Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uplink documentation is confusing setting Auth headers #670

Closed
juanpicado opened this issue Apr 28, 2018 · 1 comment · Fixed by #672
Closed

Uplink documentation is confusing setting Auth headers #670

juanpicado opened this issue Apr 28, 2018 · 1 comment · Fixed by #672
Assignees
@juanpicado
Labels
issue: bug outdated
Projects
Roadmap
Milestone
3.0.0

Comments

@juanpicado
Copy link
Member

juanpicado commented Apr 28, 2018
edited

My reason:

The following question in StackOverflow

https://stackoverflow.com/questions/49946420/npm-verdaccio-set-uplink-to-own-remote-server?noredirect=1#comment87120890_49946420

We need to upgrade the uplink documentation to be more clear when the user sets Authorization headers. We do not explain we use JWT instead Basic Auth.

This commit is not documented properly, Verdaccio uses JWT instead Basic authorization, was deprecated in v2.3.0

d6e04be#diff-574051ef1fbe43a2746c5cd241d631c7L370

https://github.com/verdaccio/verdaccio/blob/master/docs/uplinks.md#configuration

Steps to reproduce:

  • Setup 2 verdaccio servers in the way is explained in the question
  • Install any package

App Version:

  • All

Config file:

uplinks:
  aws:
    url: https://our-NPM-AWS-server.com/
    #strictUrlMatch: false
    headers:
      authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: aws

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: aws

Additional verbose log:

http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
 http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
 http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
@juanpicado juanpicado added this to the 3.0.0 milestone Apr 28, 2018
@juanpicado juanpicado added this to To do in Roadmap via automation Apr 28, 2018
@juanpicado juanpicado self-assigned this Apr 28, 2018
juanpicado added a commit that referenced this issue Apr 29, 2018
@juanpicado
fix: update uplinks auth header
3f6eeb4 
* increases unit test coverage
* remove dead code
* update documentation
* light refactoring

fix #670
@juanpicado juanpicado mentioned this issue Apr 29, 2018
Merged
Roadmap automation moved this from To do to Done Apr 30, 2018
@lock
Copy link

lock bot commented Dec 17, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot added the outdated label Dec 17, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Dec 17, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@juanpicado juanpicado

Labels
issue: bug outdated
Projects
No open projects
Roadmap
  
Done
Milestone
3.0.0
Development

Successfully merging a pull request may close this issue.

fix: update uplinks auth header verdaccio/verdaccio
1 participant
@juanpicado