Skip to content

Commit

Permalink
add scoped packages draft
Browse files Browse the repository at this point in the history
  • Loading branch information
rlidwka committed Nov 16, 2014
1 parent 972551e commit a425c5e
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 5 deletions.
5 changes: 5 additions & 0 deletions conf/default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@ uplinks:
url: https://registry.npmjs.org/

packages:
'@*/*':
# scoped packages
allow_access: $all
allow_publish: $authenticated

'*':
# allow all users (including non-authenticated users) to read and
# publish all packages
Expand Down
6 changes: 4 additions & 2 deletions lib/index-api.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,22 @@ var Cookies = require('cookies')
var express = require('express')
var expressJson5 = require('express-json5')
var Error = require('http-errors')
var Path = require('path')
var Middleware = require('./middleware')
var Utils = require('./utils')
var expect_json = Middleware.expect_json
var match = Middleware.match
var media = Middleware.media
var validate_name = Middleware.validate_name
var validate_pkg = Middleware.validate_package

module.exports = function(config, auth, storage) {
var app = express.Router()
var can = Middleware.allow(config)

// validate all of these params as a package name
// this might be too harsh, so ask if it causes trouble
app.param('package', validate_name)
app.param('package', validate_pkg)
app.param('filename', validate_name)
app.param('tag', validate_name)
app.param('version', validate_name)
Expand Down Expand Up @@ -209,7 +211,7 @@ module.exports = function(config, auth, storage) {

// at this point document is either created or existed before
var t1 = Object.keys(metadata._attachments)[0]
create_tarball(t1, metadata._attachments[t1], function(err) {
create_tarball(Path.basename(t1), metadata._attachments[t1], function(err) {
if (err) return next(err)

var t2 = Object.keys(metadata.versions)[0]
Expand Down
3 changes: 2 additions & 1 deletion lib/index-web.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@ var Search = require('./search')
var Middleware = require('./middleware')
var match = Middleware.match
var validate_name = Middleware.validate_name
var validate_pkg = Middleware.validate_package

module.exports = function(config, auth, storage) {
var app = express.Router()
var can = Middleware.allow(config)

// validate all of these params as a package name
// this might be too harsh, so ask if it causes trouble
app.param('package', validate_name)
app.param('package', validate_pkg)
app.param('filename', validate_name)
app.param('version', validate_name)
app.param('anything', match(/.*/))
Expand Down
2 changes: 1 addition & 1 deletion lib/local-storage.js
Original file line number Diff line number Diff line change
Expand Up @@ -291,8 +291,8 @@ Storage.prototype.change_package = function(name, metadata, revision, callback)
}

Storage.prototype.remove_tarball = function(name, filename, revision, callback) {
var self = this
assert(Utils.validate_name(filename))
var self = this

self.update_package(name, function updater(data, cb) {
if (data._attachments[filename]) {
Expand Down
11 changes: 11 additions & 0 deletions lib/middleware.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,17 @@ module.exports.validate_name = function validate_name(req, res, next, value, nam
}
}

module.exports.validate_package = function validate_package(req, res, next, value, name) {
if (value.charAt(0) === '-') {
// special case in couchdb usually
next('route')
} else if (utils.validate_package(value)) {
next()
} else {
next( Error[403]('invalid ' + name) )
}
}

module.exports.media = function media(expect) {
return function(req, res, next) {
if (req.headers['content-type'] !== expect) {
Expand Down
13 changes: 13 additions & 0 deletions lib/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,19 @@ var Semver = require('semver')
var URL = require('url')
var Logger = require('./logger')

module.exports.validate_package = function(name) {
name = name.split('/', 2)
if (name.length === 1) {
// normal package
return module.exports.validate_name(name[0])
} else {
// scoped package
return name[0][0] === '@'
&& module.exports.validate_name(name[0].slice(1))
&& module.exports.validate_name(name[1])
}
}

// from normalize-package-data/lib/fixer.js
module.exports.validate_name = function(name) {
if (typeof(name) !== 'string') return false
Expand Down
2 changes: 1 addition & 1 deletion test/functional/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ describe('Func', function() {
async.map([server, server2], function(server, cb) {
server.auth('test', 'test', function(res, body) {
assert.equal(res.statusCode, 201)
assert.notEqual(body.ok.indexOf('"test"'), -1)
assert.notEqual(body.ok.indexOf("'test'"), -1)
cb()
})
}, cb)
Expand Down

0 comments on commit a425c5e

Please sign in to comment.