This repository has been archived by the owner on Jan 31, 2018. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[bug 1142093] Replace jingo-minify with django-pipeline
* switch to django-pipeline 1.5.2 * update all the templates * update docs * update travis * introduce lockdown and more npm stuff
- Loading branch information
1 parent
b61d3dd
commit 0753b01
Showing
54 changed files
with
633 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,202 @@ | ||
#!/usr/bin/env node | ||
|
||
if (process.env['NPM_LOCKDOWN_RUNNING']) process.exit(0); | ||
|
||
console.log("NPM Lockdown is here to check your dependencies! Never fear!"); | ||
|
||
var http = require('http'), | ||
crypto = require('crypto'), | ||
exec = require('child_process').exec, | ||
fs = require('fs'), | ||
path = require('path'); | ||
|
||
try { | ||
var lockdownJson = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'lockdown.json'))); | ||
} catch(e) { | ||
console.log("\nERROR: I cannot read lockdown.json! run node_modules/.bin/lockdown-relock to generate!\n"); | ||
process.exit(1); | ||
} | ||
|
||
const registry = process.env['NPM_CONFIG_REGISTRY'] || 'registry.npmjs.org'; | ||
|
||
console.log("using registry: " + registry); | ||
|
||
var boundPort; | ||
|
||
// during execution fatal errors will be appended to this list | ||
var errors = []; | ||
|
||
// during execution non-fatal warnings will be appended to this list | ||
var warn = []; | ||
|
||
function rewriteURL(u) { | ||
return u.replace(registry, '127.0.0.1:' + boundPort); | ||
} | ||
|
||
function packageOk(name, ver, sha, required) { | ||
if (!lockdownJson[name]) { | ||
if (required) { | ||
errors.push("package '" + name + "' not in lockdown.json!"); | ||
} | ||
return false; | ||
} | ||
|
||
if (lockdownJson[name][ver] === undefined) { | ||
if (required) { | ||
errors.push("package version " + name + "@" + ver + " not in lockdown.json!"); | ||
} | ||
return false; | ||
} | ||
|
||
// a '*' shasum is not checked | ||
var wantSHA = lockdownJson[name][ver]; | ||
if (wantSHA !== '*' && wantSHA !== sha) { | ||
if (required) { | ||
errors.push("package " + name + "@" + ver + " has a different checksum (" + | ||
wantSHA + " v. " + sha + ")"); | ||
} | ||
return false; | ||
} | ||
|
||
if (wantSHA === '*') { | ||
warn.push("Lockdown cannot guarantee your safety! No sha for pkg " + name + "@" + ver + | ||
" in lockdown.json"); | ||
} | ||
|
||
return true; | ||
} | ||
|
||
|
||
function rewriteVersionMD(json) { | ||
if (typeof json === 'string') json = JSON.parse(json); | ||
if (!json.error) { | ||
json.dist.tarball = rewriteURL(json.dist.tarball); | ||
|
||
// is the name/version/sha in our lockdown.json? | ||
if (!packageOk(json.name, json.version, json.dist.shasum, true)) return null; | ||
} | ||
return JSON.stringify(json); | ||
} | ||
|
||
function rewritePackageMD(json) { | ||
if (typeof json === 'string') json = JSON.parse(json); | ||
if (!json.error) { | ||
Object.keys(json.versions).forEach(function(ver) { | ||
var data = json.versions[ver]; | ||
var name = data.name; | ||
var sha = data.dist ? data.dist.shasum : undefined; | ||
|
||
if (packageOk(name, ver, sha, false)) { | ||
data.dist.tarball = rewriteURL(data.dist.tarball); | ||
} else { | ||
delete json.versions[ver]; | ||
} | ||
}); | ||
} | ||
return JSON.stringify(json); | ||
} | ||
|
||
function copy(from, to) { | ||
for (var k in from) { | ||
to[k] = from[k]; | ||
} | ||
return to; | ||
} | ||
|
||
var server = http.createServer(function (req, res) { | ||
if (req.method !== 'GET') { | ||
return res.end('non GET requests not supported', 501); | ||
} | ||
