Socket
Socket
Sign inDemoInstall

verdaccio-auth-memory

Package Overview
Dependencies
Maintainers
3
Versions
107
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

verdaccio-auth-memory - npm Package Compare versions

Comparing version 11.0.0-alpha.3 to 12.0.0-next.0

3

build/index.js

@@ -13,9 +13,6 @@ "use strict";

exports.default = void 0;
var _Memory = _interopRequireDefault(require("./Memory"));
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
var _default = _Memory.default;
exports.default = _default;
//# sourceMappingURL=index.js.map

23

build/Memory.d.ts

@@ -1,14 +0,17 @@

import { PluginOptions, Callback, PackageAccess, IPluginAuth, RemoteUser, Logger } from '@verdaccio/types';
import { VerdaccioMemoryConfig, Users } from './types';
export default class Memory implements IPluginAuth<VerdaccioMemoryConfig> {
import { pluginUtils } from '@verdaccio/core';
import { Config, Logger, PackageAccess, RemoteUser } from '@verdaccio/types';
import { Users, VerdaccioMemoryConfig } from './types';
declare const Plugin: typeof pluginUtils.Plugin;
export default class Memory extends Plugin<VerdaccioMemoryConfig> implements pluginUtils.Auth<VerdaccioMemoryConfig> {
_logger: Logger;
_users: Users;
_config: {};
_app_config: VerdaccioMemoryConfig;
constructor(config: VerdaccioMemoryConfig, appOptions: PluginOptions<VerdaccioMemoryConfig>);
authenticate(user: string, password: string, done: Callback): void;
adduser(user: string, password: string, done: Callback): void;
changePassword(username: string, password: string, newPassword: string, cb: Callback): void;
allow_access(user: RemoteUser, pkg: PackageAccess, cb: Callback): void;
allow_publish(user: RemoteUser, pkg: PackageAccess, cb: Callback): void;
_app_config: Config;
constructor(config: VerdaccioMemoryConfig, appOptions: pluginUtils.PluginOptions);
authenticate(user: string, password: string, cb: pluginUtils.AuthCallback): void;
adduser(user: string, password: string, cb: pluginUtils.AuthUserCallback): void;
changePassword(username: string, password: string, newPassword: string, cb: pluginUtils.AuthChangePasswordCallback): void;
allow_access(user: RemoteUser, pkg: PackageAccess, cb: pluginUtils.AccessCallback): void;
allow_publish(user: RemoteUser, pkg: PackageAccess, cb: pluginUtils.AuthAccessCallback): void;
}
export {};

89

build/Memory.js

@@ -7,23 +7,12 @@ "use strict";

exports.default = void 0;
var _debug = _interopRequireDefault(require("debug"));
var _commonsApi = require("@verdaccio/commons-api");
var _core = require("@verdaccio/core");
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
const debug = (0, _debug.default)('verdaccio:plugin:auth:memory:user');
class Memory {
const {
Plugin
} = _core.pluginUtils;
class Memory extends Plugin {
constructor(config, appOptions) {
_defineProperty(this, "_logger", void 0);
_defineProperty(this, "_users", void 0);
_defineProperty(this, "_config", void 0);
_defineProperty(this, "_app_config", void 0);
super(config, appOptions);
this._users = config.users || {};

@@ -33,40 +22,33 @@ this._config = config;

this._app_config = appOptions.config;
debug('initialized');
}
authenticate(user, password, done) {
authenticate(user, password, cb) {
debug('authenticate %o:%o', user, password);
const userCredentials = this._users[user];
if (!userCredentials) {
debug('user %o does not exist', user);
return done(null, false);
return cb(null, false);
}
if (password !== userCredentials.password) {
const err = (0, _commonsApi.getUnauthorized)(_commonsApi.API_ERROR.BAD_USERNAME_PASSWORD);
const err = _core.errorUtils.getUnauthorized(_core.API_ERROR.BAD_USERNAME_PASSWORD);
debug('password invalid for: %o', user);
return done(err);
} // authentication succeeded!
return cb(err);
}
// authentication succeeded!
// return all usergroups this user has access to;
debug('authentication succeed for %o', user);
return done(null, [user]);
return cb(null, [user]);
}
adduser(user, password, done) {
adduser(user, password, cb) {
if (this._users[user]) {
debug('user %o already exist', user);
return done(null, true);
return cb(null, true);
}
if (this._app_config.max_users) {
if (Object.keys(this._users).length >= this._app_config.max_users) {
const err = (0, _commonsApi.getConflict)(_commonsApi.API_ERROR.MAX_USERS_REACHED);
debug(_commonsApi.API_ERROR.MAX_USERS_REACHED);
return done(err);
const err = _core.errorUtils.getConflict(_core.API_ERROR.MAX_USERS_REACHED);
debug(_core.API_ERROR.MAX_USERS_REACHED);
return cb(err);
}
}
this._users[user] = {

