fix: rc version should match * version (#692)

closes cnpm/unpkg-white-list#63  ## Summary by CodeRabbit - **Bug Fixes** - Improved package version checking to support wildcard (`*`) versions, ensuring better compatibility and flexibility. - Fixed issues in handling release candidate (rc) versions in package version checks.
cnpm · May 30, 2024 · 0b62238 · 0b62238
1 parent 9beaf41
commit 0b62238
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 2 deletions.
diff --git a/app/core/service/PackageVersionFileService.ts b/app/core/service/PackageVersionFileService.ts
@@ -113,10 +113,10 @@ export class PackageVersionFileService extends AbstractService {
     // check allow packages
     const fullname = getFullname(pkgScope, pkgName);
     const pkgConfig = this.#unpkgWhiteListAllowPackages[fullname];
-    if (!pkgConfig) {
+    if (!pkgConfig?.version) {
       throw new ForbiddenError(`"${fullname}" is not allow to unpkg files, see ${unpkgWhiteListUrl}`);
     }
-    if (!pkgConfig.version || !semver.satisfies(pkgVersion, pkgConfig.version)) {
+    if (pkgConfig.version !== '*' && !semver.satisfies(pkgVersion, pkgConfig.version)) {
       throw new ForbiddenError(`"${fullname}@${pkgVersion}" not satisfies "${pkgConfig.version}" to unpkg files, see ${unpkgWhiteListUrl}`);
     }
   }

diff --git a/test/port/controller/PackageVersionFileController/listFiles.test.ts b/test/port/controller/PackageVersionFileController/listFiles.test.ts
@@ -920,6 +920,94 @@ describe('test/port/controller/PackageVersionFileController/listFiles.test.ts',
         assert.equal(res.status, 403);
         assert.equal(res.body.error, '[FORBIDDEN] "[email protected]" not satisfies "3" to unpkg files, see https://github.com/cnpm/unpkg-white-list');
       });
+
+      it('bugfix: should support rc version', async () => {
+        // https://github.com/cnpm/unpkg-white-list/issues/63
+        mock(app.config.cnpmcore, 'allowPublishNonScopePackage', true);
+        mock(app.config.cnpmcore, 'enableUnpkg', true);
+        mock(app.config.cnpmcore, 'enableSyncUnpkgFilesWhiteList', true);
+
+        let pkg = await TestUtil.getFullPackage({
+          name: 'unpkg-white-list',
+          version: '2.0.0',
+          versionObject: {
+            description: 'work with utf8mb4 💩, 𝌆 utf8_unicode_ci, foo𝌆bar 🍻',
+            allowScopes: [ '@cnpm' ],
+            allowPackages: {
+              foo: {
+                version: '*',
+              },
+              bar: {
+                version: '1.0.0',
+              },
+            },
+          },
+        });
+        await app.httpRequest()
+          .put(`/${pkg.name}`)
+          .set('authorization', publisher.authorization)
+          .set('user-agent', publisher.ua)
+          .send(pkg)
+          .expect(201);
+        pkg = await TestUtil.getFullPackage({
+          name: 'foo',
+          version: '0.0.0',
+          versionObject: {
+            description: 'work with utf8mb4 💩, 𝌆 utf8_unicode_ci, foo𝌆bar 🍻',
+          },
+        });
+        await app.httpRequest()
+          .put(`/${pkg.name}`)
+          .set('authorization', publisher.authorization)
+          .set('user-agent', publisher.ua)
+          .send(pkg)
+          .expect(201);
+
+        let res = await app.httpRequest()
+          .get('/foo/0.0.0/files/package.json')
+          .expect('content-type', 'application/json; charset=utf-8');
+        assert.equal(res.status, 200);
+        assert(res.body.name);
+
+        pkg = await TestUtil.getFullPackage({
+          name: 'foo',
+          version: '0.3.0-rc15',
+          versionObject: {
+            description: 'work with utf8mb4 💩, 𝌆 utf8_unicode_ci, foo𝌆bar 🍻',
+          },
+        });
+        await app.httpRequest()
+          .put(`/${pkg.name}`)
+          .set('authorization', publisher.authorization)
+          .set('user-agent', publisher.ua)
+          .send(pkg)
+          .expect(201);
+        res = await app.httpRequest()
+          .get('/foo/0.3.0-rc15/files/package.json')
+          .expect('content-type', 'application/json; charset=utf-8');
+        assert.equal(res.status, 200);
+        assert(res.body.name);
+
+        pkg = await TestUtil.getFullPackage({
+          name: 'bar',
+          version: '0.3.0-rc15',
+          versionObject: {
+            description: 'work with utf8mb4 💩, 𝌆 utf8_unicode_ci, foo𝌆bar 🍻',
+          },
+        });
+        await app.httpRequest()
+          .put(`/${pkg.name}`)
+          .set('authorization', publisher.authorization)
+          .set('user-agent', publisher.ua)
+          .send(pkg)
+          .expect(201);
+        res = await app.httpRequest()
+          .get('/bar/0.3.0-rc15/files/package.json')
+          .expect('content-type', 'application/json; charset=utf-8');
+        assert.equal(res.status, 403);
+        assert.equal(res.body.error,
+          '[FORBIDDEN] "[email protected]" not satisfies "1.0.0" to unpkg files, see https://github.com/cnpm/unpkg-white-list');
+      });
     });
   });
 });