gowebbuild/npmproxy/source.go

package npmproxy

import (
	"context"
	"crypto/sha512"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"io"
	"os"
	"path/filepath"
	"regexp"
	"strings"

	"github.com/Masterminds/semver/v3"
	"github.com/kataras/golog"
	"github.com/mholt/archiver/v4"
	"github.com/trading-peter/gowebbuild/fsutils"
)

func (p *Proxy) readPackageJson(pkgPath string) (PackageJson, error) {
	pkgFile := filepath.Join(pkgPath, "package.json")

	if !fsutils.IsFile(pkgFile) {
		return PackageJson{}, fmt.Errorf("package.json not found in %s", pkgPath)
	}

	pkgData, err := os.ReadFile(pkgFile)
	if err != nil {
		return PackageJson{}, err
	}

	pkg := PackageJson{}
	err = json.Unmarshal(pkgData, &pkg)
	if err != nil {
		return PackageJson{}, err
	}

	return pkg, nil
}

func (p *Proxy) findDependencyVersionConstraint(projectPkg PackageJson, pkgName string) (*semver.Constraints, error) {
	if verStr, ok := projectPkg.Dependencies[pkgName]; ok {
		return semver.NewConstraint(verStr)
	}

	return nil, fmt.Errorf("package %s not found in project dependencies", pkgName)
}

func (p *Proxy) findPackageSource(override *Override, pkgName string) (*Package, error) {
	pkgNameParts := strings.Split(pkgName, "/")
	pkgPath := filepath.Join(override.PackageRoot, pkgNameParts[len(pkgNameParts)-1])

	// Read the projects package.json and figure out the requested semver version, which probably will be a contraint to assert against (like "^1.2.3").
	projectPkg, err := p.readPackageJson(p.ProjectRoot)
	if err != nil {
		return nil, err
	}

	reqVersion, err := p.findDependencyVersionConstraint(projectPkg, pkgName)

	pkg, err := p.readPackageJson(pkgPath)
	if err != nil {
		return nil, err
	}

	pkgVersion, err := semver.NewVersion(pkg.Version)
	if err != nil {
		return nil, err
	}

	if !reqVersion.Check(pkgVersion) {
		golog.Infof("Version %s in package sources for %s is not meeting the version constrains (%s) of the project. Forwarding request to upstream registry.", pkgVersion, pkgName, reqVersion)
		return nil, nil
	}

	pkgArchive, err := p.createPackage(pkgPath, pkg)
	if err != nil {
		return nil, err
	}

	integrity, shasum, err := p.createHashes(pkgArchive)
	if err != nil {
		return nil, err
	}

	return &Package{
		ID:   pkg.Name,
		Name: pkg.Name,
		DistTags: DistTags{
			Latest: pkg.Version,
		},
		Versions: map[string]Version{
			pkg.Version: {
				ID:           pkg.Name,
				Name:         pkg.Name,
				Version:      pkg.Version,
				Dependencies: pkg.Dependencies,
				Dist: Dist{
					Integrity: integrity,
					Shasum:    shasum,
					Tarball:   fmt.Sprintf("%s/files/%s", p.internalProxyUrl, filepath.Base(pkgArchive)),
				},
			},
		},
	}, nil
}

func (p *Proxy) createPackage(pkgPath string, pkg PackageJson) (string, error) {
	err := os.MkdirAll(p.pkgCachePath, 0755)
	if err != nil {
		return "", err
	}

	pkgArchive := filepath.Join(p.pkgCachePath, sanitizePkgName(pkg.Name, pkg.Version)+".tar")

	files, err := archiver.FilesFromDisk(nil, map[string]string{
		pkgPath: ".",
	})

	if err != nil {
		return "", err
	}

	filesFiltered := []archiver.File{}

	filterRegex := regexp.MustCompile(`^node_modules|.git`)

	for _, file := range files {
		if filterRegex.MatchString(file.NameInArchive) {
			continue
		}
		filesFiltered = append(filesFiltered, file)
	}

	out, err := os.Create(pkgArchive)
	if err != nil {
		return "", err
	}
	defer out.Close()

	format := archiver.CompressedArchive{
		Archival: archiver.Tar{},
	}

	err = format.Archive(context.Background(), out, filesFiltered)
	if err != nil {
		return "", err
	}

	return pkgArchive, nil
}

func (p *Proxy) createHashes(pkgArchive string) (string, string, error) {
	// Open the file
	file, err := os.Open(pkgArchive)
	if err != nil {
		return "", "", err
	}
	defer file.Close()

	// Create a new SHA256 hash
	hash := sha512.New()

	// Copy the file data into the hash
	if _, err := io.Copy(hash, file); err != nil {
		return "", "", err
	}

	// Get the hash sum
	hashSum := hash.Sum(nil)

	// Generate the integrity string (SHA-256 base64-encoded)
	integrity := "sha512-" + base64.StdEncoding.EncodeToString(hashSum)

	// Generate the shasum (hexadecimal representation)
	shasum := fmt.Sprintf("%x", hashSum)

	return integrity, shasum, nil
}

// Replace all characters of the pages name that are not allowed in a URL with a hyphen.
func sanitizePkgName(pkgName string, version string) string {
	pkgName = strings.ReplaceAll(pkgName, "@", "")
	pkgName = strings.ReplaceAll(pkgName, "/", "_")
	version = strings.ReplaceAll(version, ".", "_")
	return fmt.Sprintf("%s_%s", pkgName, version)
}
New version 2024-11-06 10:43:05 +01:00			`package npmproxy`

			`import (`
			`"context"`
			`"crypto/sha512"`
			`"encoding/base64"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"os"`
			`"path/filepath"`
			`"regexp"`
			`"strings"`

