Skip to content

Commit

Permalink
wip access
Browse files Browse the repository at this point in the history
  • Loading branch information
zkat committed Aug 20, 2018
1 parent 3e1d353 commit e05cd01
Show file tree
Hide file tree
Showing 3 changed files with 161 additions and 75 deletions.
212 changes: 138 additions & 74 deletions lib/access.js
Original file line number Diff line number Diff line change
@@ -1,28 +1,49 @@
'use strict'
/* eslint-disable standard/no-callback-literal */

var resolve = require('path').resolve
const BB = require('bluebird')

var readPackageJson = require('read-package-json')
var mapToRegistry = require('./utils/map-to-registry.js')
var npm = require('./npm.js')
var output = require('./utils/output.js')

var whoami = require('./whoami')
const figgyPudding = require('figgy-pudding')
const libaccess = require('libnpmaccess')
const npmConfig = require('./config/figgy-config.js')
const output = require('./utils/output.js')
const otplease = require('./utils/otplease.js')
const path = require('path')
const prefix = require('./npm.js').prefix
const readPackageJson = BB.promisify(require('read-package-json'))
const usage = require('./utils/usage.js')
const whoami = require('./whoami.js')

module.exports = access

access.usage =
access.usage = usage(
'npm access',
'npm access public [<package>]\n' +
'npm access restricted [<package>]\n' +
'npm access grant <read-only|read-write> <scope:team> [<package>]\n' +
'npm access revoke <scope:team> [<package>]\n' +
'npm access 2fa-required [<package>]\n' +
'npm access 2fa-not-required [<package>]\n' +
'npm access ls-packages [<user>|<scope>|<scope:team>]\n' +
'npm access ls-collaborators [<package> [<user>]]\n' +
'npm access edit [<package>]'
)

access.subcommands = [
'public', 'restricted', 'grant', 'revoke',
'ls-packages', 'ls-collaborators', 'edit'
]

const AccessConfig = figgyPudding({
json: {}
})

access.subcommands = ['public', 'restricted', 'grant', 'revoke',
'ls-packages', 'ls-collaborators', 'edit']
function UsageError (msg = '') {
throw Object.assign(new Error(
(msg ? `\nUsage: ${msg}\n\n` : '') +
access.usage
), {code: 'EUSAGE'})
}

access.completion = function (opts, cb) {
var argv = opts.conf.argv.remain
Expand Down Expand Up @@ -50,81 +71,124 @@ access.completion = function (opts, cb) {
}
}

function access (args, cb) {
var cmd = args.shift()
var params
return parseParams(cmd, args, function (err, p) {
if (err) { return cb(err) }
params = p
return mapToRegistry(params.package, npm.config, invokeCmd)
})
function access ([cmd, ...args], cb) {
return BB.try(() => {
const fn = access.subcommands.includes(cmd) && access[cmd]
if (!cmd) { UsageError('Subcommand is required.') }
if (!fn) { UsageError(`${cmd} is not a recognized subcommand.`) }

function invokeCmd (err, uri, auth, base) {
if (err) { return cb(err) }
params.auth = auth
try {
return npm.registry.access(cmd, uri, params, function (err, data) {
if (!err && data) {
output(JSON.stringify(data, undefined, 2))
}
cb(err, data)
})
} catch (e) {
cb(e.message + '\n\nUsage:\n' + access.usage)
}
}
return fn(args, AccessConfig(npmConfig()))
}).then(
x => cb(null, x),
err => err.code === 'EUSAGE' ? cb(err.message) : cb(err)
)
}

function parseParams (cmd, args, cb) {
// mapToRegistry will complain if package is undefined,
// but it's not needed for ls-packages
var params = { 'package': '' }
if (cmd === 'grant') {
params.permissions = args.shift()
}
if (['grant', 'revoke', 'ls-packages'].indexOf(cmd) !== -1) {
var entity = (args.shift() || '').split(':')
params.scope = entity[0]
params.team = entity[1]
}
access.public = ([pkg], opts) => {
return modifyPackage(pkg, opts, libaccess.public)
}

if (cmd === 'ls-packages') {
if (!params.scope) {
whoami([], true, function (err, scope) {
params.scope = scope
cb(err, params)
})
} else {
cb(null, params)
access.restricted = ([pkg], opts) => {
return modifyPackage(pkg, opts, libaccess.restricted)
}

