fix: proxy public package from source registry (#1375)

when syncMode = 'none'

closes #1374

.travis.yml

@@ -3,6 +3,7 @@ language: node_js
 node_js:
   - '6'
   - '8'
+  - '10'
 addons:
   - postgresql: '9.3'
 script: 'make test-travis-all'

config/index.js

@@ -169,6 +169,7 @@ var config = {
   // If you want to directly sync from official npm's registry
   // please drop them an email first
   sourceNpmRegistry: 'https://registry.npm.taobao.org',
+  sourceNpmWeb: 'https://npm.taobao.org',
 
   // upstream registry is base on cnpm/cnpmjs.org or not
   // if your upstream is official npm registry, please turn it off

controllers/registry/package/save.js

@@ -135,7 +135,7 @@ module.exports = function* save(next) {
 
   // upload attachment
   var tarballBuffer;
-  tarballBuffer = new Buffer(attachment.data, 'base64');
+  tarballBuffer = Buffer.from(attachment.data, 'base64');
 
   if (tarballBuffer.length !== attachment.length) {
     this.status = 403;

middleware/auth.js

@@ -20,7 +20,7 @@ module.exports = function () {
       return yield unauthorized.call(this, next);
     }
 
-    authorization = new Buffer(authorization, 'base64').toString();
+    authorization = Buffer.from(authorization, 'base64').toString();
     var pos = authorization.indexOf(':');
     if (pos === -1) {
        return yield unauthorized.call(this, next);

middleware/proxy_to_npm.js

@@ -1,50 +1,84 @@
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var debug = require('debug')('cnpmjs.org:middleware:proxy_to_npm');
 var config = require('../config');
 
 module.exports = function (options) {
   var redirectUrl = config.sourceNpmRegistry;
   var proxyUrls = [
     // /:pkg, dont contains scoped package
-    /^\/[\w\-\.]+$/,
+    // /:pkg/:versionOrTag
+    /^\/[\w\-\.]+(?:\/[\w\-\.]+)?$/,
     // /-/package/:pkg/dist-tags
     /^\/\-\/package\/[\w\-\.]+\/dist-tags/,
   ];
+  var scopedUrls = [
+    // scoped package
+    /^\/(@[\w\-\.]+)\/[\w\-\.]+(?:\/[\w\-\.]+)?$/,
+    /^\/\-\/package\/(@[\w\-\.]+)\/[\w\-\.]+\/dist\-tags/,
+  ];
   if (options && options.isWeb) {
-    redirectUrl = redirectUrl.replace('//registry.', '//');
+    redirectUrl = config.sourceNpmWeb || redirectUrl.replace('//registry.', '//');
     proxyUrls = [
       // /package/:pkg
-      /^\/package\/[\w\-\.]+$/,
+      /^\/package\/[\w\-\.]+/,
+    ];
+    scopedUrls = [
+      // scoped package
+      /^\/package\/(@[\w\-\.]+)\/[\w\-\.]+/,
     ];
   }
+
   return function* proxyToNpm(next) {
     if (config.syncModel !== 'none') {
       return yield next;
     }
+
+    // syncModel === none
     // only proxy read requests
     if (this.method !== 'GET' && this.method !== 'HEAD') {
       return yield next;
     }
 
     var pathname = this.path;
-    var match;
-    for (var i = 0; i < proxyUrls.length; i++) {
-      match = proxyUrls[i].test(pathname);
-      if (match) {
-        break;
+
+    var isScoped = false;
+    var isPublichScoped = false;
+    // check scoped name
+    if (config.scopes && config.scopes.length > 0) {
+      for (var i = 0; i < scopedUrls.length; i++) {
+        const m = scopedUrls[i].exec(pathname);
+        if (m) {
+          isScoped = true;
+          if (config.scopes.indexOf(m[1]) !== -1) {
+            // internal scoped
+            isPublichScoped = false;
+          } else {
+            isPublichScoped = true;
+          }
+          break;
+        }
       }
     }
-    if (!match) {
-      return yield next;
+
+    var isPublich = false;
+    if (!isScoped) {
+      for (var i = 0; i < proxyUrls.length; i++) {
+        isPublich = proxyUrls[i].test(pathname);
+        if (isPublich) {
+          break;
+        }
+      }
+    }
+
+    if (isPublich || isPublichScoped) {
+      var url = redirectUrl + this.url;
+      debug('proxy isPublich: %s, isPublichScoped: %s, package to %s',
+        isPublich, isPublichScoped, url);
+      this.redirect(url);
+      return;
     }
 
