1 | 'use strict'
|
2 |
|
3 |
|
4 | const BB = require('bluebird')
|
5 |
|
6 | const figgyPudding = require('figgy-pudding')
|
7 | const libaccess = require('libnpm/access')
|
8 | const npmConfig = require('./config/figgy-config.js')
|
9 | const output = require('./utils/output.js')
|
10 | const otplease = require('./utils/otplease.js')
|
11 | const path = require('path')
|
12 | const prefix = require('./npm.js').prefix
|
13 | const readPackageJson = BB.promisify(require('read-package-json'))
|
14 | const usage = require('./utils/usage.js')
|
15 | const whoami = require('./whoami.js')
|
16 |
|
17 | module.exports = access
|
18 |
|
19 | access.usage = usage(
|
20 | 'npm access',
|
21 | 'npm access public [<package>]\n' +
|
22 | 'npm access restricted [<package>]\n' +
|
23 | 'npm access grant <read-only|read-write> <scope:team> [<package>]\n' +
|
24 | 'npm access revoke <scope:team> [<package>]\n' +
|
25 | 'npm access 2fa-required [<package>]\n' +
|
26 | 'npm access 2fa-not-required [<package>]\n' +
|
27 | 'npm access ls-packages [<user>|<scope>|<scope:team>]\n' +
|
28 | 'npm access ls-collaborators [<package> [<user>]]\n' +
|
29 | 'npm access edit [<package>]'
|
30 | )
|
31 |
|
32 | access.subcommands = [
|
33 | 'public', 'restricted', 'grant', 'revoke',
|
34 | 'ls-packages', 'ls-collaborators', 'edit',
|
35 | '2fa-required', '2fa-not-required'
|
36 | ]
|
37 |
|
38 | const AccessConfig = figgyPudding({
|
39 | json: {}
|
40 | })
|
41 |
|
42 | function UsageError (msg = '') {
|
43 | throw Object.assign(new Error(
|
44 | (msg ? `\nUsage: ${msg}\n\n` : '') +
|
45 | access.usage
|
46 | ), {code: 'EUSAGE'})
|
47 | }
|
48 |
|
49 | access.completion = function (opts, cb) {
|
50 | var argv = opts.conf.argv.remain
|
51 | if (argv.length === 2) {
|
52 | return cb(null, access.subcommands)
|
53 | }
|
54 |
|
55 | switch (argv[2]) {
|
56 | case 'grant':
|
57 | if (argv.length === 3) {
|
58 | return cb(null, ['read-only', 'read-write'])
|
59 | } else {
|
60 | return cb(null, [])
|
61 | }
|
62 | case 'public':
|
63 | case 'restricted':
|
64 | case 'ls-packages':
|
65 | case 'ls-collaborators':
|
66 | case 'edit':
|
67 | case '2fa-required':
|
68 | case '2fa-not-required':
|
69 | return cb(null, [])
|
70 | case 'revoke':
|
71 | return cb(null, [])
|
72 | default:
|
73 | return cb(new Error(argv[2] + ' not recognized'))
|
74 | }
|
75 | }
|
76 |
|
77 | function access ([cmd, ...args], cb) {
|
78 | return BB.try(() => {
|
79 | const fn = access.subcommands.includes(cmd) && access[cmd]
|
80 | if (!cmd) { UsageError('Subcommand is required.') }
|
81 | if (!fn) { UsageError(`${cmd} is not a recognized subcommand.`) }
|
82 |
|
83 | return fn(args, AccessConfig(npmConfig()))
|
84 | }).then(
|
85 | x => cb(null, x),
|
86 | err => err.code === 'EUSAGE' ? cb(err.message) : cb(err)
|
87 | )
|
88 | }
|
89 |
|
90 | access.public = ([pkg], opts) => {
|
91 | return modifyPackage(pkg, opts, libaccess.public)
|
92 | }
|
93 |
|
94 | access.restricted = ([pkg], opts) => {
|
95 | return modifyPackage(pkg, opts, libaccess.restricted)
|
96 | }
|
97 |
|
98 | access.grant = ([perms, scopeteam, pkg], opts) => {
|
99 | return BB.try(() => {
|
100 | if (!perms || (perms !== 'read-only' && perms !== 'read-write')) {
|
101 | UsageError('First argument must be either `read-only` or `read-write.`')
|
102 | }
|
103 | if (!scopeteam) {
|
104 | UsageError('`<scope:team>` argument is required.')