|
||
// what type of request is this? | ||
// 1. specific version json metadata (when explicit dependency is expressed) | ||
// - for these requests we should verify the name/version/sha advertised is allowed | ||
// 2. package version json metadata (when version range is expressed - including '*') | ||
// XXX: for these requests we should prune all versions that are not allowed | ||
// 3. tarball - actual bits | ||
// XXX: for these requests we should verify the name/version/sha matches something | ||
// allowed, otherwise block the transaction | ||
var arr = req.url.substr(1).split('/'); | ||
var type = [ '', 'package_metadata', 'version_metadata', 'tarball' ][arr.length]; | ||
|
||
// let's extract pkg name and version sensitive to the type of request being performed. | ||
var pkgname, pkgver; | ||
if (type === 'tarball') { | ||
pkgname = arr[0]; | ||
var getVer = new RegExp("^" + pkgname + "-(.*)\\.tgz$"); | ||
pkgver = getVer.exec(arr[2])[1]; | ||
} else if (type === 'version_metadata') { | ||
pkgname = arr[0]; | ||
pkgver = arr[1]; | ||
} else if (type === 'package_metadata') { | ||
pkgname = arr[0]; | ||
} | ||
|
||
var hash = crypto.createHash('sha1'); | ||
|
||
var r = http.request({ | ||
host: registry, | ||
port: 80, | ||
method: req.method, | ||
path: req.url, | ||
agent: false | ||
}, function(rres) { | ||
res.setHeader('Content-Type', rres.headers['content-type']); | ||
if (type === 'tarball') res.setHeader('Content-Length', rres.headers['content-length']); | ||
var b = ""; | ||
rres.on('data', function(d) { | ||
hash.update(d); | ||
if (type != 'tarball') b += d; | ||
else res.write(d); | ||
}); | ||
rres.on('end', function() { | ||
if (type === 'tarball') { | ||
res.end(); | ||
} else { | ||
if (type === 'package_metadata') { | ||
b = rewritePackageMD(b); | ||
} else if (type === 'version_metadata') { | ||
b = rewriteVersionMD(b); | ||
} | ||
if (b === null) { | ||
res.writeHead(404); | ||
res.end("package installation disallowed by lockdown"); | ||
} else { | ||
res.setHeader('Content-Length', Buffer.byteLength(b)); | ||
res.writeHead(rres.statusCode); | ||
res.end(b); | ||
} | ||
} | ||
}); | ||
}); | ||
r.end(); | ||
}); | ||
|
||
server.listen(process.env['LOCKDOWN_PORT'] || 0, '127.0.0.1', function() { | ||
boundPort = server.address().port; | ||
var env = copy(process.env, { | ||
NPM_CONFIG_REGISTRY: 'http://127.0.0.1:' + boundPort, | ||
NPM_LOCKDOWN_RUNNING: "true" | ||
}); | ||
|
||
var child = exec('npm install', { | ||
cwd: process.cwd(), | ||
env: env | ||
}, function(e) { | ||
if (warn.length) { | ||
console.log(); | ||
console.log("LOCKDOWN WARNINGS:"); | ||
warn.forEach(function(e) { console.log(" ", e); }); | ||
console.log(); | ||
} | ||
if (errors.length) { | ||
console.log(); | ||
console.log("LOCKDOWN ERRORS:"); | ||
errors.forEach(function(e) { console.log(" ", e); }); | ||
console.log(); | ||
} | ||
process.exit(e ? 1 : 0); | ||
}); | ||
child.stdout.pipe(process.stdout); | ||
child.stderr.pipe(process.stderr); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,10 @@ | ||
{% extends "base.html" %} | ||
|
||
{% block site_css %} | ||
{{ css('dashboard') }} | ||
{% stylesheet 'dashboard' %} | ||
{% endblock %} | ||
|
||
{% block site_js %} | ||
{{ js('dashboard') }} | ||
{% javascript 'dashboard' %} | ||
<script type="text/javascript" src="https://login.persona.org/include.js"></script> | ||
{% endblock %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
Binary file added
BIN
+101 Bytes
fjord/base/static/css/img/jq-ui/ui-bg_highlight-soft_75_cccccc_1x100.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.