-    var url = redirectUrl + this.url;
-    debug('proxy to %s', url);
-    this.redirect(url);
+    yield next;
   };
 };

test/controllers/registry/module/maintainer.test.js

@@ -1,39 +1,23 @@
-/**!
- * cnpmjs.org - test/controllers/registry/module/maintainer.test.js
- *
- * Copyright(c) fengmk2 and other contributors.
- * MIT Licensed
- *
- * Authors:
- *   fengmk2 <[email protected]> (http://fengmk2.github.com)
- */
-
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var request = require('supertest');
 var mm = require('mm');
 var config = require('../../../../config');
 var app = require('../../../../servers/registry');
 var utils = require('../../../utils');
 
-describe('controllers/registry/module/maintainer.test.js', function () {
+describe('test/controllers/registry/module/maintainer.test.js', function () {
   var pkgname = '@cnpm/test-package-maintainer';
   var pkgURL = '/@' + encodeURIComponent(pkgname.substring(1));
   before(function (done) {
-    app = app.listen(0, function () {
-      // add scope package
-      var pkg = utils.getPackage(pkgname, '0.0.1', utils.admin);
+    // add scope package
+    var pkg = utils.getPackage(pkgname, '0.0.1', utils.admin);
 
-      request(app)
-      .put(pkgURL)
-      .set('authorization', utils.adminAuth)
-      .send(pkg)
-      .expect(201, done);
-    });
+    request(app)
+    .put(pkgURL)
+    .set('authorization', utils.adminAuth)
+    .send(pkg)
+    .expect(201, done);
   });
 
   beforeEach(function () {

test/controllers/registry/module/scope_package.test.js

@@ -1,9 +1,5 @@
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var should = require('should');
 var request = require('supertest');
 var mm = require('mm');
@@ -15,24 +11,22 @@ describe('test/controllers/registry/module/scope_package.test.js', function () {
   var pkgname = '@cnpm/test-scope-package';
   var pkgURL = '/@' + encodeURIComponent(pkgname.substring(1));
   before(function (done) {
-    app = app.listen(0, function () {
-      // add scope package
-      var pkg = utils.getPackage(pkgname, '0.0.1', utils.admin);
+    // add scope package
+    var pkg = utils.getPackage(pkgname, '0.0.1', utils.admin);
 
+    request(app)
+    .put(pkgURL)
+    .set('authorization', utils.adminAuth)
+    .send(pkg)
+    .expect(201, function (err) {
+      should.not.exist(err);
+      pkg = utils.getPackage(pkgname, '0.0.2', utils.admin);
+      // publish 0.0.2
       request(app)
       .put(pkgURL)
       .set('authorization', utils.adminAuth)
       .send(pkg)
-      .expect(201, function (err) {
-        should.not.exist(err);
-        pkg = utils.getPackage(pkgname, '0.0.2', utils.admin);
-        // publish 0.0.2
-        request(app.listen())
-        .put(pkgURL)
-        .set('authorization', utils.adminAuth)
-        .send(pkg)
-        .expect(201, done);
-      });
+      .expect(201, done);
     });
   });
 
@@ -73,7 +67,7 @@ describe('test/controllers/registry/module/scope_package.test.js', function () {
   });
 
   it('should get scope package info: /@scope/name', function (done) {
-    request(app.listen())
+    request(app)
     .get('/' + pkgname)
     .expect(200, function (err, res) {
       should.not.exist(err);

test/controllers/registry/package/deprecate.test.js

@@ -8,27 +8,27 @@ var pedding = require('pedding');
 var app = require('../../../../servers/registry');
 var utils = require('../../../utils');
 
