mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-10 18:18:56 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
bfd38cdc15e89b36eab4fa106a94de066c4638ef
pnpm/config/reader/test/getNetworkConfigs.test.ts
Zoltan Kochan 45a6cb6b2a refactor(auth): unify auth/SSL into structured configByUri (#11201) 
Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config.

### New types (`@pnpm/types`)
- **`RegistryConfig`** — per-registry config: `{ creds?: Creds, tls?: TlsConfig }`
- **`Creds`** — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }`
- **`TlsConfig`** — TLS config: `{ cert?, key?, ca? }`

### Key changes
- Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs
- Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs`
- Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri`
- Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls`
- Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`)
- `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance)

### Security
- tokenHelper in project .npmrc now throws instead of being silently stripped
- tokenHelper execution uses `shell: false` to prevent shell metacharacter injection
- Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety
- Dispatcher only creates custom agents when entries actually have TLS fields
2026-04-05 20:15:10 +02:00

173 lines
4.1 KiB
TypeScript
Raw Blame History

import fs from 'node:fs'
import { prepareEmpty } from '@pnpm/prepare'
import { getNetworkConfigs, type NetworkConfigs } from '../src/getNetworkConfigs.js'
test('without files', () => {
expect(getNetworkConfigs({})).toStrictEqual({
registries: {},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:ca': 'some-ca',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:cert': 'some-cert',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
tls: { cert: 'some-cert' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:ca': 'some-ca',
'//example.com/foo:cert': 'some-cert',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca', cert: 'some-cert' },
},
},
} as NetworkConfigs)
})
test('with files', () => {
prepareEmpty()
fs.writeFileSync('cafile', 'some-ca')
fs.writeFileSync('certfile', 'some-cert')
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:cafile': 'cafile',
'//example.com/foo:certfile': 'certfile',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
tls: { ca: 'some-ca', cert: 'some-cert' },
},
},
} as NetworkConfigs)
})
test('auth and tls combined', () => {
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:_authToken': 'example auth token',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
creds: { authToken: 'example auth token' },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:_auth': btoa('foo:bar'),
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
creds: {
basicAuth: {
username: 'foo',
password: 'bar',
},
},
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:username': 'foo',
'//example.com/foo:_password': btoa('bar'),
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
creds: {
basicAuth: {
username: 'foo',
password: 'bar',
},
},
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:tokenHelper': 'node ./my-token-helper.cjs',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
configByUri: {
'//example.com/foo': {
creds: { tokenHelper: ['node', './my-token-helper.cjs'] },
},
},
} as NetworkConfigs)
expect(getNetworkConfigs({
'//example.com/foo:_authToken': 'token',
'//example.com/foo:cert': 'some-cert',
'//example.com/foo:key': 'some-key',
})).toStrictEqual({
registries: {},
configByUri: {
'//example.com/foo': {
creds: { authToken: 'token' },
tls: { cert: 'some-cert', key: 'some-key' },
},
},
} as NetworkConfigs)
})
test('unsupported key', () => {
expect(getNetworkConfigs({
'@foo:registry': 'https://example.com/foo',
'//example.com/foo:someUnsupportedKey': 'hello world',
})).toStrictEqual({
registries: {
'@foo': 'https://example.com/foo',
},
} as NetworkConfigs)
})
Reference in New Issue View Git Blame Copy Permalink