@@ -77,9 +59,7 @@ name: user,

debug('user added succeeded for %o', user);
done(null, user);
cb(null, user);
}
changePassword(username, password, newPassword, cb) {
const user = this._users[username];
debug('init change password for %o', user === null || user === void 0 ? void 0 : user.name);
if (user && user.password === password) {

@@ -89,10 +69,8 @@ user.password = newPassword;

debug('user changed password succeeded for %o', user === null || user === void 0 ? void 0 : user.name);
cb(null, user);
cb(null, true);
} else {
const err = (0, _commonsApi.getNotFound)('user not found');
const err = _core.errorUtils.getNotFound('user not found');
this._logger.debug({
user: username
}, 'change password user @{user} not found');
debug('change password user for %o not found', user === null || user === void 0 ? void 0 : user.name);

@@ -102,8 +80,5 @@ return cb(err);

}
allow_access(user, pkg, cb) {
var _pkg$access, _pkg$access2, _pkg$access3, _pkg$access4;
debug('allow access for %o', user);
if (pkg !== null && pkg !== void 0 && (_pkg$access = pkg.access) !== null && _pkg$access !== void 0 && _pkg$access.includes('$all') || pkg !== null && pkg !== void 0 && (_pkg$access2 = pkg.access) !== null && _pkg$access2 !== void 0 && _pkg$access2.includes('$anonymous')) {

@@ -113,14 +88,10 @@ debug('%o has been granted access', user === null || user === void 0 ? void 0 : user.name);

}
if (!(user !== null && user !== void 0 && user.name)) {
const err = (0, _commonsApi.getForbidden)('not allowed to access package');
const err = _core.errorUtils.getForbidden('not allowed to access package');
this._logger.debug({
user: user.name
}, 'user: @{user} not allowed to access package');
debug('%o not allowed to access package err', user === null || user === void 0 ? void 0 : user.name, err.message);
return cb(err);
}
if (pkg !== null && pkg !== void 0 && (_pkg$access3 = pkg.access) !== null && _pkg$access3 !== void 0 && _pkg$access3.includes(user === null || user === void 0 ? void 0 : user.name) || pkg !== null && pkg !== void 0 && (_pkg$access4 = pkg.access) !== null && _pkg$access4 !== void 0 && _pkg$access4.includes('$authenticated')) {

@@ -130,11 +101,8 @@ debug('%o has been granted access', user === null || user === void 0 ? void 0 : user.name);

}
const err = (0, _commonsApi.getForbidden)('not allowed to access package');
const err = _core.errorUtils.getForbidden('not allowed to access package');
debug('%o not allowed to access package err', user === null || user === void 0 ? void 0 : user.name, err === null || err === void 0 ? void 0 : err.message);
return cb(err);
}
allow_publish(user, pkg, cb) {
var _pkg$publish, _pkg$publish2, _pkg$publish3, _pkg$publish4;
if (pkg !== null && pkg !== void 0 && (_pkg$publish = pkg.publish) !== null && _pkg$publish !== void 0 && _pkg$publish.includes('$all') || pkg !== null && pkg !== void 0 && (_pkg$publish2 = pkg.publish) !== null && _pkg$publish2 !== void 0 && _pkg$publish2.includes('$anonymous')) {

@@ -144,21 +112,16 @@ debug('%o has been granted to publish', user === null || user === void 0 ? void 0 : user.name);

}
if (!(user !== null && user !== void 0 && user.name)) {
const err = (0, _commonsApi.getForbidden)('not allowed to publish package');
const err = _core.errorUtils.getForbidden('not allowed to publish package');
debug('%o not allowed to publish package err %o', user === null || user === void 0 ? void 0 : user.name, err.message);
return cb(err);
}
if (pkg !== null && pkg !== void 0 && (_pkg$publish3 = pkg.publish) !== null && _pkg$publish3 !== void 0 && _pkg$publish3.includes(user.name) || pkg !== null && pkg !== void 0 && (_pkg$publish4 = pkg.publish) !== null && _pkg$publish4 !== void 0 && _pkg$publish4.includes('$authenticated')) {
return cb(null, true);
}
const err = (0, _commonsApi.getForbidden)('not allowed to publish package');
const err = _core.errorUtils.getForbidden('not allowed to publish package');
debug('%o not allowed to publish package err %o', user === null || user === void 0 ? void 0 : user.name, err.message);
return cb(err);
}
}
exports.default = Memory;
//# sourceMappingURL=Memory.js.map

3

build/types/index.d.ts

@@ -1,2 +0,1 @@

import { Config } from '@verdaccio/types';
export interface UserMemory {

@@ -9,5 +8,5 @@ name: string;

