refactor: separate engine firewall domain

antongolub · Oct 28, 2023 · 960ec1b · 960ec1b
1 parent 8cfa070
commit 960ec1b
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 18 deletions.
diff --git a/src/main/js/firewall/engine/api.js b/src/main/js/firewall/engine/api.js
@@ -0,0 +1,30 @@
+import {getBoundContext, getPolicy, getPipeline, getDirective} from './common.js'
+import {getPackument, guessDistTags} from './packument.js'
+import {checkTarball} from './tarball.js'
+
+export {
+  getDirective,
+  guessDistTags,
+  getPackument,
+  checkTarball,
+  getPolicy,
+  getPipeline,
+}
+
+export const assertPolicy = async ({org, name, version, rules, registry, authorization}) => {
+  const boundContext = await getBoundContext({org, name, version, rules, registry, authorization})
+}
+
+export const getAssets = async (boundContext) => {
+  const {name, org, version, registry} = boundContext
+  const url = (org ? `${org}/` : '') + `${name}/-/${name}.tgz`
+  const [
+    { packument, packumentBufferZip, headers, etag, deps, directives },
+    tarball
+  ] = await Promise.all([
+    getPackument({ boundContext, rules }),
+    version ? checkTarball({registry, url}) : Promise.resolve(false)
+  ])
+
+  return {packument, packumentBufferZip, headers, etag, deps, directives, tarball}
+}
diff --git a/src/main/js/firewall/engine.js → src/main/js/firewall/engine/common.js b/src/main/js/firewall/engine.js → src/main/js/firewall/engine/common.js
@@ -1,5 +1,21 @@
-import {asArray, mapValuesAsync} from '../util.js'
-import {logger} from '../logger.js'
+import {asArray, mapValuesAsync, normalizePath} from '../../util.js'
+import {logger} from '../../logger.js'
+import {getConfig} from '../../config.js'
+
+const getAuth = (token, auth) => token
+  ? token?.startsWith('Bearer')
+    ? token
+    :`Bearer ${token}`
+  : auth
+
+export const getBoundContext = async ({org, name, version, rules, registry, token, req = {headers: {}}}) => {
+  const config = getConfig()
+  const authorization = getAuth(token, req.headers['authorization'])
+  const entrypoint = _entrypoint || normalizePath(`${config.server.entrypoint}${base}`)
+  const pipeline = await getPipeline(rules)
+
+  return { registry, entrypoint, authorization, name, org, version, pipeline, rules }
+}
 
 export const getDirectives = ({packument, rules, boundContext}) =>
   mapValuesAsync(packument.versions, async (entry) =>
@@ -54,4 +70,4 @@ export const normalizePipeline = (rules) =>
     )
 
     return m
-  }, [])
+  }, [])
diff --git a/src/main/js/firewall/packument.js → src/main/js/firewall/engine/packument.js b/src/main/js/firewall/packument.js → src/main/js/firewall/engine/packument.js
@@ -1,12 +1,12 @@
 import crypto from 'node:crypto'
 
-import {getDirectives, getPolicy} from './engine.js'
-import {request} from '../http/index.js'
-import {logger} from '../logger.js'
-import {asArray, tryQueue, time} from '../util.js'
-import {withCache} from '../cache.js'
-import {semver} from '../semver.js'
-import {gunzip} from '../zip.js'
+import {getDirectives, getPolicy} from './common.js'
+import {request} from '../../http/index.js'
+import {logger} from '../../logger.js'
+import {asArray, tryQueue, time} from '../../util.js'
+import {withCache} from '../../cache.js'
+import {semver} from '../../semver.js'
+import {gunzip} from '../../zip.js'
 
 export const getPackument = async ({boundContext, rules}) => {
   const { registry, authorization, entrypoint, name } = boundContext

diff --git a/src/main/js/firewall/tarball.js → src/main/js/firewall/engine/tarball.js b/src/main/js/firewall/tarball.js → src/main/js/firewall/engine/tarball.js
@@ -1,5 +1,5 @@
-import {asArray, tryQueue} from '../util.js'
-import {request} from '../http/index.js'
+import {asArray, tryQueue} from '../../util.js'
+import {request} from '../../http/index.js'
 
 export const checkTarball = async ({registry, url}) => {
   const registries = asArray(registry)

diff --git a/src/main/js/firewall/index.js b/src/main/js/firewall/index.js
@@ -1,3 +1,2 @@
 export * from './middleware.js'
-export * from './engine.js'
-export * from './packument.js'
+export * from './engine/api.js'
diff --git a/src/main/js/firewall/middleware.js b/src/main/js/firewall/middleware.js
@@ -1,10 +1,8 @@
 import {httpError, NOT_FOUND, ACCESS_DENIED, METHOD_NOT_ALLOWED, NOT_MODIFIED, OK, FOUND} from '../http/index.js'
-import {getPolicy, getPipeline} from './engine.js'
-import {getPackument} from './packument.js'
+import {getPolicy, getPipeline, checkTarball, getPackument} from './engine/api.js'
 import {normalizePath, dropNullEntries, time, jsonBuffer} from '../util.js'
 import {gzip} from '../zip.js'
 import {hasHit, hasKey, isNoCache} from '../cache.js'
-import {checkTarball} from './tarball.js'
 import {logger} from '../logger.js'
 import {getConfig} from '../config.js'
 

diff --git a/src/test/js/firewall.js b/src/test/js/firewall.js
@@ -1,5 +1,5 @@
 import { testFactory, assert } from '../test-utils.js'
-import { getDirective } from '../../main/js/firewall/index.js'
+import { getDirective, assertPolicy } from '../../main/js/firewall/index.js'
 
 const test = testFactory('firewall', import.meta)