access.grant = ([perms, scopeteam, pkg], opts) => {
return BB.try(() => {
if (!perms || (perms !== 'read-only' && perms !== 'read-write')) {
UsageError('First argument must be either `read-only` or `read-write.`')
}
if (!scopeteam) {
UsageError('`<scope:team>` argument is required.')
}
const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []
if (!scope && !team) {
UsageError(
'Second argument used incorrect format.\n' +
'Example: @example:developers'
)
}
} else {
getPackage(args.shift(), function (err, pkg) {
if (err) return cb(err)
params.package = pkg
return modifyPackage(pkg, opts, (pkgName, opts) => {
return libaccess.grant(pkgName, scope, team, perms, opts)
})
})
}

if (cmd === 'ls-collaborators') params.user = args.shift()
cb(null, params)
access.revoke = ([scopeteam, pkg], opts) => {
return BB.try(() => {
if (!scopeteam) {
UsageError('`<scope:team>` argument is required.')
}
const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []
if (!scope || !team) {
UsageError(
'First argument used incorrect format.\n' +
'Example: @example:developers'
)
}
return modifyPackage(pkg, opts, (pkgName, opts) => {
return libaccess.revoke(pkgName, scope, team, opts)
})
}
})
}

access['2fa-required'] = access.tfaRequired = ([pkg], opts) => {
return modifyPackage(pkg, opts, libaccess.tfaRequired, false)
}

access['2fa-not-required'] = access.tfaNotRequired = ([pkg], opts) => {
return modifyPackage(pkg, opts, libaccess.tfaNotRequired, false)
}

function getPackage (name, cb) {
if (name && name.trim()) {
cb(null, name.trim())
} else {
readPackageJson(
resolve(npm.prefix, 'package.json'),
function (err, data) {
if (err) {
access['ls-packages'] = access.lsPackages = ([owner], opts) => {
return (
owner ? BB.resolve(owner) : whoami([], true)
).then(owner => {
const [, team] = owner.match(/^@?[^:]+:(.*)$/) || []
return libaccess.lsPackages(owner, team, opts)
}).then(pkgs => {
// TODO - print these out nicely (breaking change)
output(JSON.stringify(pkgs, null, 2))
})
}

access['ls-collaborators'] = access.lsCollaborators = ([pkg, usr], opts) => {
return getPackage(pkg).then(pkgName =>
libaccess.lsCollaborators(pkgName, usr, opts)
).then(collabs => {
// TODO - print these out nicely (breaking change)
output(JSON.stringify(collabs, null, 2))
})
}

function modifyPackage (pkg, opts, fn, requireScope = true) {
return getPackage(pkg, requireScope).then(pkgName =>
otplease(opts, opts => fn(pkgName, opts))
)
}

function getPackage (name, requireScope = true) {
return BB.try(() => {
if (name && name.trim()) {
return name.trim()
} else {
return readPackageJson(
path.resolve(prefix, 'package.json')
).then(
data => data.name,
err => {
if (err.code === 'ENOENT') {
cb(new Error('no package name passed to command and no package.json found'))
throw new Error('no package name passed to command and no package.json found')
} else {
cb(err)
throw err
}
} else {
cb(null, data.name)
}
}
)
}
)
}
}).then(name => {
if (requireScope && !name.match(/^@[^/]+\/.*$/)) {
UsageError('This command is only available for scoped packages.')
} else {
return name
}
})
}
22 changes: 22 additions & 0 deletions lib/utils/otplease.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
'use strict'

const BB = require('bluebird')

const optCheck = require('figgy-pudding')({})
const readUserInfo = require('./read-user-info.js')

module.exports = otplease
function otplease (opts, fn) {
opts = opts.concat ? opts : optCheck(opts)
return BB.try(() => {
return fn(opts)
}).catch(err => {
if (err.code !== 'EOTP' && !(err.code === 'E401' && /one-time pass/.test(err.body))) {
throw err
} else if (!process.stdin.isTTY || !process.stdout.isTTY) {
throw err
} else {
return readUserInfo.otp().then(otp => fn(opts.concat({otp})))
}
})
}
2 changes: 1 addition & 1 deletion test/tap/access.js
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ test('npm change access on unscoped package', function (t) {
function (er, code, stdout, stderr) {
t.ok(code, 'exited with Error')
t.matches(
stderr, /access commands are only accessible for scoped packages/)
stderr, /only available for scoped packages/)
t.end()
}
)
Expand Down

0 comments on commit e05cd01

Please sign in to comment.