'use strict' const fetch = require('npm-registry-fetch') const { HttpErrorBase } = require('npm-registry-fetch/errors.js') const os = require('os') const pudding = require('figgy-pudding') const validate = require('aproba') exports.adduserCouch = adduserCouch exports.loginCouch = loginCouch exports.adduserWeb = adduserWeb exports.loginWeb = loginWeb exports.login = login exports.adduser = adduser exports.get = get exports.set = set exports.listTokens = listTokens exports.removeToken = removeToken exports.createToken = createToken const url = require('url') const isValidUrl = u => { if (u && typeof u === 'string') { const p = url.parse(u) return p.slashes && p.host && p.path && /^https?:$/.test(p.protocol) } return false } const ProfileConfig = pudding({ creds: {}, hostname: {}, otp: {} }) // try loginWeb, catch the "not supported" message and fall back to couch function login (opener, prompter, opts) { validate('FFO', arguments) opts = ProfileConfig(opts) return loginWeb(opener, opts).catch(er => { if (er instanceof WebLoginNotSupported) { process.emit('log', 'verbose', 'web login not supported, trying couch') return prompter(opts.creds) .then(data => loginCouch(data.username, data.password, opts)) } else { throw er } }) } function adduser (opener, prompter, opts) { validate('FFO', arguments) opts = ProfileConfig(opts) return adduserWeb(opener, opts).catch(er => { if (er instanceof WebLoginNotSupported) { process.emit('log', 'verbose', 'web adduser not supported, trying couch') return prompter(opts.creds) .then(data => adduserCouch(data.username, data.email, data.password, opts)) } else { throw er } }) } function adduserWeb (opener, opts) { validate('FO', arguments) const body = { create: true } process.emit('log', 'verbose', 'web adduser', 'before first POST') return webAuth(opener, opts, body) } function loginWeb (opener, opts) { validate('FO', arguments) process.emit('log', 'verbose', 'web login', 'before first POST') return webAuth(opener, opts, {}) } function webAuth (opener, opts, body) { opts = ProfileConfig(opts) body.hostname = opts.hostname || os.hostname() const target = '/-/v1/login' return fetch(target, opts.concat({ method: 'POST', body })).then(res => { return Promise.all([res, res.json()]) }).then(([res, content]) => { const { doneUrl, loginUrl } = content process.emit('log', 'verbose', 'web auth', 'got response', content) if (!isValidUrl(doneUrl) || !isValidUrl(loginUrl)) { throw new WebLoginInvalidResponse('POST', res, content) } return content }).then(({ doneUrl, loginUrl }) => { process.emit('log', 'verbose', 'web auth', 'opening url pair') return opener(loginUrl).then( () => webAuthCheckLogin(doneUrl, opts.concat({ cache: false })) ) }).catch(er => { if ((er.statusCode >= 400 && er.statusCode <= 499) || er.statusCode === 500) { throw new WebLoginNotSupported('POST', { status: er.statusCode, headers: { raw: () => er.headers } }, er.body) } else { throw er } }) } function webAuthCheckLogin (doneUrl, opts) { return fetch(doneUrl, opts).then(res => { return Promise.all([res, res.json()]) }).then(([res, content]) => { if (res.status === 200) { if (!content.token) { throw new WebLoginInvalidResponse('GET', res, content) } else { return content } } else if (res.status === 202) { const retry = +res.headers.get('retry-after') * 1000 if (retry > 0) { return sleep(retry).then(() => webAuthCheckLogin(doneUrl, opts)) } else { return webAuthCheckLogin(doneUrl, opts) } } else { throw new WebLoginInvalidResponse('GET', res, content) } }) } function adduserCouch (username, email, password, opts) { validate('SSSO', arguments) opts = ProfileConfig(opts) const body = { _id: 'org.couchdb.user:' + username, name: username, password: password, email: email, type: 'user', roles: [], date: new Date().toISOString() } const logObj = {} Object.keys(body).forEach(k => { logObj[k] = k === 'password' ? 'XXXXX' : body[k] }) process.emit('log', 'verbose', 'adduser', 'before first PUT', logObj) const target = '/-/user/org.couchdb.user:' + encodeURIComponent(username) return fetch.json(target, opts.concat({ method: 'PUT', body })).then(result => { result.username = username return result }) } function loginCouch (username, password, opts) { validate('SSO', arguments) opts = ProfileConfig(opts) const body = { _id: 'org.couchdb.user:' + username, name: username, password: password, type: 'user', roles: [], date: new Date().toISOString() } const logObj = {} Object.keys(body).forEach(k => { logObj[k] = k === 'password' ? 'XXXXX' : body[k] }) process.emit('log', 'verbose', 'login', 'before first PUT', logObj) const target = '-/user/org.couchdb.user:' + encodeURIComponent(username) return fetch.json(target, opts.concat({ method: 'PUT', body })).catch(err => { if (err.code === 'E400') { err.message = `There is no user with the username "${username}".` throw err } if (err.code !== 'E409') throw err return fetch.json(target, opts.concat({ query: { write: true } })).then(result => { Object.keys(result).forEach(function (k) { if (!body[k] || k === 'roles') { body[k] = result[k] } }) return fetch.json(`${target}/-rev/${body._rev}`, opts.concat({ method: 'PUT', body, forceAuth: { username, password: Buffer.from(password, 'utf8').toString('base64'), otp: opts.otp } })) }) }).then(result => { result.username = username return result }) } function get (opts) { validate('O', arguments) return fetch.json('/-/npm/v1/user', opts) } function set (profile, opts) { validate('OO', arguments) Object.keys(profile).forEach(key => { // profile keys can't be empty strings, but they CAN be null if (profile[key] === '') profile[key] = null }) return fetch.json('/-/npm/v1/user', ProfileConfig(opts, { method: 'POST', body: profile })) } function listTokens (opts) { validate('O', arguments) opts = ProfileConfig(opts) return untilLastPage('/-/npm/v1/tokens') function untilLastPage (href, objects) { return fetch.json(href, opts).then(result => { objects = objects ? objects.concat(result.objects) : result.objects if (result.urls.next) { return untilLastPage(result.urls.next, objects) } else { return objects } }) } } function removeToken (tokenKey, opts) { validate('SO', arguments) const target = `/-/npm/v1/tokens/token/${tokenKey}` return fetch(target, ProfileConfig(opts, { method: 'DELETE', ignoreBody: true })).then(() => null) } function createToken (password, readonly, cidrs, opts) { validate('SBAO', arguments) return fetch.json('/-/npm/v1/tokens', ProfileConfig(opts, { method: 'POST', body: { password: password, readonly: readonly, cidr_whitelist: cidrs } })) } class WebLoginInvalidResponse extends HttpErrorBase { constructor (method, res, body) { super(method, res, body) this.message = 'Invalid response from web login endpoint' Error.captureStackTrace(this, WebLoginInvalidResponse) } } class WebLoginNotSupported extends HttpErrorBase { constructor (method, res, body) { super(method, res, body) this.message = 'Web login not supported' this.code = 'ENYI' Error.captureStackTrace(this, WebLoginNotSupported) } } function sleep (ms) { return new Promise((resolve, reject) => setTimeout(resolve, ms)) }