UNPKG

verdaccio-bitbucket

Version:

Verdaccio module to authenticate users via Bitbucket

github.com/idangozlan/verdaccio-bitbucket

idangozlan/verdaccio-bitbucket

182 lines (158 loc) 4.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
const NodeCache = require('node-cache'); const Bitbucket = require('./models/Bitbucket'); const getRedisClient = require('./redis'); const { CACHE_REDIS, CACHE_IN_MEMORY } = require('./constants'); const ALLOWED_CACHE_ENGINES = [CACHE_IN_MEMORY, CACHE_REDIS]; /** * Default cache time-to-live in seconds * It could be changed via config ttl option, * which should be also defined in seconds * * @type {number} * @access private */ const DEFAULT_CACHE_TTL = 24 * 60 * 60 * 7; /** * Parses config allow option and returns result * * @param {string} allow - string to parse * @returns {Object} * @access private */ function parseAllow(allow) { const result = {}; allow.split(/\s*,\s*/).forEach((team) => { const newTeam = team.trim().match(/^(.*?)(\((.*?)\))?$/); result[newTeam[1]] = newTeam[3] ? newTeam[3].split('|') : []; }); return result; } /** * @class Auth * @classdesc Auth class implementing an Auth interface for Verdaccio * @param {Object} config * @param {Object} stuff * @returns {Auth} * @constructor * @access public */ function Auth(config, stuff) { if (!(this instanceof Auth)) { return new Auth(config, stuff); } const cacheEngine = config.cache || false; if (config.cache && !ALLOWED_CACHE_ENGINES.includes(cacheEngine)) { throw Error(`Invalid cache engine ${cacheEngine}, please use on of these: [${ALLOWED_CACHE_ENGINES.join(', ')}]`); } this.cacheEngine = cacheEngine; switch (this.cacheEngine) { case CACHE_REDIS: if (!config.redis) { throw Error('Can\'t find Redis configuration'); } this.cache = getRedisClient(config.redis); break; case CACHE_IN_MEMORY: this.cache = new NodeCache(); break; default: this.cache = false; } this.bcrypt = config.hashPassword !== false ? require('bcrypt') : { // eslint-disable-line compareSync: (a, b) => (a === b), hashSync: password => password, }; this.allow = parseAllow(config.allow); this.defaultMailDomain = config.defaultMailDomain; this.ttl = (config.ttl || DEFAULT_CACHE_TTL) * 1000; this.logger = stuff.logger; } /** * Decodes a username to an email address. * * Since the local portion of email addresses * can't end with a dot or contain two consecutive * dots, we can replace the `@` with `..`. This * function converts from the above encoding to * a proper email address. * * @param {string} username * @returns {string} * @access private */ Auth.prototype.decodeUsernameToEmail = function decodeUsernameToEmail(username) { const pos = username.lastIndexOf('..'); if (pos === -1) { if (this.defaultMailDomain) { return `${username}@${this.defaultMailDomain}`; } return username; } return `${username.substr(0, pos)}@${username.substr(pos + 2)}`; }; /** * Logs a given error * This is private method running in context of Auth object * * @param {object} logger * @param {string} err * @param {string} username * @access private */ const logError = (logger, err, username) => { logger.warn(`${err.code}, user: ${username}, Bitbucket API adaptor error: ${err.message}`); }; /** * Performs user authentication by a given credentials * On success or failure executing done(err, teams) callback * * @param {string} username - user name on bitbucket * @param {string} password - user password on bitbucket * @param {Function} done - success or error callback * @access public */ Auth.prototype.authenticate = async function authenticate(username, password, done) { if (this.cache) { try { let cached = await this.cache.get(username); if (cached) { cached = JSON.parse(cached); } if (cached && this.bcrypt.compareSync(password, cached.password)) { return done(null, cached.teams); } } catch (err) { this.logger.warn('Cant get from cache', err); } } const bitbucket = new Bitbucket( this.decodeUsernameToEmail(username), password, this.logger, ); return bitbucket.getPrivileges().then(async (privileges) => { const teams = Object.keys(privileges.teams) .filter((team) => { if (this.allow[team] === undefined) { return false; } if (!this.allow[team].length) { return true; } return this.allow[team].includes(privileges.teams[team]); }, this); if (this.cache) { const hashedPassword = this.bcrypt.hashSync(password, 10); try { await this.cache.set(username, JSON.stringify({ teams, password: hashedPassword }), 'EX', this.ttl); } catch (err) { this.logger.warn('Cant save to cache', err); } } return done(null, teams); }).catch((err) => { logError(this.logger, err, username); return done(err, false); }); }; module.exports = Auth;