}
export interface VerdaccioMemoryConfig extends Config {
export interface VerdaccioMemoryConfig {
max_users?: number;
users: Users;
}

508

CHANGELOG.md
# Change Log
## 12.0.0-next.0
### Major Changes
- feat!: bump to v7
### Patch Changes
- Updated dependencies
- @verdaccio/core@7.0.0-next.0
## 11.0.0
### Major Changes
- 292c0a37f: feat!: replace deprecated request dependency by got
This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
## Notes
- Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
- Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
- Refactor with promises instead callback wherever is possible
- ~Document the API~
- Improve testing, integration tests
- Bugfix
- Clean up old validations
- Improve performance
## 💥 Breaking changes
- Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
- Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
- `@verdaccio/streams` stream abort support is legacy is being deprecated removed
- Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).
- 9fc2e7961: feat(plugins): improve plugin loader
### Changes
- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
- Avoid config collisions https://github.com/verdaccio/verdaccio/issues/928
- https://github.com/verdaccio/verdaccio/issues/1394
- `config.plugins` plugin path validations
- Updated algorithm for plugin loader.
- improved documentation (included dev)
## Features
- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
- Custom prefix:
```
// config.yaml
server:
pluginPrefix: mycompany
middleware:
audit:
foo: 1
```
This configuration will look up for `mycompany-audit` instead `Verdaccio-audit`.
## Breaking Changes
### sinopia plugins
- `sinopia` fallback support is removed, but can be restored using `pluginPrefix`
### plugin filter
- method rename `filter_metadata`->`filterMetadata`
### Plugin constructor does not merge configs anymore https://github.com/verdaccio/verdaccio/issues/928
The plugin receives as first argument `config`, which represents the config of the plugin. Example:
```
// config.yaml
auth:
plugin:
foo: 1
bar: 2
export class Plugin<T> {
public constructor(config: T, options: PluginOptions) {
console.log(config);
// {foo:1, bar: 2}
}
}
```
- 794af76c5: Remove Node 12 support
- We need move to the new `undici` and does not support Node.js 12
- 10aeb4f13: feat!: experiments config renamed to flags
- The `experiments` configuration is renamed to `flags`. The functionality is exactly the same.
```js
flags: token: false;
search: false;
```
- The `self_path` property from the config file is being removed in favor of `config_file` full path.
- Refactor `config` module, better types and utilities
### Minor Changes
- 631abe1ac: feat: refactor logger
- b61f762d6: feat: add server rate limit protection to all request
To modify custom values, use the server settings property.
```markdown
server:
## https://www.npmjs.com/package/express-rate-limit#configuration-options
rateLimit:
windowMs: 1000
max: 10000
```
The values are intended to be high, if you want to improve security of your server consider
using different values.
- 154b2ecd3: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
### Patch Changes
- 351aeeaa8: fix(deps): @verdaccio/utils should be a prod dep of local-storage
- a610ef26b: chore: add release step to private regisry on merge changeset pr
- Updated dependencies [292c0a37f]
- Updated dependencies [974cd8c19]
- Updated dependencies [ef88da3b4]
- Updated dependencies [43f32687c]
- Updated dependencies [a3a209b5e]
- Updated dependencies [459b6fa72]
- Updated dependencies [24b9be020]
- Updated dependencies [794af76c5]
- Updated dependencies [351aeeaa8]
- Updated dependencies [9718e0330]
- Updated dependencies [a1da11308]
- Updated dependencies [00d1d2a17]
- Updated dependencies [154b2ecd3]
- Updated dependencies [378e907d5]
- Updated dependencies [16e38df8a]
- Updated dependencies [82cb0f2bf]
- Updated dependencies [dc571aabd]
- Updated dependencies [f859d2b1a]
- Updated dependencies [6c1eb021b]
- Updated dependencies [62c24b632]
- Updated dependencies [0a6412ca9]
- Updated dependencies [5167bb528]
- Updated dependencies [c9d1af0e5]
- Updated dependencies [4b29d715b]
- Updated dependencies [b849128de]
- @verdaccio/core@6.0.0
## 11.0.0-6-next.41
### Patch Changes
- @verdaccio/core@6.0.0-6-next.76
## 11.0.0-6-next.40
### Patch Changes
- Updated dependencies [0a6412ca9]
- @verdaccio/core@6.0.0-6-next.75
## 11.0.0-6-next.39
### Patch Changes
- @verdaccio/core@6.0.0-6-next.74
## 11.0.0-6-next.38
### Patch Changes
- Updated dependencies [f859d2b1a]
- @verdaccio/core@6.0.0-6-next.73
## 11.0.0-6-next.37
### Patch Changes
- @verdaccio/core@6.0.0-6-next.72
## 11.0.0-6-next.36
### Patch Changes
- @verdaccio/core@6.0.0-6-next.71
## 11.0.0-6-next.35
### Patch Changes
- @verdaccio/core@6.0.0-6-next.70
## 11.0.0-6-next.34
### Patch Changes
- Updated dependencies [c9d1af0e]
- @verdaccio/core@6.0.0-6-next.69
## 11.0.0-6-next.33
### Patch Changes
- @verdaccio/core@6.0.0-6-next.68
## 11.0.0-6-next.32
### Patch Changes
- Updated dependencies [16e38df8]
- @verdaccio/core@6.0.0-6-next.67
## 11.0.0-6-next.31
### Patch Changes
- @verdaccio/core@6.0.0-6-next.66
## 11.0.0-6-next.30
### Patch Changes
- Updated dependencies [a1da1130]
- @verdaccio/core@6.0.0-6-next.65
## 11.0.0-6-next.29
### Patch Changes
- Updated dependencies [974cd8c1]
- @verdaccio/core@6.0.0-6-next.64
