1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
var url = require('url')
var base64 = require('./base64')
var decodeBase64 = base64.decodeBase64
var encodeBase64 = base64.encodeBase64
var tokenKey = ':_authToken'
var userKey = ':username'
var passwordKey = ':_password'
module.exports = function () {
var checkUrl
var options
if (arguments.length >= 2) {
checkUrl = arguments[0]
options = arguments[1]
} else if (typeof arguments[0] === 'string') {
checkUrl = arguments[0]
} else {
options = arguments[0]
}
options = options || {}
options.npmrc = options.npmrc || require('rc')('npm', {registry: 'https://registry.npmjs.org/'})
checkUrl = checkUrl || options.npmrc.registry
return getRegistryAuthInfo(checkUrl, options) || getLegacyAuthInfo(options.npmrc)
}
function getRegistryAuthInfo (checkUrl, options) {
var parsed = url.parse(checkUrl, false, true)
var pathname
while (pathname !== '/' && parsed.pathname !== pathname) {
pathname = parsed.pathname || '/'
var regUrl = '//' + parsed.host + pathname.replace(/\/$/, '')
var authInfo = getAuthInfoForUrl(regUrl, options.npmrc)
if (authInfo) {
return authInfo
}
// break if not recursive
if (!options.recursive) {
return /\/$/.test(checkUrl)
? undefined
: getRegistryAuthInfo(url.resolve(checkUrl, '.'), options)
}
parsed.pathname = url.resolve(normalizePath(pathname), '..') || '/'
}
return undefined
}
function getLegacyAuthInfo (npmrc) {
if (npmrc._auth) {
return {token: npmrc._auth, type: 'Basic'}
}
return undefined
}
function normalizePath (path) {
return path[path.length - 1] === '/' ? path : path + '/'
}
function getAuthInfoForUrl (regUrl, npmrc) {
// try to get bearer token
var bearerAuth = getBearerToken(npmrc[regUrl + tokenKey] || npmrc[regUrl + '/' + tokenKey])
if (bearerAuth) {
return bearerAuth
}
// try to get basic token
var username = npmrc[regUrl + userKey] || npmrc[regUrl + '/' + userKey]
var password = npmrc[regUrl + passwordKey] || npmrc[regUrl + '/' + passwordKey]
var basicAuth = getTokenForUsernameAndPassword(username, password)
if (basicAuth) {
return basicAuth
}
return undefined
}
function getBearerToken (tok) {
if (!tok) {
return undefined
}
// check if bearer token
var token = tok.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) {
return process.env[envVar]
})
return {token: token, type: 'Bearer'}
}
function getTokenForUsernameAndPassword (username, password) {
if (!username || !password) {
return undefined
}
// passwords are base64 encoded, so we need to decode it
// See https://github.com/npm/npm/blob/v3.10.6/lib/config/set-credentials-by-uri.js#L26
var pass = decodeBase64(password.replace(/^\$\{?([^}]*)\}?$/, function (fullMatch, envVar) {
return process.env[envVar]
}))
// a basic auth token is base64 encoded 'username:password'
// See https://github.com/npm/npm/blob/v3.10.6/lib/config/get-credentials-by-uri.js#L70
var token = encodeBase64(username + ':' + pass)
// we found a basicToken token so let's exit the loop
return {
token: token,
type: 'Basic',
password: pass,
username: username
}
}
|