UNPKG

cnpmcore

Version:

Private NPM Registry for Enterprise

github.com/cnpm/cnpmcore

cnpm/cnpmcore

122 lines 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __param = (this && this.__param) || function (paramIndex, decorator) { return function (target, key) { decorator(target, key, paramIndex); } }; var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) { if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); }; var _RemovePackageVersionController_instances, _RemovePackageVersionController_removePackageVersion; import { HTTPContext, Context, HTTPController, HTTPMethod, HTTPMethodEnum, HTTPParam, Inject } from 'egg'; import { BadRequestError, ForbiddenError } from 'egg/errors'; import { FULLNAME_REG_STRING } from "../../../common/PackageUtil.js"; import { AbstractController } from "../AbstractController.js"; let RemovePackageVersionController = class RemovePackageVersionController extends AbstractController { constructor() { super(...arguments); _RemovePackageVersionController_instances.add(this); } // https://github.com/npm/cli/blob/latest/lib/commands/unpublish.js#L101 // https://github.com/npm/libnpmpublish/blob/main/unpublish.js#L84 // await npmFetch(`${tarballUrl}/-rev/${_rev}`, { // ...opts, // method: 'DELETE', // ignoreBody: true, // }) async removeByTarballUrl(ctx, fullname, filenameWithVersion) { const npmCommand = ctx.get('npm-command'); if (npmCommand !== 'unpublish') { throw new BadRequestError('Only allow "unpublish" npm-command'); } const ensureRes = await this.ensurePublishAccess(ctx, fullname, true); const pkg = ensureRes.pkg; const version = this.getAndCheckVersionFromFilename(ctx, fullname, filenameWithVersion); const packageVersion = await this.getPackageVersionEntity(pkg, version); await __classPrivateFieldGet(this, _RemovePackageVersionController_instances, "m", _RemovePackageVersionController_removePackageVersion).call(this, pkg, packageVersion); return { ok: true }; } // https://github.com/npm/libnpmpublish/blob/main/unpublish.js#L43 // npm http fetch DELETE 404 http://localhost:62649/@cnpm%2ffoo/-rev/1-642f6e8b52d7b8eb03aef23f // await npmFetch(`${pkgUri}/-rev/${pkg._rev}`, { // ...opts, // method: 'DELETE', // ignoreBody: true, // }) async removeByPkgUri(ctx, fullname) { const npmCommand = ctx.get('npm-command'); if (npmCommand !== 'unpublish') { throw new BadRequestError('Only allow "unpublish" npm-command'); } const ensureRes = await this.ensurePublishAccess(ctx, fullname, true); const pkg = ensureRes.pkg; // try to remove the latest version first const packageTag = await this.packageRepository.findPackageTag(pkg.packageId, 'latest'); let packageVersion = null; if (packageTag) { packageVersion = await this.packageRepository.findPackageVersion(pkg.packageId, packageTag.version); } if (packageVersion) { await __classPrivateFieldGet(this, _RemovePackageVersionController_instances, "m", _RemovePackageVersionController_removePackageVersion).call(this, pkg, packageVersion); } else { this.logger.info('[PackageController:unpublishPackage] %s, packageId: %s', pkg.fullname, pkg.packageId); await this.packageManagerService.unpublishPackage(pkg); } return { ok: true }; } }; _RemovePackageVersionController_instances = new WeakSet(); _RemovePackageVersionController_removePackageVersion = async function _RemovePackageVersionController_removePackageVersion(pkg, packageVersion) { // https://docs.npmjs.com/policies/unpublish // can unpublish anytime within the first 72 hours after publishing if (pkg.isPrivate && Date.now() - packageVersion.publishTime.getTime() >= 3_600_000 * 72) { throw new ForbiddenError(`${pkg.fullname}@${packageVersion.version} unpublish is not allowed after 72 hours of released`); } this.logger.info('[PackageController:removeVersion] %s@%s, packageVersionId: %s', pkg.fullname, packageVersion.version, packageVersion.packageVersionId); await this.packageManagerService.removePackageVersion(pkg, packageVersion); }; __decorate([ Inject(), __metadata("design:type", Function) ], RemovePackageVersionController.prototype, "packageManagerService", void 0); __decorate([ HTTPMethod({ // DELETE /@cnpm/foo/-/foo-4.0.0.tgz/-rev/61af62d6295fcbd9f8f1c08f // DELETE /:fullname/-/:filenameWithVersion.tgz/-rev/:rev path: `/:fullname(${FULLNAME_REG_STRING})/-/:filenameWithVersion.tgz/-rev/:rev`, method: HTTPMethodEnum.DELETE, }), __param(0, HTTPContext()), __param(1, HTTPParam()), __param(2, HTTPParam()), __metadata("design:type", Function), __metadata("design:paramtypes", [Context, String, String]), __metadata("design:returntype", Promise) ], RemovePackageVersionController.prototype, "removeByTarballUrl", null); __decorate([ HTTPMethod({ // DELETE /@cnpm/foo/-rev/61af62d6295fcbd9f8f1c08f // DELETE /:fullname/-rev/:rev path: `/:fullname(${FULLNAME_REG_STRING})/-rev/:rev`, method: HTTPMethodEnum.DELETE, }), __param(0, HTTPContext()), __param(1, HTTPParam()), __metadata("design:type", Function), __metadata("design:paramtypes", [Context, String]), __metadata("design:returntype", Promise) ], RemovePackageVersionController.prototype, "removeByPkgUri", null); RemovePackageVersionController = __decorate([ HTTPController() ], RemovePackageVersionController); export { RemovePackageVersionController }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVtb3ZlUGFja2FnZVZlcnNpb25Db250cm9sbGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vYXBwL3BvcnQvY29udHJvbGxlci9wYWNrYWdlL1JlbW92ZVBhY2thZ2VWZXJzaW9uQ29udHJvbGxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxPQUFPLEVBQUUsV0FBVyxFQUFFLE9BQU8sRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLGNBQWMsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBQzFHLE9BQU8sRUFBRSxlQUFlLEVBQUUsY0FBYyxFQUFFLE1BQU0sWUFBWSxDQUFDO0FBRTdELE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBSXJFLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBR3ZELElBQU0sOEJBQThCLEdBQXBDLE1BQU0sOEJBQStCLFNBQVEsa0JBQWtCO0lBQS9EOzs7SUFxRlAsQ0FBQztJQWpGQyx3RUFBd0U7SUFDeEUsa0VBQWtFO0lBQ2xFLGlEQUFpRDtJQUNqRCxhQUFhO0lBQ2Isc0JBQXNCO0lBQ3RCLHNCQUFzQjtJQUN0QixLQUFLO0lBT0MsQUFBTixLQUFLLENBQUMsa0JBQWtCLENBQ1AsR0FBWSxFQUNkLFFBQWdCLEVBQ2hCLG1CQUEyQjtRQUV4QyxNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUMsR0FBRyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzFDLElBQUksVUFBVSxLQUFLLFdBQVcsRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxlQUFlLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBQ0QsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsR0FBRyxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN0RSxNQUFNLEdBQUcsR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDO1FBQzFCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyw4QkFBOEIsQ0FBQyxHQUFHLEVBQUUsUUFBUSxFQUFFLG1CQUFtQixDQUFDLENBQUM7UUFDeEYsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsdUJBQXVCLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sdUJBQUEsSUFBSSx1R0FBc0IsTUFBMUIsSUFBSSxFQUF1QixHQUFHLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDdEQsT0FBTyxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUN0QixDQUFDO0lBRUQsa0VBQWtFO0lBQ2xFLCtGQUErRjtJQUMvRixpREFBaUQ7SUFDakQsYUFBYTtJQUNiLHNCQUFzQjtJQUN0QixzQkFBc0I7SUFDdEIsS0FBSztJQU9DLEFBQU4sS0FBSyxDQUFDLGNBQWMsQ0FBZ0IsR0FBWSxFQUFlLFFBQWdCO1FBQzdFLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDMUMsSUFBSSxVQUFVLEtBQUssV0FBVyxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLGVBQWUsQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO1FBQ2xFLENBQUM7UUFDRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxHQUFHLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3RFLE1BQU0sR0FBRyxHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUM7UUFDMUIseUNBQXlDO1FBQ3pDLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQ3hGLElBQUksY0FBYyxHQUEwQixJQUFJLENBQUM7UUFDakQsSUFBSSxVQUFVLEVBQUUsQ0FBQztZQUNmLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RyxDQUFDO1FBQ0QsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUNuQixNQUFNLHVCQUFBLElBQUksdUdBQXNCLE1BQTFCLElBQUksRUFBdUIsR0FBRyxFQUFFLGNBQWMsQ0FBQyxDQUFDO1FBQ3hELENBQUM7YUFBTSxDQUFDO1lBQ04sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0RBQXdELEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDeEcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUNELE9BQU8sRUFBRSxFQUFFLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDdEIsQ0FBQztDQWtCRixDQUFBOzt1REFoQkMsS0FBSywrREFBdUIsR0FBWSxFQUFFLGNBQThCO0lBQ3RFLDRDQUE0QztJQUM1QyxtRUFBbUU7SUFDbkUsSUFBSSxHQUFHLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxjQUFjLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxJQUFJLFNBQVMsR0FBRyxFQUFFLEVBQUUsQ0FBQztRQUN6RixNQUFNLElBQUksY0FBYyxDQUN0QixHQUFHLEdBQUcsQ0FBQyxRQUFRLElBQUksY0FBYyxDQUFDLE9BQU8sc0RBQXNELENBQ2hHLENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQ2QsK0RBQStELEVBQy9ELEdBQUcsQ0FBQyxRQUFRLEVBQ1osY0FBYyxDQUFDLE9BQU8sRUFDdEIsY0FBYyxDQUFDLGdCQUFnQixDQUNoQyxDQUFDO0lBQ0YsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsb0JBQW9CLENBQUMsR0FBRyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQzdFLENBQUM7QUFsRk87SUFEUCxNQUFNLEVBQUU7OzZFQUM0QztBQWUvQztJQU5MLFVBQVUsQ0FBQztRQUNWLGtFQUFrRTtRQUNsRSx5REFBeUQ7UUFDekQsSUFBSSxFQUFFLGNBQWMsbUJBQW1CLHdDQUF3QztRQUMvRSxNQUFNLEVBQUUsY0FBYyxDQUFDLE1BQU07S0FDOUIsQ0FBQztJQUVDLFdBQUEsV0FBVyxFQUFFLENBQUE7SUFDYixXQUFBLFNBQVMsRUFBRSxDQUFBO0lBQ1gsV0FBQSxTQUFTLEVBQUUsQ0FBQTs7cUNBRlEsT0FBTzs7d0VBYzVCO0FBZUs7SUFOTCxVQUFVLENBQUM7UUFDVixrREFBa0Q7UUFDbEQsOEJBQThCO1FBQzlCLElBQUksRUFBRSxjQUFjLG1CQUFtQixhQUFhO1FBQ3BELE1BQU0sRUFBRSxjQUFjLENBQUMsTUFBTTtLQUM5QixDQUFDO0lBQ29CLFdBQUEsV0FBVyxFQUFFLENBQUE7SUFBZ0IsV0FBQSxTQUFTLEVBQUUsQ0FBQTs7cUNBQXJCLE9BQU87O29FQW9CL0M7QUFuRVUsOEJBQThCO0lBRDFDLGNBQWMsRUFBRTtHQUNKLDhCQUE4QixDQXFGMUMifQ==