## 11.0.0-6-next.28
### Patch Changes
- Updated dependencies [dc571aab]
- @verdaccio/core@6.0.0-6-next.63
## 11.0.0-6-next.27
### Patch Changes
- Updated dependencies [378e907d]
- @verdaccio/core@6.0.0-6-next.62
## 11.0.0-6-next.26
### Patch Changes
- @verdaccio/core@6.0.0-6-next.61
## 11.0.0-6-next.25
### Patch Changes
- @verdaccio/core@6.0.0-6-next.60
## 11.0.0-6-next.24
### Patch Changes
- @verdaccio/core@6.0.0-6-next.59
## 11.0.0-6-next.23
### Patch Changes
- @verdaccio/core@6.0.0-6-next.58
## 11.0.0-6-next.22
### Patch Changes
- @verdaccio/core@6.0.0-6-next.57
## 11.0.0-6-next.21
### Patch Changes
- @verdaccio/core@6.0.0-6-next.56
## 11.0.0-6-next.20
### Patch Changes
- Updated dependencies [9718e033]
- @verdaccio/core@6.0.0-6-next.55
## 11.0.0-6-next.19
### Patch Changes
- Updated dependencies [ef88da3b]
- @verdaccio/core@6.0.0-6-next.54
## 11.0.0-6-next.18
### Patch Changes
- @verdaccio/core@6.0.0-6-next.53
## 11.0.0-6-next.17
### Patch Changes
- @verdaccio/core@6.0.0-6-next.52
## 11.0.0-6-next.16
### Patch Changes
- Updated dependencies [4b29d715]
- @verdaccio/core@6.0.0-6-next.51
## 11.0.0-6-next.15
### Patch Changes
- @verdaccio/core@6.0.0-6-next.50
## 11.0.0-6-next.14
### Patch Changes
- @verdaccio/core@6.0.0-6-next.49
## 11.0.0-6-next.13
### Major Changes
- 9fc2e796: feat(plugins): improve plugin loader
### Changes
- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
- Avoid config collisions https://github.com/verdaccio/verdaccio/issues/928
- https://github.com/verdaccio/verdaccio/issues/1394
- `config.plugins` plugin path validations
- Updated algorithm for plugin loader.
- improved documentation (included dev)
## Features
- Add scope plugin support to 6.x https://github.com/verdaccio/verdaccio/pull/3227
- Custom prefix:
```
// config.yaml
server:
pluginPrefix: mycompany
middleware:
audit:
foo: 1
```
This configuration will look up for `mycompany-audit` instead `Verdaccio-audit`.
## Breaking Changes
### sinopia plugins
- `sinopia` fallback support is removed, but can be restored using `pluginPrefix`
### plugin filter
- method rename `filter_metadata`->`filterMetadata`
### Plugin constructor does not merge configs anymore https://github.com/verdaccio/verdaccio/issues/928
The plugin receives as first argument `config`, which represents the config of the plugin. Example:
```
// config.yaml
auth:
plugin:
foo: 1
bar: 2
export class Plugin<T> {
public constructor(config: T, options: PluginOptions) {
console.log(config);
// {foo:1, bar: 2}
}
}
```
### Patch Changes
- Updated dependencies [43f32687]
- Updated dependencies [62c24b63]
- @verdaccio/core@6.0.0-6-next.48
## 11.0.0-6-next.12
### Patch Changes
- @verdaccio/core@6.0.0-6-next.47
## 11.0.0-6-next.11
### Patch Changes
- Updated dependencies [b849128d]
- @verdaccio/core@6.0.0-6-next.8
## 11.0.0-6-next.10
### Patch Changes
- 351aeeaa: fix(deps): @verdaccio/utils should be a prod dep of local-storage
- Updated dependencies [351aeeaa]
- @verdaccio/core@6.0.0-6-next.7
## 11.0.0-6-next.9
### Major Changes
- 292c0a37: feat!: replace deprecated request dependency by got
This is a big refactoring of the core, fetching dependencies, improve code, more tests and better stability. This is essential for the next release, will take some time but would allow modularize more the core.
## Notes
- Remove deprecated `request` by other `got`, retry improved, custom Agent ( got does not include it built-in)
- Remove `async` dependency from storage (used by core) it was linked with proxy somehow safe to remove now
- Refactor with promises instead callback wherever is possible
- ~Document the API~
- Improve testing, integration tests
- Bugfix
- Clean up old validations
- Improve performance
## 💥 Breaking changes
- Plugin API methods were callbacks based are returning promises, this will break current storage plugins, check documentation for upgrade.
- Write Tarball, Read Tarball methods parameters change, a new set of options like `AbortController` signals are being provided to the `addAbortSignal` can be internally used with Streams when a request is aborted. eg: `addAbortSignal(signal, fs.createReadStream(pathName));`
- `@verdaccio/streams` stream abort support is legacy is being deprecated removed
- Remove AWS and Google Cloud packages for future refactoring [#2574](https://github.com/verdaccio/verdaccio/pull/2574).
### Patch Changes
- Updated dependencies [292c0a37]
- Updated dependencies [a3a209b5]
- Updated dependencies [00d1d2a1]
- @verdaccio/core@6.0.0-6-next.6
## 11.0.0-6-next.8
### Patch Changes
- Updated dependencies [82cb0f2b]
- Updated dependencies [5167bb52]
- @verdaccio/core@6.0.0-6-next.5
## 11.0.0-6-next.7
### Patch Changes
- Updated dependencies [24b9be02]
- @verdaccio/core@6.0.0-6-next.4
## 11.0.0-6-next.6
### Patch Changes
- Updated dependencies [6c1eb021]
- @verdaccio/core@6.0.0-6-next.3
## 11.0.0-6-next.5
### Major Changes
- 794af76c: Remove Node 12 support
- We need move to the new `undici` and does not support Node.js 12
### Minor Changes
- 154b2ecd: refactor: remove @verdaccio/commons-api in favor @verdaccio/core and remove duplications
### Patch Changes
- Updated dependencies [794af76c]
- Updated dependencies [154b2ecd]
- @verdaccio/core@6.0.0-6-next.2
## 11.0.0-6-next.4
### Patch Changes
- Updated dependencies [459b6fa7]
- @verdaccio/commons-api@11.0.0-6-next.4
## 10.0.0-alpha.3

