diff --git a/app/common/PackageUtil.ts b/app/common/PackageUtil.ts index 2596e0cb..2ffbbffa 100644 --- a/app/common/PackageUtil.ts +++ b/app/common/PackageUtil.ts @@ -110,8 +110,8 @@ export async function extractPackageJSON(tarballBytes: Buffer): Promise name === 'package/package.json', onentry: async entry => { - let chunks: Buffer[] = []; - for await (let chunk of entry) { + const chunks: Buffer[] = []; + for await (const chunk of entry) { chunks.push(chunk); } try { diff --git a/app/port/controller/package/SavePackageVersionController.ts b/app/port/controller/package/SavePackageVersionController.ts index 79b07698..3715e92d 100644 --- a/app/port/controller/package/SavePackageVersionController.ts +++ b/app/port/controller/package/SavePackageVersionController.ts @@ -179,11 +179,11 @@ export class SavePackageVersionController extends AbstractController { if (this.config.cnpmcore.strictValidateTarballPkg) { const tarballPkg = await extractPackageJSON(tarballBytes); const versionManifest = pkg.versions[tarballPkg.version]; - const diffKey = STRICT_CHECK_TARBALL_FIELDS.find(key => { + const diffKeys = STRICT_CHECK_TARBALL_FIELDS.filter(key => { return !isEqual(tarballPkg[key], versionManifest[key]); }); - if (diffKey) { - throw new UnprocessableEntityError(`${diffKey} mismatch between tarball and manifest`); + if (diffKeys.length > 0) { + throw new UnprocessableEntityError(`${diffKeys} mismatch between tarball and manifest`); } } diff --git a/test/port/controller/package/SavePackageVersionController.test.ts b/test/port/controller/package/SavePackageVersionController.test.ts index 9daefd14..9e660601 100644 --- a/test/port/controller/package/SavePackageVersionController.test.ts +++ b/test/port/controller/package/SavePackageVersionController.test.ts @@ -87,9 +87,27 @@ describe('test/port/controller/package/SavePackageVersionController.test.ts', () assert.equal(pkgEntity.registryId, selfRegistry.registryId); }); it('should verify tgz and manifest', async () => { + const { pkg, user } = await TestUtil.createPackage({ name: '@cnpm/banana', version: '1.0.0' }); + const pkg2 = await TestUtil.getFullPackage({ name: pkg.name, version: '0.0.1' }); + + pkg2.versions['0.0.1'].name = '@cnpm/orange'; + + mock(app.config.cnpmcore, 'strictValidateTarballPkg', true); + const res = await app.httpRequest() + .put(`/${pkg2.name}`) + .set('authorization', user.authorization) + .set('user-agent', user.ua) + .send(pkg2) + .expect(422); + + assert.equal(res.body.error, '[UNPROCESSABLE_ENTITY] name mismatch between tarball and manifest'); + }); + it('should verify tgz and manifest with multiple fields', async () => { mock(app.config.cnpmcore, 'allowPublishNonScopePackage', true); const { pkg, user } = await TestUtil.createPackage({ name: 'non_scope_pkg', version: '1.0.0' }); - const pkg2 = await TestUtil.getFullPackage({ name: pkg.name, version: '2.0.0' }); + const pkg2 = await TestUtil.getFullPackage({ name: pkg.name, version: '0.0.1' }); + + pkg2.versions['0.0.1'].dependencies = { lodash: 'latest' }; mock(app.config.cnpmcore, 'strictValidateTarballPkg', true); const res = await app.httpRequest() @@ -99,7 +117,7 @@ describe('test/port/controller/package/SavePackageVersionController.test.ts', () .send(pkg2) .expect(422); - assert.equal(res.body.error, '[UNPROCESSABLE_ENTITY] name mismatch between tarball and manifest'); + assert.equal(res.body.error, '[UNPROCESSABLE_ENTITY] name,dependencies mismatch between tarball and manifest'); }); it('should add new version success on scoped package', async () => {