|
105 | }
|
106 | const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []
|
107 | if (!scope && !team) {
|
108 | UsageError(
|
109 | 'Second argument used incorrect format.\n' +
|
110 | 'Example: @example:developers'
|
111 | )
|
112 | }
|
113 | return modifyPackage(pkg, opts, (pkgName, opts) => {
|
114 | return libaccess.grant(pkgName, scopeteam, perms, opts)
|
115 | })
|
116 | })
|
117 | }
|
118 |
|
119 | access.revoke = ([scopeteam, pkg], opts) => {
|
120 | return BB.try(() => {
|
121 | if (!scopeteam) {
|
122 | UsageError('`<scope:team>` argument is required.')
|
123 | }
|
124 | const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []
|
125 | if (!scope || !team) {
|
126 | UsageError(
|
127 | 'First argument used incorrect format.\n' +
|
128 | 'Example: @example:developers'
|
129 | )
|
130 | }
|
131 | return modifyPackage(pkg, opts, (pkgName, opts) => {
|
132 | return libaccess.revoke(pkgName, scopeteam, opts)
|
133 | })
|
134 | })
|
135 | }
|
136 |
|
137 | access['2fa-required'] = access.tfaRequired = ([pkg], opts) => {
|
138 | return modifyPackage(pkg, opts, libaccess.tfaRequired, false)
|
139 | }
|
140 |
|
141 | access['2fa-not-required'] = access.tfaNotRequired = ([pkg], opts) => {
|
142 | return modifyPackage(pkg, opts, libaccess.tfaNotRequired, false)
|
143 | }
|
144 |
|
145 | access['ls-packages'] = access.lsPackages = ([owner], opts) => {
|
146 | return (
|
147 | owner ? BB.resolve(owner) : BB.fromNode(cb => whoami([], true, cb))
|
148 | ).then(owner => {
|
149 | return libaccess.lsPackages(owner, opts)
|
150 | }).then(pkgs => {
|
151 |
|
152 | output(JSON.stringify(pkgs, null, 2))
|
153 | })
|
154 | }
|
155 |
|
156 | access['ls-collaborators'] = access.lsCollaborators = ([pkg, usr], opts) => {
|
157 | return getPackage(pkg, false).then(pkgName =>
|
158 | libaccess.lsCollaborators(pkgName, usr, opts)
|
159 | ).then(collabs => {
|
160 |
|
161 | output(JSON.stringify(collabs, null, 2))
|
162 | })
|
163 | }
|
164 |
|
165 | access['edit'] = () => BB.reject(new Error('edit subcommand is not implemented yet'))
|
166 |
|
167 | function modifyPackage (pkg, opts, fn, requireScope = true) {
|
168 | return getPackage(pkg, requireScope).then(pkgName =>
|
169 | otplease(opts, opts => fn(pkgName, opts))
|
170 | )
|
171 | }
|
172 |
|
173 | function getPackage (name, requireScope = true) {
|
174 | return BB.try(() => {
|
175 | if (name && name.trim()) {
|
176 | return name.trim()
|
177 | } else {
|
178 | return readPackageJson(
|
179 | path.resolve(prefix, 'package.json')
|
180 | ).then(
|
181 | data => data.name,
|
182 | err => {
|
183 | if (err.code === 'ENOENT') {
|
184 | throw new Error('no package name passed to command and no package.json found')
|
185 | } else {
|
186 | throw err
|
187 | }
|
188 | }
|
189 | )
|
190 | }
|
191 | }).then(name => {
|
192 | if (requireScope && !name.match(/^@[^/]+\/.*$/)) {
|
193 | UsageError('This command is only available for scoped packages.')
|
194 | } else {
|
195 | return name
|
196 | }
|
197 | })
|
198 | }
|