223 lines
6 KiB
JavaScript
223 lines
6 KiB
JavaScript
const path = require('path')
|
|
|
|
const libnpmaccess = require('libnpmaccess')
|
|
const npa = require('npm-package-arg')
|
|
const readPackageJson = require('read-package-json-fast')
|
|
const localeCompare = require('@isaacs/string-locale-compare')('en')
|
|
|
|
const otplease = require('../utils/otplease.js')
|
|
const getIdentity = require('../utils/get-identity.js')
|
|
const BaseCommand = require('../base-command.js')
|
|
|
|
const commands = [
|
|
'get',
|
|
'grant',
|
|
'list',
|
|
'revoke',
|
|
'set',
|
|
]
|
|
|
|
const setCommands = [
|
|
'status=public',
|
|
'status=private',
|
|
'mfa=none',
|
|
'mfa=publish',
|
|
'mfa=automation',
|
|
'2fa=none',
|
|
'2fa=publish',
|
|
'2fa=automation',
|
|
]
|
|
|
|
class Access extends BaseCommand {
|
|
static description = 'Set access level on published packages'
|
|
static name = 'access'
|
|
static params = [
|
|
'json',
|
|
'otp',
|
|
'registry',
|
|
]
|
|
|
|
static usage = [
|
|
'list packages [<user>|<scope>|<scope:team> [<package>]',
|
|
'list collaborators [<package> [<user>]]',
|
|
'get status [<package>]',
|
|
'set status=public|private [<package>]',
|
|
'set mfa=none|publish|automation [<package>]',
|
|
'grant <read-only|read-write> <scope:team> [<package>]',
|
|
'revoke <scope:team> [<package>]',
|
|
]
|
|
|
|
async completion (opts) {
|
|
const argv = opts.conf.argv.remain
|
|
if (argv.length === 2) {
|
|
return commands
|
|
}
|
|
|
|
switch (argv[2]) {
|
|
case 'grant':
|
|
return ['read-only', 'read-write']
|
|
case 'revoke':
|
|
return []
|
|
case 'list':
|
|
case 'ls':
|
|
return ['packages', 'collaborators']
|
|
case 'get':
|
|
return ['status']
|
|
case 'set':
|
|
return setCommands
|
|
default:
|
|
throw new Error(argv[2] + ' not recognized')
|
|
}
|
|
}
|
|
|
|
async exec ([cmd, subcmd, ...args]) {
|
|
if (!cmd) {
|
|
throw this.usageError()
|
|
}
|
|
if (!commands.includes(cmd)) {
|
|
throw this.usageError(`${cmd} is not a valid access command`)
|
|
}
|
|
// All commands take at least one more parameter so we can do this check up front
|
|
if (!subcmd) {
|
|
throw this.usageError()
|
|
}
|
|
|
|
switch (cmd) {
|
|
case 'grant':
|
|
if (!['read-only', 'read-write'].includes(subcmd)) {
|
|
throw this.usageError('grant must be either `read-only` or `read-write`')
|
|
}
|
|
if (!args[0]) {
|
|
throw this.usageError('`<scope:team>` argument is required')
|
|
}
|
|
return this.#grant(subcmd, args[0], args[1])
|
|
case 'revoke':
|
|
return this.#revoke(subcmd, args[0])
|
|
case 'list':
|
|
case 'ls':
|
|
if (subcmd === 'packages') {
|
|
return this.#listPackages(args[0], args[1])
|
|
}
|
|
if (subcmd === 'collaborators') {
|
|
return this.#listCollaborators(args[0], args[1])
|
|
}
|
|
throw this.usageError(`list ${subcmd} is not a valid access command`)
|
|
case 'get':
|
|
if (subcmd !== 'status') {
|
|
throw this.usageError(`get ${subcmd} is not a valid access command`)
|
|
}
|
|
return this.#getStatus(args[0])
|
|
case 'set':
|
|
if (!setCommands.includes(subcmd)) {
|
|
