This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 747
/
publishable.js
113 lines (95 loc) · 2.66 KB
/
publishable.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
'use strict';
/**
* Module dependencies.
*/
var packageService = require('../services/package');
var util = require('util');
var config = require('../config');
var debug = require('debug')('cnpmjs.org:middlewares/publishable');
module.exports = function *publishable(next) {
// admins always can publish and unpublish
if (this.user.isAdmin) {
return yield next;
}
// private mode, normal user can't publish and unpublish
if (config.enablePrivate) {
this.status = 403;
const error = '[no_perms] Private mode enable, only admin can publish this module';
this.body = {
error,
reason: error,
};
return;
}
// public mode, normal user have permission to publish `scoped package`
// and only can publish with scopes in `ctx.user.scopes`, default is `config.scopes`
var name = this.params.name || this.params[0];
// check if is private package list in config
if (config.privatePackages && config.privatePackages.indexOf(name) !== -1) {
return yield next;
}
// check the package is already exists and is maintainer
var result = yield packageService.authMaintainer(name, this.user.name);
if (result.maintainers && result.maintainers.length) {
if (result.isMaintainer) {
return yield next;
}
this.status = 403;
const error = '[forbidden] ' + this.user.name + ' not authorized to modify ' + name +
', please contact maintainers: ' + result.maintainers.join(', ');
this.body = {
error,
reason: error,
};
return;
}
// scoped module
if (name[0] === '@') {
if (checkScope(name, this)) {
return yield next;
}
return;
}
// none-scope
assertNoneScope(name, this);
};
/**
* check module's scope legal
*/
function checkScope(name, ctx) {
if (!ctx.user.scopes || !ctx.user.scopes.length) {
ctx.status = 404;
return false;
}
var scope = name.split('/')[0];
if (ctx.user.scopes.indexOf(scope) === -1) {
debug('assert scope %s error', name);
ctx.status = 400;
const error = util.format('[invalid] scope %s not match legal scopes: %s', scope, ctx.user.scopes.join(', '));
ctx.body = {
error,
reason: error,
};
return false;
}
return true;
}
/**
* check if user have permission to publish without scope
*/
function assertNoneScope(name, ctx) {
ctx.status = 403;
if (ctx.user.scopes.length === 0) {
const error = '[no_perms] can\'t publish non-scoped package, please set `config.scopes`';
ctx.body = {
error,
reason: error,
};
return;
}
const error = '[no_perms] only allow publish with ' + ctx.user.scopes.join(', ') + ' scope(s)';
ctx.body = {
error,
reason: error,
};
}