add npm_client_version config option

[mstorus]

• to restrict which npm clients can login

I'd like the ability to disallow npm login / npm adduser for certain versions of the npm client.
This information can be read from the version request header.

Use case: I only want to allow login for users who have npm >= 1.5, since npm < 1.5 stores the user's base64-encoded password in plaintext under their local ~/.npmrc file. This is particularly important if you are using the sinopia-ldap plugin, since this password is the user's LDAP password.

see: #187

[mstorus]

any thoughts on this PR?
does it seem ok, or would it make more sense to expose a middleware API that provides access to the full request headers?

[dzoba]

👍 We could really use this too - storing plaintext ldap passwords is a deal breaker.

[lencioni]

LGTM! @rlidwka is there anything else that you'd like to see before we get this merged in and released?

[dgaya]

What if you make it simpler:

if (config.npm_client_version && !Semver.satisfies(req.header('version'), config.npm_client_version)) {
    return next( Error[422]("...") )
}

then there's no need to modify lib/config.js and give any meaning to "*".

If you PR to https://github.com/fl4re/sinopia I will merge ASAP.

Regards,
David