throw this.usageError(`set ${subcmd} is not a valid access command`)
|
|
}
|
|
return this.#set(subcmd, args[0])
|
|
}
|
|
}
|
|
|
|
async #grant (permissions, scope, pkg) {
|
|
await libnpmaccess.setPermissions(scope, pkg, permissions)
|
|
}
|
|
|
|
async #revoke (scope, pkg) {
|
|
await libnpmaccess.removePermissions(scope, pkg)
|
|
}
|
|
|
|
async #listPackages (owner, pkg) {
|
|
if (!owner) {
|
|
owner = await getIdentity(this.npm, this.npm.flatOptions)
|
|
}
|
|
const pkgs = await libnpmaccess.getPackages(owner, this.npm.flatOptions)
|
|
this.#output(pkgs, pkg)
|
|
}
|
|
|
|
async #listCollaborators (pkg, user) {
|
|
const pkgName = await this.#getPackage(pkg, false)
|
|
const collabs = await libnpmaccess.getCollaborators(pkgName, this.npm.flatOptions)
|
|
this.#output(collabs, user)
|
|
}
|
|
|
|
async #getStatus (pkg) {
|
|
const pkgName = await this.#getPackage(pkg, false)
|
|
const visibility = await libnpmaccess.getVisibility(pkgName, this.npm.flatOptions)
|
|
this.#output({ [pkgName]: visibility.public ? 'public' : 'private' })
|
|
}
|
|
|
|
async #set (subcmd, pkg) {
|
|
const [subkey, subval] = subcmd.split('=')
|
|
switch (subkey) {
|
|
case 'mfa':
|
|
case '2fa':
|
|
return this.#setMfa(pkg, subval)
|
|
case 'status':
|
|
return this.#setStatus(pkg, subval)
|
|
}
|
|
}
|
|
|
|
async #setMfa (pkg, level) {
|
|
const pkgName = await this.#getPackage(pkg, false)
|
|
await otplease(this.npm, this.npm.flatOptions, (opts) => {
|
|
return libnpmaccess.setMfa(pkgName, level, opts)
|
|
})
|
|
}
|
|
|
|
async #setStatus (pkg, status) {
|
|
// only scoped packages can have their access changed
|
|
const pkgName = await this.#getPackage(pkg, true)
|
|
if (status === 'private') {
|
|
status = 'restricted'
|
|
}
|
|
await otplease(this.npm, this.npm.flatOptions, (opts) => {
|
|
return libnpmaccess.setAccess(pkgName, status, opts)
|
|
})
|
|
return this.#getStatus(pkgName)
|
|
}
|
|
|
|
async #getPackage (name, requireScope) {
|
|
if (!name) {
|
|
try {
|
|
const pkg = await readPackageJson(path.resolve(this.npm.prefix, 'package.json'))
|
|
name = pkg.name
|
|
} catch (err) {
|
|
if (err.code === 'ENOENT') {
|
|
throw Object.assign(new Error('no package name given and no package.json found'), {
|
|
code: 'ENOENT',
|
|
})
|
|
} else {
|
|
throw err
|
|
}
|
|
}
|
|
}
|
|
|
|
const spec = npa(name)
|
|
if (requireScope && !spec.scope) {
|
|
throw this.usageError('This command is only available for scoped packages.')
|
|
}
|
|
return name
|
|
}
|
|
|
|
#output (items, limiter) {
|
|
const output = {}
|
|
const lookup = {
|
|
__proto__: null,
|
|
read: 'read-only',
|
|
write: 'read-write',
|
|
}
|
|
for (const item in items) {
|
|
const val = items[item]
|
|
output[item] = lookup[val] || val
|
|
}
|
|
if (this.npm.config.get('json')) {
|
|
this.npm.output(JSON.stringify(output, null, 2))
|
|
} else {
|
|
for (const item of Object.keys(output).sort(localeCompare)) {
|
|
if (!limiter || limiter === item) {
|
|
this.npm.output(`${item}: ${output[item]}`)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = Access
|