@@ -4,0 +512,0 @@

4

jest.config.js
const config = require('../../../jest/config');
module.exports = Object.assign({}, config, {
collectCoverage: true,
});
module.exports = Object.assign({}, config, {});

106

package.json
{
"name": "verdaccio-auth-memory",
"version": "11.0.0-alpha.3",
"description": "Auth plugin for Verdaccio that keeps users in memory",
"keywords": [
"private",
"package",
"repository",
"registry",
"enterprise",
"modules",
"proxy",
"server",
"verdaccio"
],
"author": "Juan Picado <juanpicado19@gmail.com>",
"license": "MIT",
"homepage": "https://verdaccio.org",
"repository": {
"type": "https",
"url": "https://github.com/verdaccio/verdaccio",
"directory": "packages/plugins/auth-memory"
},
"bugs": {
"url": "https://github.com/verdaccio/verdaccio/issues"
},
"main": "build/index.js",
"types": "build/src/index.d.ts",
"engines": {
"node": ">=10",
"npm": ">=6"
},
"dependencies": {
"debug": "4.3.2",
"@verdaccio/commons-api": "11.0.0-alpha.3"
},
"devDependencies": {
"@verdaccio/types": "11.0.0-6-next.7"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/verdaccio"
},
"scripts": {
"clean": "rimraf ./build",
"type-check": "tsc --noEmit -p tsconfig.build.json",
"build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
"build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
"build": "pnpm run build:js && pnpm run build:types",
"watch": "pnpm build:js -- --watch",
"test": "cross-env NODE_ENV=test BABEL_ENV=test jest"
}
}
"name": "verdaccio-auth-memory",
"version": "12.0.0-next.0",
"description": "Auth plugin for Verdaccio that keeps users in memory",
"keywords": [
"private",
"package",
"repository",
"registry",
"enterprise",
"modules",
"proxy",
"server",
"verdaccio"
],
"author": "Juan Picado <juanpicado19@gmail.com>",
"license": "MIT",
"homepage": "https://verdaccio.org",
"repository": {
"type": "https",
"url": "https://github.com/verdaccio/verdaccio",
"directory": "packages/plugins/auth-memory"
},
"bugs": {
"url": "https://github.com/verdaccio/verdaccio/issues"
},
"main": "build/index.js",
"types": "build/src/index.d.ts",
"engines": {
"node": ">=14",
"npm": ">=6"
},
"dependencies": {
"@verdaccio/core": "7.0.0-next.0",
"debug": "4.3.4"
},
"devDependencies": {
"@types/debug": "^4.1.7",
"@verdaccio/config": "7.0.0-next.0",
"@verdaccio/types": "12.0.0-next.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/verdaccio"
},
"scripts": {
"clean": "rimraf ./build",
"type-check": "tsc --noEmit -p tsconfig.build.json",
"build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json",
"build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps",
"build": "pnpm run build:js && pnpm run build:types",
"watch": "pnpm build:js -- --watch",
"test": "jest"
}
}

