Merge 5b74db0 into 3669f91

npm · Apr 6, 2016 · d9a2963 · d9a2963
2 parents 3669f91 + 5b74db0
commit d9a2963
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 0 deletions.
diff --git a/lib/server.js b/lib/server.js
@@ -3,19 +3,23 @@
 var bodyParser = require('body-parser')
 var express = require('express')
 var OAuthServer = require('@npmcorp/express-oauth-server')
+var Client = require('./client')
+var Token = require('./token')
 
 module.exports = function (opts, cb) {
   var app = express()
 
   opts = opts || {}
 
+  // OAuth endpoints.
   app.oauth = new OAuthServer({
     model: require(opts.model || './client-credentials')
   })
   app.use(bodyParser.json())
   app.use(bodyParser.urlencoded({extended: false}))
   app.post('/oauth/token', app.oauth.token())
 
+  // used to test OAuth credentials.
   app.get('/ping', app.oauth.authenticate(), function (req, res) {
     if (res.statusCode === 200) {
       res.send('pong')
@@ -24,6 +28,38 @@ module.exports = function (opts, cb) {
     }
   })
 
+  // used by the internal annotations-api to pull a list of
+  // services providing annotations. TODO: this logic will serve the
+  // usecase of npm Enterprise, which will have a small number of
+  // tokens, but we will need to figure out how to approach this
+  // problem differently for the SASS product.
+  app.get('/client', function (req, res) {
+    var tokens = null
+    // the internal micro-service must provide a shared secret.
+    if (req.query.sharedFetchSecret === process.env.SHARED_FETCH_SECRET) {
+      Token.objects.all().then(function (_tokens) {
+        tokens = _tokens
+
+        return Client.objects.filter({
+          'id:in': tokens.map(function (token) {
+            return token.client_id
+          })
+        })
+      }).then(function (clients) {
+        clients.forEach(function (client) {
+          client.tokens = tokens.filter(function (token) {
+            return token.client_id === client.id
+          })
+        })
+
+        res.setHeader('Content-Type', 'application/json')
+        res.send(clients)
+      })
+    } else {
+      res.status(404).send('not found')
+    }
+  })
+
   var server = app.listen(opts.port || 9999, function () {
     console.info('server listening on ', opts.port)
     return cb(null, server)

diff --git a/package.json b/package.json
@@ -29,6 +29,7 @@
     "@npmcorp/express-oauth-server": "^1.0.1",
     "bluebird": "^3.3.4",
     "body-parser": "^1.15.0",
+    "lodash": "^4.8.2",
     "moment": "^2.12.0",
     "ormnomnom": "^2.3.0",
     "pg": "^4.5.1",

diff --git a/test/server.js b/test/server.js
@@ -4,6 +4,7 @@ const helper = require('./test-helper')
 const Client = require('../lib/client')
 const Token = require('../lib/token')
 const request = require('request')
+const Promise = require('bluebird')
 
 require('chai').should()
 
@@ -95,6 +96,57 @@ describe('OAuth2 Server', function () {
     after(helper.endTransaction)
   })
 
+  describe('GET /client', function () {
+    before(function (done) {
+      Client.objects.create({
+        name: 'foo security'
+      }).then(function (client) {
+        return Promise.join(
+          Token.objects.create({
+            client: Client.objects.create({name: 'bar security'}),
+            user_email: 'some@email.com'
+          }),
+          // create two tokens associated with the same
+          // client so that we can test an edge-case.
+          Token.objects.create({
+            client: client,
+            user_email: 'another@email.com'
+          }),
+          Token.objects.create({
+            client: client,
+            user_email: 'third@email.com'
+          })
+        )
+      }).then(function () {
+        return done()
+      })
+    })
+
+    it('returns a list of clients if SHARED_FETCH_SECRET is correct', function (done) {
+      process.env.SHARED_FETCH_SECRET = 'foobar'
+      request.get({url: 'http://localhost:9999/client', json: true, qs: {
+        sharedFetchSecret: 'foobar'
+      }}, function (err, res, clients) {
+        if (err) return done(err)
+        clients.length.should.equal(2)
+        clients[0].name.should.equal('foo security')
+        return done()
+      })
+    })
+
+    it('returns a 404 status if SHARED_FETCH_SECRET is incorrect', function (done) {
+      process.env.SHARED_FETCH_SECRET = 'foobar'
+      request.get({url: 'http://localhost:9999/client', json: true, qs: {
+        sharedFetchSecret: 'apple'
+      }}, function (err, res, body) {
+        if (err) return done(err)
+        res.statusCode.should.equal(404)
+        body.should.equal('not found')
+        return done()
+      })
+    })
+  })
+
   after(function () {
     server.close()
   })