feat: package version gets sent to plugins

verdaccio · Jan 14, 2019 · 3943863 · 3943863
1 parent 6a6dc16
commit 3943863
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 16 deletions.
diff --git a/src/api/endpoint/api/search.js b/src/api/endpoint/api/search.js
@@ -61,7 +61,7 @@ export default function(route, auth, storage) {
     stream.on('data', function each(pkg) {
       processing_pkgs++;
 
-      auth.allow_access(pkg.name, req.remote_user, function(err, allowed) {
+      auth.allow_access({ packageName: pkg.name }, req.remote_user, function(err, allowed) {
         processing_pkgs--;
 
         if (err) {

diff --git a/src/api/middleware.js b/src/api/middleware.js
@@ -5,7 +5,7 @@
 
 import _ from 'lodash';
 
-import { validateName as utilValidateName, validatePackage as utilValidatePackage, isObject, ErrorCode } from '../lib/utils';
+import { validateName as utilValidateName, validatePackage as utilValidatePackage, getVersionFromTarball, isObject, ErrorCode } from '../lib/utils';
 import { API_ERROR, HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BASIC, TOKEN_BEARER } from '../lib/constants';
 import { stringToMD5 } from '../lib/crypto-utils';
 import type { $ResponseExtend, $RequestExtend, $NextFunctionVer, IAuth } from '../../types';
@@ -99,12 +99,11 @@ export function allow(auth: IAuth) {
   return function(action: string) {
     return function(req: $RequestExtend, res: $ResponseExtend, next: $NextFunctionVer) {
       req.pause();
-      let packageName = req.params.package;
-      if (req.params.scope) {
-        packageName = `@${req.params.scope}/${packageName}`;
-      }
+      const packageName = req.params.scope ? `@${req.params.scope}/${req.params.package}` : req.params.package;
+      const packageVersion = req.params.filename ? getVersionFromTarball(req.params.filename) : undefined;
+
       // $FlowFixMe
-      auth['allow_' + action](packageName, req.remote_user, function(error, allowed) {
+      auth['allow_' + action]({ packageName, packageVersion }, req.remote_user, function(error, allowed) {
         req.resume();
         if (error) {
           next(error);

diff --git a/src/api/web/endpoint/package.js b/src/api/web/endpoint/package.js
@@ -17,7 +17,7 @@ function addPackageWebApi(route: Router, storage: IStorageHandler, auth: IAuth,
   const checkAllow = (name, remoteUser) =>
     new Promise((resolve, reject) => {
       try {
-        auth.allow_access(name, remoteUser, (err, allowed) => {
+        auth.allow_access({ packageName: name }, remoteUser, (err, allowed) => {
           if (err) {
             resolve(false);
           } else {

diff --git a/src/api/web/endpoint/search.js b/src/api/web/endpoint/search.js
@@ -20,7 +20,7 @@ function addSearchWebApi(route: Router, storage: IStorageHandler, auth: IAuth) {
         uplinksLook: false,
         callback: (err, entry) => {
           if (!err && entry) {
-            auth.allow_access(entry.name, req.remote_user, function(err, allowed) {
+            auth.allow_access({ packageName: entry.name }, req.remote_user, function(err, allowed) {
               if (err || !allowed) {
                 return;
               }

diff --git a/src/lib/auth.js b/src/lib/auth.js
@@ -23,7 +23,7 @@ import {
 import { convertPayloadToBase64, ErrorCode } from './utils';
 import { getMatchedPackagesSpec } from './config-utils';
 
-import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security } from '@verdaccio/types';
+import type { Config, Logger, Callback, IPluginAuth, RemoteUser, JWTSignOptions, Security, AuthPluginPackage } from '@verdaccio/types';
 import type { $Response, NextFunction } from 'express';
 import type { $RequestExtend, IAuth } from '../../types';
 
@@ -160,10 +160,10 @@ class Auth implements IAuth {
   /**
    * Allow user to access a package.
    */
-  allow_access(packageName: string, user: RemoteUser, callback: Callback) {
+  allow_access({ packageName, packageVersion }: AuthPluginPackage, user: RemoteUser, callback: Callback) {
     const plugins = this.plugins.slice(0);
     // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
     const self = this;
     this.logger.trace({ packageName }, 'allow access for @{packageName}');
 
@@ -193,11 +193,11 @@ class Auth implements IAuth {
   /**
    * Allow user to publish a package.
    */
-  allow_publish(packageName: string, user: string, callback: Callback) {
+  allow_publish({ packageName, packageVersion }: AuthPluginPackage, user: string, callback: Callback) {
     const plugins = this.plugins.slice(0);
     const self = this;
     // $FlowFixMe
-    const pkg = Object.assign({ name: packageName }, getMatchedPackagesSpec(packageName, this.config.packages));
+    const pkg = Object.assign({ name: packageName, version: packageVersion }, getMatchedPackagesSpec(packageName, this.config.packages));
     this.logger.trace({ packageName }, 'allow publish for @{packageName}');
 
     (function next() {

diff --git a/src/lib/utils.js b/src/lib/utils.js
@@ -502,3 +502,13 @@ export function parseReadme(packageName: string, readme: string): string {
 export function buildToken(type: string, token: string): string {
   return `${_.capitalize(type)} ${token}`;
 }
+
+/**
+ * return package version from tarball name
+ * @param {String} name
+ * @returns {String}
+ */
+export function getVersionFromTarball(name: string) {
+  // $FlowFixMe
+  return /.+-(\d.+)\.tgz/.test(name) ? name.match(/.+-(\d.+)\.tgz/)[1] : undefined;
+}
diff --git a/test/flow/plugins/middleware/example.middleware.plugin.js b/test/flow/plugins/middleware/example.middleware.plugin.js
@@ -24,7 +24,7 @@ export default class ExampleMiddlewarePlugin implements IPluginMiddleware {
 			name: 'test'
 		};
 		auth.authenticate('user', 'password', () => {});
-		auth.allow_access('packageName', remoteUser, () => {});
+		auth.allow_access({packageName: 'packageName'}, remoteUser, () => {});
 		auth.add_user('user', 'password', () => {});
 		auth.aesEncrypt(new Buffer('pass'));
 		// storage

diff --git a/test/unit/api/utils.spec.js b/test/unit/api/utils.spec.js
@@ -11,7 +11,8 @@ import {
   combineBaseUrl,
   getVersion,
   normalizeDistTags,
-  getWebProtocol
+  getWebProtocol,
+  getVersionFromTarball
 } from '../../../src/lib/utils';
 import { DIST_TAGS } from '../../../src/lib/constants';
 import Logger, { setup } from '../../../src/lib/logger';
@@ -259,6 +260,21 @@ describe('Utilities', () => {
         }).toThrow(expect.hasAssertions());
       });
     });
+
+    describe('getVersionFromTarball', () => {
+      test('should get the right version', () => {
+        const simpleName = 'test-name-4.2.12.tgz'
+        const complexName = 'test-5.6.4-beta.2.tgz'
+        const otherComplexName = 'test-3.5.0-6.tgz'
+        expect(getVersionFromTarball(simpleName)).toEqual('4.2.12')
+        expect(getVersionFromTarball(complexName)).toEqual('5.6.4-beta.2')
+        expect(getVersionFromTarball(otherComplexName)).toEqual('3.5.0-6')
+      })
+
+      test('should don\'n fall at incorrect tarball name', () => {
+        expect(getVersionFromTarball('incorrectName')).toBeUndefined()
+      })
+    });
   });
 
   describe('String utilities', () => {