fix: escaped slash in namespaced packages (#2193)

* fix: escaped slash in namespaced packages * run format on code * merge master branch (#2) * chore: fix start web issue * chore: use custom action for changeset this is temporary while I find the way to skip create github releases for alpha * chore: format as separated workflow (#2194) Co-authored-by: Juan Picado <juanpicado19@gmail.com> * merge master (#3) * chore: fix start web issue * chore: use custom action for changeset this is temporary while I find the way to skip create github releases for alpha * chore: format as separated workflow (#2194) Co-authored-by: Juan Picado <juanpicado19@gmail.com> * add changeset * format Co-authored-by: amit <amit@enso.security> Co-authored-by: Juan Picado <juanpicado19@gmail.com>
verdaccio · Apr 24, 2021 · 648575a · 648575a
1 parent 9ddce9d
commit 648575a
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 50 deletions.
diff --git a/.changeset/many-vans-care.md b/.changeset/many-vans-care.md
@@ -0,0 +1,16 @@
+---
+'@verdaccio/tarball': patch
+'@verdaccio/mock': patch
+'@verdaccio/ui-theme': patch
+'@verdaccio/server': patch
+'@verdaccio/utils': patch
+'verdaccio': patch
+---
+
+Bug Fixes
+
+- fix escaped slash in namespaced packages
+
+#### Related tickets
+
+https://github.com/verdaccio/verdaccio/pull/2193
diff --git a/packages/core/tarball/src/getLocalRegistryTarballUri.ts b/packages/core/tarball/src/getLocalRegistryTarballUri.ts
@@ -2,7 +2,6 @@ import URL from 'url';
 import { Request } from 'express';
 import buildDebug from 'debug';
 
-import { encodeScopedUri } from '@verdaccio/utils';
 import { getPublicUrl } from '@verdaccio/url';
 
 const debug = buildDebug('verdaccio:core:url');
@@ -32,5 +31,5 @@ export function getLocalRegistryTarballUri(
   // header only set with proxy that setup with HTTPS
   const domainRegistry = getPublicUrl(urlPrefix || '', req);
 
-  return `${domainRegistry}${encodeScopedUri(pkgName)}/-/${tarballName}`;
+  return `${domainRegistry}${pkgName}/-/${tarballName}`;
 }
diff --git a/packages/mock/src/mock-api.ts b/packages/mock/src/mock-api.ts
@@ -10,7 +10,7 @@ import {
   HTTP_STATUS,
   TOKEN_BEARER,
 } from '@verdaccio/commons-api';
-import { buildToken, encodeScopedUri } from '@verdaccio/utils';
+import { buildToken } from '@verdaccio/utils';
 import { generateRandomHexString } from '@verdaccio/utils';
 import { Package } from '@verdaccio/types';
 import { response } from 'express';
@@ -70,7 +70,7 @@ export function putPackage(
 export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
   return new Promise((resolve) => {
     const del = request
-      .put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
+      .put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
       .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
 
     if (_.isNil(token) === false) {
@@ -216,18 +216,13 @@ export async function fetchPackageByVersionAndTag(
 }
 
 export async function isExistPackage(app, packageName) {
-  const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
+  const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
 
   return _.isNull(err);
 }
 
 export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
-  const [, res] = await getPackage(
-    request(app),
-    token as string,
-    encodeScopedUri(packageName),
-    HTTP_STATUS.OK
-  );
+  const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
 
   const { versions } = res.body;
   const versionsKeys = Object.keys(versions);
@@ -236,5 +231,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
 }
 
 export function generateUnPublishURI(pkgName) {
-  return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
+  return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
 }
diff --git a/packages/server/test/api/index.spec.ts b/packages/server/test/api/index.spec.ts
@@ -9,7 +9,7 @@ import {
   API_MESSAGE,
   TOKEN_BEARER,
 } from '@verdaccio/commons-api';
-import { buildToken, encodeScopedUri } from '@verdaccio/utils';
+import { buildToken } from '@verdaccio/utils';
 import { setup, logger } from '@verdaccio/logger';
 
 import { mockServer } from '@verdaccio/mock';
@@ -481,7 +481,7 @@ describe('endpoint unit test', () => {
         const version = '2.0.0';
         const pkg = generatePackageMetadata(pkgName, version);
 