			`"github.com/Masterminds/semver/v3"`
			`"github.com/kataras/golog"`
			`"github.com/mholt/archiver/v4"`
			`"github.com/trading-peter/gowebbuild/fsutils"`
			`)`

			`func (p *Proxy) readPackageJson(pkgPath string) (PackageJson, error) {`
			`pkgFile := filepath.Join(pkgPath, "package.json")`

			`if !fsutils.IsFile(pkgFile) {`
			`return PackageJson{}, fmt.Errorf("package.json not found in %s", pkgPath)`
			`}`

			`pkgData, err := os.ReadFile(pkgFile)`
			`if err != nil {`
			`return PackageJson{}, err`
			`}`

			`pkg := PackageJson{}`
			`err = json.Unmarshal(pkgData, &pkg)`
			`if err != nil {`
			`return PackageJson{}, err`
			`}`

			`return pkg, nil`
			`}`

			`func (p Proxy) findDependencyVersionConstraint(projectPkg PackageJson, pkgName string) (semver.Constraints, error) {`
			`if verStr, ok := projectPkg.Dependencies[pkgName]; ok {`
			`return semver.NewConstraint(verStr)`
			`}`

			`return nil, fmt.Errorf("package %s not found in project dependencies", pkgName)`
			`}`

			`func (p Proxy) findPackageSource(override Override, pkgName string) (*Package, error) {`
			`pkgNameParts := strings.Split(pkgName, "/")`
			`pkgPath := filepath.Join(override.PackageRoot, pkgNameParts[len(pkgNameParts)-1])`

			`// Read the projects package.json and figure out the requested semver version, which probably will be a contraint to assert against (like "^1.2.3").`
			`projectPkg, err := p.readPackageJson(p.ProjectRoot)`
			`if err != nil {`
			`return nil, err`
			`}`

			`reqVersion, err := p.findDependencyVersionConstraint(projectPkg, pkgName)`

			`pkg, err := p.readPackageJson(pkgPath)`
			`if err != nil {`
			`return nil, err`
			`}`

			`pkgVersion, err := semver.NewVersion(pkg.Version)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if !reqVersion.Check(pkgVersion) {`
			`golog.Infof("Version %s in package sources for %s is not meeting the version constrains (%s) of the project. Forwarding request to upstream registry.", pkgVersion, pkgName, reqVersion)`
			`return nil, nil`
			`}`

			`pkgArchive, err := p.createPackage(pkgPath, pkg)`
			`if err != nil {`
			`return nil, err`
			`}`

			`integrity, shasum, err := p.createHashes(pkgArchive)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &Package{`
			`ID: pkg.Name,`
			`Name: pkg.Name,`
			`DistTags: DistTags{`
			`Latest: pkg.Version,`
			`},`
			`Versions: map[string]Version{`
			`pkg.Version: {`
			`ID: pkg.Name,`
			`Name: pkg.Name,`
			`Version: pkg.Version,`
			`Dependencies: pkg.Dependencies,`
			`Dist: Dist{`
			`Integrity: integrity,`
			`Shasum: shasum,`
			`Tarball: fmt.Sprintf("%s/files/%s", p.internalProxyUrl, filepath.Base(pkgArchive)),`
			`},`
			`},`
			`},`
			`}, nil`
			`}`

			`func (p *Proxy) createPackage(pkgPath string, pkg PackageJson) (string, error) {`
			`err := os.MkdirAll(p.pkgCachePath, 0755)`
			`if err != nil {`
			`return "", err`
			`}`

			`pkgArchive := filepath.Join(p.pkgCachePath, sanitizePkgName(pkg.Name, pkg.Version)+".tar")`

			`files, err := archiver.FilesFromDisk(nil, map[string]string{`
			`pkgPath: ".",`
			`})`

			`if err != nil {`
			`return "", err`
			`}`

			`filesFiltered := []archiver.File{}`

			filterRegex := regexp.MustCompile(`^node_modules\|.git`)

			`for _, file := range files {`
			`if filterRegex.MatchString(file.NameInArchive) {`
			`continue`
			`}`
			`filesFiltered = append(filesFiltered, file)`
			`}`

			`out, err := os.Create(pkgArchive)`
			`if err != nil {`
			`return "", err`
			`}`
			`defer out.Close()`

			`format := archiver.CompressedArchive{`
			`Archival: archiver.Tar{},`
			`}`

			`err = format.Archive(context.Background(), out, filesFiltered)`
			`if err != nil {`
			`return "", err`
			`}`

			`return pkgArchive, nil`
			`}`

			`func (p *Proxy) createHashes(pkgArchive string) (string, string, error) {`
			`// Open the file`
			`file, err := os.Open(pkgArchive)`
			`if err != nil {`
			`return "", "", err`
			`}`
			`defer file.Close()`

			`// Create a new SHA256 hash`
			`hash := sha512.New()`

			`// Copy the file data into the hash`
			`if _, err := io.Copy(hash, file); err != nil {`
			`return "", "", err`
			`}`

			`// Get the hash sum`
			`hashSum := hash.Sum(nil)`

			`// Generate the integrity string (SHA-256 base64-encoded)`
			`integrity := "sha512-" + base64.StdEncoding.EncodeToString(hashSum)`

			`// Generate the shasum (hexadecimal representation)`
			`shasum := fmt.Sprintf("%x", hashSum)`

			`return integrity, shasum, nil`
			`}`

			`// Replace all characters of the pages name that are not allowed in a URL with a hyphen.`
			`func sanitizePkgName(pkgName string, version string) string {`
			`pkgName = strings.ReplaceAll(pkgName, "@", "")`
			`pkgName = strings.ReplaceAll(pkgName, "/", "_")`
			`version = strings.ReplaceAll(version, ".", "_")`
			`return fmt.Sprintf("%s_%s", pkgName, version)`
			`}`