Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation and verification code in package scanner for donation links #2918

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ optional):
* web - An optional URL for humans to read additional information about
the package.
* doc - An optional URL for humans to read the package HTML documentation
* donations - A list of URLs that can be used to monetarily support the author of this package. Check [Accepting Donations](#accepting-donations)

### Requirements

Expand Down Expand Up @@ -89,6 +90,23 @@ For example:
...
```

## Accepting Donations

You can optionally link donation URLs that can be used by other users to support you. \
Try to link a mainstream donation website like BuyMeACoffee, Patreon or OpenCollective over less well-known ones to make it easier for others to support you.

Donation links must follow the following guidelines:
* They must be valid URLs
* They mustn't be malicious (see [Donation Abuse](#donation-abuse))
* If you decide to close your account on any of the websites you use to accept donations, you must remove the link from all your packages that still link to that URL.

This is a relatively new feature (as of 17th of August 2024, the time of writing this, it hasn't been merged into Nimble's master branch) and the vast majority of Nimble clients will simply ignore this field for now. Newer ones that are taken from a source like `choosenim` or from a rolling release Linux distribution's packages will likely receive this update shortly after the [pull request](https://github.com/nim-lang/nimble/pulls/1258) is merged.

If you wish to send a donation to a library's developer and are on a version of Nimble that supports this feature, run `nimble sponsor <name of library>`.

### Donation Abuse
Your package will be removed without notice if you attempt to use this feature maliciously (i.e, phishing via typosquatting or through another means) and you might be banned from adding your packages to the index for an indefinite period of time.

# License

* `package_scanner.nim` - [GPLv3](LICENSE-GPLv3.txt)
Expand Down
13 changes: 9 additions & 4 deletions package_scanner.nim
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import std/strutils
import std/httpclient
import std/streams
import std/net

import std/uri

const usage = """
Usage: package_scanner <packages.json> [--old=packages_old.json] [--check-urls]
Expand All @@ -35,7 +35,6 @@ Options:

const allowedNameChars = {'a'..'z', 'A'..'Z', '0'..'9', '_', '-', '.'}


proc checkUrlReachable(client: HttpClient, url: string): string =
var headers: HttpHeaders = nil
if url.startsWith("https://github.com"):
Expand Down Expand Up @@ -105,7 +104,7 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls:
var client: HttpClient = nil
if checkUrls:
client = newHttpClient(timeout=3000)
client.headers = newHttpHeaders({"User-Agent": "Nim packge_scanner/2.0"})
client.headers = newHttpHeaders({"User-Agent": "Nim package_scanner/2.0"})

var modifiedPackagesCount = 0
var failedPackagesCount = 0
Expand All @@ -122,6 +121,13 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls:
let url = pkg.getStrIfExists("url", "<no url>")
logPackageError("Duplicate package " & displayName & " from url " & url)

if "donations" in pkg and checkUrls:
for url in pkg["donations"]:
try:
let res = client.get(url.getStr())
except ValueError as exc:
logPackageError("Invalid donation link: `" & url.getStr() & "` (" & exc.msg & ')')

# isNew should be used in future versions to do a conditional inspection
# of the package contents which requires downloading the full release tarball
let isNew = not oldPackagesTable.hasKey(pkgNameNorm)
Expand Down Expand Up @@ -203,7 +209,6 @@ proc checkPackages(newPackagesPath: string, oldPackagesPath: string, checkUrls:
if failedPackagesCount > 0:
result = 1


proc cliMain(): int =
var parser = initOptParser(os.commandLineParams())
var newPackagesPath = ""
Expand Down