-        const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
+        const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
         if (err) {
           expect(err).toBeNull();
           return done(err);
@@ -490,7 +490,7 @@ describe('endpoint unit test', () => {
         const newVersion = '2.0.1';
         const [newErr] = await putPackage(
           request(app),
-          `/${encodeScopedUri(pkgName)}`,
+          `/${pkgName}`,
           generatePackageMetadata(pkgName, newVersion),
           token
         );
@@ -557,7 +557,7 @@ describe('endpoint unit test', () => {
 
           const [newErr] = await putPackage(
             request(app),
-            `/${encodeScopedUri(pkgName)}`,
+            `/${pkgName}`,
             generatePackageMetadata(pkgName, newVersion),
             token
           );
@@ -606,7 +606,7 @@ describe('endpoint unit test', () => {
 
           const [newErr, resp] = await putPackage(
             request(app),
-            `/${encodeScopedUri(pkgName)}`,
+            `/${pkgName}`,
             generatePackageMetadata(pkgName, newVersion),
             token
           );
@@ -801,7 +801,7 @@ describe('endpoint unit test', () => {
 
       test('should deprecate a package', async (done) => {
         const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
-        const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
+        const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
         if (err) {
           expect(err).toBeNull();
           return done(err);
@@ -813,9 +813,9 @@ describe('endpoint unit test', () => {
 
       test('should undeprecate a package', async (done) => {
         let pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
-        await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
+        await putPackage(request(app), `/${pkgName}`, pkg, token);
         pkg = generateDeprecateMetadata(pkgName, version, '');
-        const [err] = await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
+        const [err] = await putPackage(request(app), `/${pkgName}`, pkg, token);
         if (err) {
           expect(err).toBeNull();
           return done(err);
@@ -831,25 +831,15 @@ describe('endpoint unit test', () => {
           let credentials = { name: 'only_publish', password: 'secretPass' };
           let token = await getNewToken(request(app), credentials);
           const pkg = generateDeprecateMetadata(pkgName, version, 'get deprecated');
-          const [err, res] = await putPackage(
-            request(app),
-            `/${encodeScopedUri(pkgName)}`,
-            pkg,
-            token
-          );
+          const [err, res] = await putPackage(request(app), `/${pkgName}`, pkg, token);
           expect(err).not.toBeNull();
           expect(res.body.error).toBeDefined();
           expect(res.body.error).toMatch(
             /user only_publish is not allowed to unpublish package @scope\/deprecate/
           );
           credentials = { name: 'only_unpublish', password: 'secretPass' };
           token = await getNewToken(request(app), credentials);
-          const [err2, res2] = await putPackage(
-            request(app),
-            `/${encodeScopedUri(pkgName)}`,
-            pkg,
-            token
-          );
+          const [err2, res2] = await putPackage(request(app), `/${pkgName}`, pkg, token);
           expect(err2).not.toBeNull();
           expect(res2.body.error).toBeDefined();
           expect(res2.body.error).toMatch(
@@ -870,7 +860,7 @@ describe('endpoint unit test', () => {
           ...generateVersion(pkgName, '1.0.1'),
           deprecated: 'get deprecated',
         };
-        await putPackage(request(app), `/${encodeScopedUri(pkgName)}`, pkg, token);
+        await putPackage(request(app), `/${pkgName}`, pkg, token);
         const [, res] = await getPackage(request(app), '', pkgName);
         expect(res.body.versions[version].deprecated).toEqual('get deprecated');
         expect(res.body.versions['1.0.1'].deprecated).toEqual('get deprecated');

diff --git a/packages/utils/src/utils.ts b/packages/utils/src/utils.ts
@@ -253,10 +253,6 @@ export function mask(str: string, charNum = 3): string {
   return `${str.substr(0, charNum)}...${str.substr(-charNum)}`;
 }
 
