UNPKG

@verdaccio/web

Version:

web ui middleware

github.com/verdaccio/verdaccio

73 lines (72 loc) 3.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = void 0; var _debug = _interopRequireDefault(require("debug")); var _express = require("express"); var _lodash = _interopRequireDefault(require("lodash")); var _core = require("@verdaccio/core"); var _middleware = require("@verdaccio/middleware"); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } const debug = (0, _debug.default)('verdaccio:web:api:user'); function addUserAuthApi(auth, config) { var _config$flags; const route = (0, _express.Router)(); /* eslint new-cap: 0 */ route.post('/login', (0, _middleware.rateLimit)(config === null || config === void 0 ? void 0 : config.userRateLimit), function (req, res, next) { const { username, password } = req.body; debug('authenticate %o', username); auth.authenticate(username, password, async (err, user) => { if (err) { const errorCode = err.message ? _core.HTTP_STATUS.UNAUTHORIZED : _core.HTTP_STATUS.INTERNAL_ERROR; debug('error authenticate %o', errorCode); next(_core.errorUtils.getCode(errorCode, err.message)); } else { req.remote_user = user; const jWTSignOptions = config.security.web.sign; res.set(_core.HEADERS.CACHE_CONTROL, 'no-cache, no-store'); next({ token: await auth.jwtEncrypt(user, jWTSignOptions), username: req.remote_user.name }); } }); }); if ((config === null || config === void 0 ? void 0 : (_config$flags = config.flags) === null || _config$flags === void 0 ? void 0 : _config$flags.changePassword) === true) { route.put('/reset_password', (0, _middleware.rateLimit)(config === null || config === void 0 ? void 0 : config.userRateLimit), function (req, res, next) { var _config$serverSetting; if (_lodash.default.isNil(req.remote_user.name)) { res.status(_core.HTTP_STATUS.UNAUTHORIZED); return next({ // FUTURE: update to a more meaningful message message: _core.API_ERROR.MUST_BE_LOGGED }); } const { password } = req.body; const { name } = req.remote_user; if (_core.validatioUtils.validatePassword(password.new, config === null || config === void 0 ? void 0 : (_config$serverSetting = config.serverSettings) === null || _config$serverSetting === void 0 ? void 0 : _config$serverSetting.passwordValidationRegex) === false) { return next(_core.errorUtils.getCode(_core.HTTP_STATUS.BAD_REQUEST, _core.APP_ERROR.PASSWORD_VALIDATION)); } auth.changePassword(name, password.old, password.new, (err, isUpdated) => { if (_lodash.default.isNil(err) && isUpdated) { next({ ok: true }); } else { return next(_core.errorUtils.getInternalError(_core.API_ERROR.INTERNAL_SERVER_ERROR)); } }); }); } return route; } var _default = addUserAuthApi; exports.default = _default; //# sourceMappingURL=user.js.map