UNPKG

cnpmjs.org

Version:

Private npm registry and web for Enterprise, base on MySQL and Simple Store Service

github.com/cnpm/cnpmjs.org

cnpm/cnpmjs.org

102 lines (84 loc) 2.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/**! * cnpmjs.org - middleware/publishable.js * * Copyright(c) cnpmjs.org and other contributors. * MIT Licensed * * Authors: * fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com) */ 'use strict'; /** * Module dependencies. */ var util = require('util'); var config = require('../config'); var debug = require('debug')('cnpmjs.org:middlewares/publishable'); module.exports = function *publishable(next) { // admins always can publish and unpublish if (this.user.isAdmin) { return yield next; } // private mode, normal user can't publish and unpublish if (config.enablePrivate) { this.status = 403; this.body = { error: 'no_perms', reason: 'Private mode enable, only admin can publish this module' }; return; } // public mode, normal user have permission to publish `scoped package` // and only can publish with scopes in `ctx.user.scopes`, default is `config.scopes` var name = this.params.name || this.params[0]; // check if is private package list in config if (config.privatePackages && config.privatePackages.indexOf(name) !== -1) { return yield next; } // scoped module if (name[0] === '@') { if (checkScope(name, this)) { return yield next; } return; } // none-scope assertNoneScope(name, this); }; /** * check module's scope legal */ function checkScope(name, ctx) { if (!ctx.user.scopes || !ctx.user.scopes.length) { ctx.status = 404; return false; } var scope = name.split('/')[0]; if (ctx.user.scopes.indexOf(scope) === -1) { debug('assert scope %s error', name); ctx.status = 400; ctx.body = { error: 'invalid scope', reason: util.format('scope %s not match legal scopes: %s', scope, ctx.user.scopes.join(', ')) }; return false; } return true; } /** * check if user have permission to publish without scope */ function assertNoneScope(name, ctx) { ctx.status = 403; if (ctx.user.scopes.length === 0) { ctx.body = { error: 'no_perms', reason: 'can\'t publish non-scoped package, please set `config.scopes`' }; return; } ctx.body = { error: 'no_perms', reason: 'only allow publish with ' + ctx.user.scopes.join(', ') + ' scope(s)' }; }