-export function encodeScopedUri(packageName): string {
-  return packageName.replace(/\//g, '%2f');
-}
-
 export function hasDiffOneKey(versions): boolean {
   return Object.keys(versions).length !== 1;
 }

diff --git a/packages/verdaccio/test/functional/package/scoped.ts b/packages/verdaccio/test/functional/package/scoped.ts
@@ -13,7 +13,7 @@ export default function (server, server2) {
     beforeAll(function () {
       return server
         .request({
-          uri: '/@test%2fscoped',
+          uri: '/@test/scoped',
           headers: {
             'content-type': HEADERS.JSON,
           },
@@ -54,7 +54,7 @@ export default function (server, server2) {
             expect(body.name).toBe(SCOPE);
             expect(body.versions[PKG_VERSION].name).toBe(SCOPE);
             expect(body.versions[PKG_VERSION].dist.tarball).toBe(
-              `http://${DOMAIN_SERVERS}:${port}/@test%2fscoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
+              `http://${DOMAIN_SERVERS}:${port}/@test/scoped/-/${PKG_NAME}-${PKG_VERSION}.tgz`
             );
             expect(body[DIST_TAGS]).toEqual({ latest: PKG_VERSION });
           });
@@ -73,7 +73,7 @@ export default function (server, server2) {
           .then(function (body) {
             expect(body.name).toEqual(SCOPE);
             expect(body.dist.tarball).toEqual(
-              `http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test%2fscoped/-/${PKG_NAME}-` +
+              `http://${DOMAIN_SERVERS}:${PORT_SERVER_2}/@test/scoped/-/${PKG_NAME}-` +
                 `${PKG_VERSION}.tgz`
             );
           });

diff --git a/packages/verdaccio/test/unit/__helper/api.ts b/packages/verdaccio/test/unit/__helper/api.ts
@@ -2,7 +2,7 @@ import _ from 'lodash';
 import request from 'supertest';
 
 import { HEADER_TYPE, HEADERS, HTTP_STATUS, TOKEN_BEARER } from '@verdaccio/commons-api';
-import { buildToken, encodeScopedUri } from '@verdaccio/utils';
+import { buildToken } from '@verdaccio/utils';
 import { generateRandomHexString } from '@verdaccio/utils';
 import { Package } from '@verdaccio/types';
 
@@ -46,7 +46,7 @@ export function putPackage(
 export function deletePackage(request: any, pkgName: string, token?: string): Promise<any[]> {
   return new Promise((resolve) => {
     let del = request
-      .put(`/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`)
+      .put(`/${pkgName}/-rev/${generateRandomHexString(8)}`)
       .set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON);
 
     if (_.isNil(token) === false) {
@@ -193,18 +193,13 @@ export async function fetchPackageByVersionAndTag(
 }
 
 export async function isExistPackage(app, packageName) {
-  const [err] = await getPackage(request(app), '', encodeScopedUri(packageName), HTTP_STATUS.OK);
+  const [err] = await getPackage(request(app), '', packageName, HTTP_STATUS.OK);
 
   return _.isNull(err);
 }
 
 export async function verifyPackageVersionDoesExist(app, packageName, version, token?: string) {
-  const [, res] = await getPackage(
-    request(app),
-    token as string,
-    encodeScopedUri(packageName),
-    HTTP_STATUS.OK
-  );
+  const [, res] = await getPackage(request(app), token as string, packageName, HTTP_STATUS.OK);
 
   const { versions } = res.body;
   const versionsKeys = Object.keys(versions);
@@ -213,5 +208,5 @@ export async function verifyPackageVersionDoesExist(app, packageName, version, t
 }
 
 export function generateUnPublishURI(pkgName) {
-  return `/${encodeScopedUri(pkgName)}/-rev/${generateRandomHexString(8)}`;
+  return `/${pkgName}/-rev/${generateRandomHexString(8)}`;
 }