-describe('controllers/registry/package/deprecate.test.js', function () {
+describe('test/controllers/registry/package/deprecate.test.js', function () {
   var pkgname = '@cnpmtest/testmodule-deprecate';
   before(function (done) {
     var pkg = utils.getPackage(pkgname, '0.0.1', utils.admin);
 
-    request(app.listen())
+    request(app)
     .put('/' + pkgname)
     .set('authorization', utils.adminAuth)
     .send(pkg)
     .expect(201, function (err) {
       should.not.exist(err);
       pkg = utils.getPackage(pkgname, '0.0.2', utils.admin);
       // publish 0.0.2
-      request(app.listen())
+      request(app)
       .put('/' + pkgname)
       .set('authorization', utils.adminAuth)
       .send(pkg)
       .expect(201, function (err) {
         should.not.exist(err);
         pkg = utils.getPackage(pkgname, '1.0.0', utils.admin);
-        request(app.listen())
+        request(app)
         .put('/' + pkgname)
         .set('authorization', utils.adminAuth)
         .send(pkg)
@@ -41,7 +41,7 @@ describe('controllers/registry/package/deprecate.test.js', function () {
 
   describe('PUT /:name', function () {
     it('should deprecate [email protected]', function (done) {
-      request(app.listen())
+      request(app)
       .put('/' + pkgname)
       .set('authorization', utils.adminAuth)
       .send({
@@ -57,14 +57,14 @@ describe('controllers/registry/package/deprecate.test.js', function () {
       })
       .expect(201, function (err) {
         should.not.exist(err);
-        request(app.listen())
+        request(app)
         .get('/' + pkgname + '/1.0.0')
         .expect(200, function (err, res) {
           should.not.exist(err);
           res.body.deprecated.should.equal('mock test deprecated message 1.0.0');
 
           // undeprecated
-          request(app.listen())
+          request(app)
           .put('/' + pkgname)
           .set('authorization', utils.adminAuth)
           .send({
@@ -80,7 +80,7 @@ describe('controllers/registry/package/deprecate.test.js', function () {
           })
           .expect(201, function (err) {
             should.not.exist(err);
-            request(app.listen())
+            request(app)
             .get('/' + pkgname + '/1.0.0')
             .expect(200, function (err, res) {
               should.not.exist(err);
@@ -93,7 +93,7 @@ describe('controllers/registry/package/deprecate.test.js', function () {
     });
 
     it('should deprecate version@<1.0.0', function* () {
-      yield request(app.listen())
+      yield request(app)
         .put('/' + pkgname)
         .set('authorization', utils.adminAuth)
         .send({
@@ -115,30 +115,30 @@ describe('controllers/registry/package/deprecate.test.js', function () {
         })
         .expect(201);
 
-      yield request(app.listen())
+      yield request(app)
         .get('/' + pkgname + '/0.0.1')
         .expect(200)
         .expect(res => {
           res.body.deprecated.should.equal('mock test deprecated message 0.0.1');
         });
 
-      yield request(app.listen())
+      yield request(app)
         .get('/' + pkgname + '/0.0.2')
         .expect(200)
         .expect(res => {
           res.body.deprecated.should.equal('mock test deprecated message 0.0.2');
         });
 
       // not change 1.0.0
-      yield request(app.listen())
+      yield request(app)
         .get('/' + pkgname + '/1.0.0')
         .expect(200)
         .expect(res => {
           assert(!res.body.deprecated);
         });
 
       // show deprecated info on abbreviatedMeta request
-      yield request(app.listen())
+      yield request(app)
         .get('/' + pkgname)
         .set('accept', 'application/vnd.npm.install-v1+json')
         .expect(200)
@@ -150,7 +150,7 @@ describe('controllers/registry/package/deprecate.test.js', function () {
     });
 
     it('should 404 deprecate not exists version', function (done) {
-      request(app.listen())
+      request(app)
       .put('/' + pkgname)
       .set('authorization', utils.adminAuth)
       .send({
@@ -172,7 +172,7 @@ describe('controllers/registry/package/deprecate.test.js', function () {
     });
 
     it('should 403 can not modified when use is not maintainer', function (done) {
-      request(app.listen())
+      request(app)
       .put('/' + pkgname)
       .set('authorization', utils.otherUserAuth)
       .send({