80

src/Memory.ts
import buildDebug from 'debug';
import {
PluginOptions,
Callback,
PackageAccess,
IPluginAuth,
RemoteUser,
Logger,
} from '@verdaccio/types';
import {
getConflict,
getForbidden,
getNotFound,
getUnauthorized,
API_ERROR,
} from '@verdaccio/commons-api';
import { VerdaccioMemoryConfig, Users, UserMemory } from './types';
import { API_ERROR, errorUtils, pluginUtils } from '@verdaccio/core';
import { Config, Logger, PackageAccess, RemoteUser } from '@verdaccio/types';
import { Users, VerdaccioMemoryConfig } from './types';
const debug = buildDebug('verdaccio:plugin:auth:memory:user');
export default class Memory implements IPluginAuth<VerdaccioMemoryConfig> {
const { Plugin } = pluginUtils;
export default class Memory
extends Plugin<VerdaccioMemoryConfig>
implements pluginUtils.Auth<VerdaccioMemoryConfig>
{
public _logger: Logger;
public _users: Users;
public _config: {};
public _app_config: VerdaccioMemoryConfig;
public _app_config: Config;
public constructor(
config: VerdaccioMemoryConfig,
appOptions: PluginOptions<VerdaccioMemoryConfig>
) {
public constructor(config: VerdaccioMemoryConfig, appOptions: pluginUtils.PluginOptions) {
super(config, appOptions);
this._users = config.users || {};

@@ -36,6 +27,5 @@ this._config = config;

this._app_config = appOptions.config;
debug('initialized');
}
public authenticate(user: string, password: string, done: Callback): void {
public authenticate(user: string, password: string, cb: pluginUtils.AuthCallback): void {
debug('authenticate %o:%o', user, password);

@@ -46,10 +36,10 @@ const userCredentials = this._users[user];

debug('user %o does not exist', user);
return done(null, false);
return cb(null, false);
}
if (password !== userCredentials.password) {
const err = getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD);
const err = errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD);
debug('password invalid for: %o', user);
return done(err);
return cb(err);
}

@@ -60,9 +50,9 @@

debug('authentication succeed for %o', user);
return done(null, [user]);
return cb(null, [user]);
}
public adduser(user: string, password: string, done: Callback): void {
public adduser(user: string, password: string, cb: pluginUtils.AuthUserCallback): void {
if (this._users[user]) {
debug('user %o already exist', user);
return done(null, true);
return cb(null, true);
}

@@ -72,5 +62,5 @@

if (Object.keys(this._users).length >= this._app_config.max_users) {
const err = getConflict(API_ERROR.MAX_USERS_REACHED);
const err = errorUtils.getConflict(API_ERROR.MAX_USERS_REACHED);
debug(API_ERROR.MAX_USERS_REACHED);
return done(err);
return cb(err);
}

@@ -82,3 +72,3 @@ }

debug('user added succeeded for %o', user);
done(null, user);
cb(null, user);
}

@@ -90,5 +80,5 @@

newPassword: string,
cb: Callback
cb: pluginUtils.AuthChangePasswordCallback
): void {
const user: UserMemory = this._users[username];
const user = this._users[username];
debug('init change password for %o', user?.name);

@@ -100,5 +90,5 @@

debug('user changed password succeeded for %o', user?.name);
cb(null, user);
cb(null, true);
} else {
const err = getNotFound('user not found');
const err = errorUtils.getNotFound('user not found');
this._logger.debug({ user: username }, 'change password user @{user} not found');

@@ -110,3 +100,3 @@ debug('change password user for %o not found', user?.name);

public allow_access(user: RemoteUser, pkg: PackageAccess, cb: Callback): void {
public allow_access(user: RemoteUser, pkg: PackageAccess, cb: pluginUtils.AccessCallback): void {
debug('allow access for %o', user);

