise((resolve, reject) => {
data.smembers(blacklistSet, (error, value) => {
if (error) {
reject(error);
} else {
resolve(value);
}
});
});
}
export function includesPackage(packageName) {
return new Promise((resolve, reject) => {
data.sismember(blacklistSet, packageName, (error, value) => {
if (error) {
reject(error);
} else {
resolve(value === 1);
}
});
});
}

21
modules/utils/stats.js
View File

@ -1,18 +1,5 @@
// import data from './data'; // import data from './data';
import * as cloudflare from './cloudflare'; import * as cloudflare from './cloudflare';
// import * as blacklist from './blacklist';
// function prunePackages(packagesMap) {
// return Promise.all(
// Object.keys(packagesMap).map(packageName =>
// blacklist.includesPackage(packageName).then(blacklisted => {
// if (blacklisted) {
// delete packagesMap[packageName];
// }
// })
// )
// ).then(() => packagesMap);
// }
// export function createDayKey(date) { // export function createDayKey(date) {
// return `${date.getUTCFullYear()}-${date.getUTCMonth()}-${date.getUTCDate()}`; // return `${date.getUTCFullYear()}-${date.getUTCMonth()}-${date.getUTCDate()}`;
@ -49,15 +36,11 @@ import * as cloudflare from './cloudflare';
// } // }
// function getPackageRequests(date, n = 100) { // function getPackageRequests(date, n = 100) {
// return getScoresMap(`stats-packageRequests-${createDayKey(date)}`, n).then( // return getScoresMap(`stats-packageRequests-${createDayKey(date)}`, n);
// prunePackages
// );
// } // }
// function getPackageBandwidth(date, n = 100) { // function getPackageBandwidth(date, n = 100) {
// return getScoresMap(`stats-packageBytes-${createDayKey(date)}`, n).then( // return getScoresMap(`stats-packageBytes-${createDayKey(date)}`, n);
// prunePackages
// );
// } // }
// function getProtocolRequests(date) { // function getProtocolRequests(date) {