Skip to content

Commit

Permalink
fix: Incorrect authorization prefix for basic auth, and undocumented …
Browse files Browse the repository at this point in the history
…env var (#454)



Co-authored-by: Gavin King <[email protected]>
Co-authored-by: Antoine du Hamel <[email protected]>
  • Loading branch information
3 people authored Apr 12, 2024
1 parent 73d9a1e commit 2d63536
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 16 deletions.
26 changes: 12 additions & 14 deletions sources/httpUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,27 +16,25 @@ async function fetch(input: string | URL, init?: RequestInit) {
input = new URL(input);

let headers = init?.headers;
const {username, password} = input;

const username: string | undefined = input.username ?? process.env.COREPACK_NPM_USERNAME;
const password: string | undefined = input.password ?? process.env.COREPACK_NPM_PASSWORD;

if (username || password) {
headers = {
...headers,
authorization: `Bearer ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
};

input.username = input.password = ``;
} else if (input.origin === process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) {
if (process.env.COREPACK_NPM_TOKEN) {
headers = {
...headers,
authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
};
} else if (`COREPACK_NPM_PASSWORD` in process.env) {
headers = {
...headers,
authorization: `Bearer ${Buffer.from(`${process.env.COREPACK_NPM_USER}:${process.env.COREPACK_NPM_PASSWORD}`).toString(`base64`)}`,
};
}
}

if (input.origin === (process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) && process.env.COREPACK_NPM_TOKEN) {
headers = {
...headers,
authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
};
}

let response;
try {
Expand Down
5 changes: 3 additions & 2 deletions tests/_registryServer.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ function generateVersionMetadata(packageName, version) {

const server = createServer((req, res) => {
const auth = req.headers.authorization;
if (!auth?.startsWith(`Bearer `) || Buffer.from(auth.slice(`Bearer `.length), `base64`).toString() !== `user:pass`) {

if (auth?.startsWith(`Basic `) && Buffer.from(auth.slice(`Basic `.length), `base64`).toString() !== `user:pass`) {
res.writeHead(401).end(`Unauthorized`);
return;
}
Expand Down Expand Up @@ -163,7 +164,7 @@ switch (process.env.AUTH_TYPE) {

case `COREPACK_NPM_PASSWORD`:
process.env.COREPACK_NPM_REGISTRY = `http://${address.includes(`:`) ? `[${address}]` : address}:${port}`;
process.env.COREPACK_NPM_USER = `user`;
process.env.COREPACK_NPM_USERNAME = `user`;
process.env.COREPACK_NPM_PASSWORD = `pass`;
break;

Expand Down

0 comments on commit 2d63536

Please sign in to comment.