@@ -120,3 +110,3 @@ if (pkg?.access?.includes('$all') || pkg?.access?.includes('$anonymous')) {

if (!user?.name) {
const err = getForbidden('not allowed to access package');
const err = errorUtils.getForbidden('not allowed to access package');
this._logger.debug({ user: user.name }, 'user: @{user} not allowed to access package');

@@ -132,3 +122,3 @@ debug('%o not allowed to access package err', user?.name, err.message);

const err = getForbidden('not allowed to access package');
const err = errorUtils.getForbidden('not allowed to access package');
debug('%o not allowed to access package err', user?.name, err?.message);

@@ -138,3 +128,7 @@ return cb(err);

public allow_publish(user: RemoteUser, pkg: PackageAccess, cb: Callback): void {
public allow_publish(
user: RemoteUser,
pkg: PackageAccess,
cb: pluginUtils.AuthAccessCallback
): void {
if (pkg?.publish?.includes('$all') || pkg?.publish?.includes('$anonymous')) {

@@ -146,3 +140,3 @@ debug('%o has been granted to publish', user?.name);

if (!user?.name) {
const err = getForbidden('not allowed to publish package');
const err = errorUtils.getForbidden('not allowed to publish package');
debug('%o not allowed to publish package err %o', user?.name, err.message);

@@ -156,3 +150,3 @@ return cb(err);

const err = getForbidden('not allowed to publish package');
const err = errorUtils.getForbidden('not allowed to publish package');
debug('%o not allowed to publish package err %o', user?.name, err.message);

@@ -159,0 +153,0 @@

4

src/types/index.ts

@@ -1,3 +0,1 @@

import { Config } from '@verdaccio/types';
export interface UserMemory {

@@ -12,5 +10,5 @@ name: string;

export interface VerdaccioMemoryConfig extends Config {
export interface VerdaccioMemoryConfig {
max_users?: number;
users: Users;
}

122

test/index.spec.ts

@@ -1,8 +0,9 @@

import { Callback } from '@verdaccio/types';
import { Config, getDefaultConfig } from '@verdaccio/config';
import { pluginUtils } from '@verdaccio/core';
import { VerdaccioMemoryConfig } from '../src/types';
import Memory from '../src/index';
import { Users, VerdaccioMemoryConfig } from '../src/types';
describe('Memory', function () {
let auth;
let auth: pluginUtils.Auth<VerdaccioMemoryConfig>;
const logger = {

@@ -19,7 +20,18 @@ child: jest.fn(() => {}),

const config = new Config(getDefaultConfig());
const users: Users = {
test: {
name: 'foo',
password: 'foo',
},
};
beforeEach(function () {
auth = new Memory({ max_users: 100 } as VerdaccioMemoryConfig, {
config: {} as VerdaccioMemoryConfig,
logger,
});
auth = new Memory(
{ max_users: 100, users },
{
config,
logger,
}
) as pluginUtils.Auth<VerdaccioMemoryConfig>;
});

@@ -29,5 +41,5 @@

test('adds users', function (done) {
auth.adduser('test', 'secret', function (err, user) {
auth.adduser?.('test', 'secret', function (err, user) {
expect(err).toBeNull();
expect(user).toEqual('test');
expect(user).toEqual(true);
done();

@@ -38,6 +50,6 @@ });

test('login existing users', function (done) {
auth.adduser('test', 'secret', function (err, user) {
auth.adduser?.('test', 'secret', function (err, user) {
expect(err).toBeNull();
expect(user).toEqual('test');
auth.adduser('test', 'secret', function (err, user) {
expect(user).toEqual(true);
auth.adduser?.('test', 'secret', function (err, user) {
expect(err).toBeNull();

@@ -51,11 +63,10 @@ expect(user).toBe(true);

test('max users reached', function (done) {
const auth = new Memory({} as VerdaccioMemoryConfig, {
config: {
max_users: -1,
} as VerdaccioMemoryConfig,
const auth = new Memory({ users } as VerdaccioMemoryConfig, {
// @ts-expect-error
config: { ...config, max_users: -1 },
logger,
});
auth.adduser('test', 'secret', function (err) {
auth.adduser?.('fooooooooo', 'secret', function (err) {
expect(err).not.toBeNull();
expect(err.message).toMatch(/maximum amount of users reached/);
expect(err?.message).toMatch(/maximum amount of users reached/);
done();

@@ -66,24 +77,5 @@ });

describe('replace user', function () {
beforeAll(function (done) {
auth.adduser('test', 'secret', function () {
done();
});
});
test('replaces password', function (done) {
auth.adduser('test', 'new_secret', function (err, user) {
expect(err).toBeNull();
expect(user).toEqual('test');
auth.authenticate('test', 'new_secret', function (err) {
expect(err).toBeNull();
done();
});
});
});
});
describe('#allow_access', function () {
beforeEach(function (done) {
auth.adduser('test', 'secret', function () {
auth.adduser?.('test', 'secret', function () {
done();

