add npm_client_version config option

- to restrict which npm clients can login
rlidwka · Jan 9, 2015 · ea16133 · ea16133
1 parent ed3eb37
commit ea16133
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/lib/config.js b/lib/config.js
@@ -45,6 +45,10 @@ function Config(config) {
     }
   }
 
+  if (!self.npm_client_version) {
+    self.npm_client_version = "*"
+  }
+
   var users = {all:true, anonymous:true, 'undefined':true, owner:true, none:true}
 
   var check_user_or_uplink = function(arg) {

diff --git a/lib/index-api.js b/lib/index-api.js
@@ -4,6 +4,7 @@ var expressJson5  = require('express-json5')
 var Error         = require('http-errors')
 var Path          = require('path')
 var Middleware    = require('./middleware')
+var Semver        = require('semver');
 var Utils         = require('./utils')
 var expect_json   = Middleware.expect_json
 var match         = Middleware.match
@@ -119,6 +120,11 @@ module.exports = function(config, auth, storage) {
     var token = (req.body.name && req.body.password)
               ? auth.aes_encrypt(req.body.name + ':' + req.body.password).toString('base64')
               : undefined
+
+    if (!Semver.satisfies(req.header('version'), config.npm_client_version)) {
+      return next( Error[422]('Your npm version is not accepted. Required: "' + config.npm_client_version + '" Received: "' + req.header('version') + '"') )
+    }
+
     if (req.remote_user.name != null) {
       res.status(201)
       return next({