@@ -93,4 +85,4 @@ });

const accessBy = (roles: string[], done: Callback): void => {
auth.allow_access(
const accessBy = (roles: string[], done): void => {
auth.allow_access?.(
{

@@ -127,5 +119,6 @@ name: 'test',

test('should not to be allowed to access any package', function (done) {
auth.allow_access({}, { access: [], publish: [], proxy: [] }, function (err) {
// @ts-expect-error
auth.allow_access?.({}, { access: [], publish: [], proxy: [] }, function (err) {
expect(err).not.toBeNull();
expect(err.message).toMatch(/not allowed to access package/);
expect(err?.message).toMatch(/not allowed to access package/);
done();

@@ -136,5 +129,6 @@ });

test('should not to be allowed to access the anyOtherUser package', function (done) {
auth.allow_access({}, { access: ['anyOtherUser'], publish: [], proxy: [] }, function (err) {
// @ts-expect-error
auth.allow_access?.({}, { access: ['anyOtherUser'], publish: [], proxy: [] }, function (err) {
expect(err).not.toBeNull();
expect(err.message).toMatch(/not allowed to access package/);
expect(err?.message).toMatch(/not allowed to access package/);
done();

@@ -147,3 +141,3 @@ });

beforeEach(function (done) {
auth.adduser('test', 'secret', function () {
auth.adduser?.('test', 'secret', function () {
done();

@@ -153,4 +147,4 @@ });

const accessBy = (roles: string[], done: Callback): void => {
auth.allow_publish(
const accessBy = (roles: string[], done): void => {
auth.allow_publish?.(
{

@@ -187,5 +181,6 @@ name: 'test',

test('should not to be allowed to access any package', function (done) {
auth.allow_publish({}, { publish: [], proxy: [], access: [] }, function (err) {
// @ts-expect-error
auth.allow_publish?.({}, { publish: [], proxy: [], access: [] }, function (err) {
expect(err).not.toBeNull();
expect(err.message).toMatch(/not allowed to publish package/);
expect(err?.message).toMatch(/not allowed to publish package/);
done();

@@ -196,5 +191,6 @@ });

test('should not to be allowed to access the anyOtherUser package', function (done) {
// @ts-expect-error
auth.allow_publish({}, { publish: ['anyOtherUser'], proxy: [], access: [] }, function (err) {
expect(err).not.toBeNull();
expect(err.message).toMatch(/not allowed to publish package/);
expect(err?.message).toMatch(/not allowed to publish package/);
done();

@@ -209,6 +205,9 @@ });

beforeEach(function (done) {
auth = new Memory({} as VerdaccioMemoryConfig, {
config: {} as VerdaccioMemoryConfig,
logger,
});
auth = new Memory(
{ users: {} },
{
config,
logger,
}
);
auth.adduser('test', 'secret', function () {

@@ -220,5 +219,5 @@ done();

test('should change password', function (done) {
auth.changePassword('test', 'secret', 'newSecret', function (err, user) {
auth.changePassword('test', 'secret', 'newSecret', function (err, ok) {
expect(err).toBeNull();
expect(user.password).toEqual('newSecret');
expect(ok).toBe(true);
done();

@@ -239,3 +238,10 @@ });

beforeEach(function (done) {
auth.adduser('test', 'secret', function () {
auth = new Memory(
{ users: {} },
{
config,
logger,
}
);
auth.adduser?.('test', 'secret', function () {
done();

@@ -260,3 +266,3 @@ });

test('fails if user doesnt exist', function (done) {
test('fails if user does not exist', function (done) {
auth.authenticate('john', 'secret', function (err, groups) {

@@ -263,0 +269,0 @@ expect(err).toBeNull();

3

tsconfig.build.json

@@ -5,3 +5,4 @@ {

"rootDir": "./src",
"outDir": "./build"
"outDir": "./build",
"noImplicitAny": true
},

@@ -8,0 +9,0 @@ "include": ["src/**/*.ts"],

14

tsconfig.json

@@ -5,3 +5,4 @@ {

"rootDir": "./src",
"outDir": "./build"
"outDir": "./build",
"noImplicitAny": true
},

@@ -12,5 +13,14 @@ "include": ["src/**/*", "types/*.d.ts"],

{
"path": "../../core/commons-api"
"path": "../../config"
},
{
"path": "../../logger/logger"
},
{
"path": "../../core/core"
},
{
"path": "../../core/types"
}
]
}
build/index.js.map

Sorry, the diff of this file is not supported yet

build/Memory.js.map

Sorry, the diff of this file is not supported yet

build/types/index.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc