deps/npm/lib/access.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

const path = require('path')

const libaccess = require('libnpmaccess')
const readPackageJson = require('read-package-json-fast')

const npm = require('./npm.js')
const output = require('./utils/output.js')
const otplease = require('./utils/otplease.js')
const usageUtil = require('./utils/usage.js')
const getIdentity = require('./utils/get-identity.js')

const usage = usageUtil(
  'npm access',
  'npm access public [<package>]\n' +
  'npm access restricted [<package>]\n' +
  'npm access grant <read-only|read-write> <scope:team> [<package>]\n' +
  'npm access revoke <scope:team> [<package>]\n' +
  'npm access 2fa-required [<package>]\n' +
  'npm access 2fa-not-required [<package>]\n' +
  'npm access ls-packages [<user>|<scope>|<scope:team>]\n' +
  'npm access ls-collaborators [<package> [<user>]]\n' +
  'npm access edit [<package>]'
)

const subcommands = [
  'public',
  'restricted',
  'grant',
  'revoke',
  'ls-packages',
  'ls-collaborators',
  'edit',
  '2fa-required',
  '2fa-not-required',
]

const UsageError = (msg) =>
  Object.assign(new Error(`\nUsage: ${msg}\n\n` + usage), {
    code: 'EUSAGE',
  })

const cmd = (args, cb) =>
  access(args)
    .then(x => cb(null, x))
    .catch(err => err.code === 'EUSAGE'
      ? cb(err.message)
      : cb(err)
    )

const access = async ([cmd, ...args], cb) => {
  const fn = subcommands.includes(cmd) && access[cmd]

  if (!cmd)
    throw UsageError('Subcommand is required.')

  if (!fn)
    throw UsageError(`${cmd} is not a recognized subcommand.`)

  return fn(args, { ...npm.flatOptions })
}

const completion = async (opts) => {
  const argv = opts.conf.argv.remain
  if (argv.length === 2)
    return subcommands

  switch (argv[2]) {
    case 'grant':
      if (argv.length === 3)
        return ['read-only', 'read-write']
      else
        return []

    case 'public':
    case 'restricted':
    case 'ls-packages':
    case 'ls-collaborators':
    case 'edit':
    case '2fa-required':
    case '2fa-not-required':
    case 'revoke':
      return []
    default:
      throw new Error(argv[2] + ' not recognized')
  }
}

access.public = ([pkg], opts) =>
  modifyPackage(pkg, opts, libaccess.public)

access.restricted = ([pkg], opts) =>
  modifyPackage(pkg, opts, libaccess.restricted)

access.grant = async ([perms, scopeteam, pkg], opts) => {
  if (!perms || (perms !== 'read-only' && perms !== 'read-write'))
    throw UsageError('First argument must be either `read-only` or `read-write`.')

  if (!scopeteam)
    throw UsageError('`<scope:team>` argument is required.')

  const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []

  if (!scope && !team) {
    throw UsageError(
      'Second argument used incorrect format.\n' +
      'Example: @example:developers'
    )
  }

  return modifyPackage(pkg, opts, (pkgName, opts) =>
    libaccess.grant(pkgName, scopeteam, perms, opts), false)
}

access.revoke = async ([scopeteam, pkg], opts) => {
  if (!scopeteam)
    throw UsageError('`<scope:team>` argument is required.')

  const [, scope, team] = scopeteam.match(/^@?([^:]+):(.*)$/) || []

  if (!scope || !team) {
    throw UsageError(
      'First argument used incorrect format.\n' +
      'Example: @example:developers'
    )
  }

  return modifyPackage(pkg, opts, (pkgName, opts) =>
    libaccess.revoke(pkgName, scopeteam, opts))
}

access['2fa-required'] = access.tfaRequired = ([pkg], opts) =>
  modifyPackage(pkg, opts, libaccess.tfaRequired, false)

access['2fa-not-required'] = access.tfaNotRequired = ([pkg], opts) =>
  modifyPackage(pkg, opts, libaccess.tfaNotRequired, false)

access['ls-packages'] = access.lsPackages = async ([owner], opts) => {
  if (!owner)
    owner = await getIdentity(opts)

  const pkgs = await libaccess.lsPackages(owner, opts)

  // TODO - print these out nicely (breaking change)
  output(JSON.stringify(pkgs, null, 2))
}

access['ls-collaborators'] = access.lsCollaborators = async ([pkg, usr], opts) => {
  const pkgName = await getPackage(pkg, false)
  const collabs = await libaccess.lsCollaborators(pkgName, usr, opts)

  // TODO - print these out nicely (breaking change)
  output(JSON.stringify(collabs, null, 2))
}

access.edit = () =>
  Promise.reject(new Error('edit subcommand is not implemented yet'))

const modifyPackage = (pkg, opts, fn, requireScope = true) =>
  getPackage(pkg, requireScope)
    .then(pkgName => otplease(opts, opts => fn(pkgName, opts)))

const getPackage = async (name, requireScope) => {
  if (name && name.trim())
    return name.trim()
  else {
    try {
      const pkg = await readPackageJson(path.resolve(npm.prefix, 'package.json'))
      name = pkg.name
    } catch (err) {
      if (err.code === 'ENOENT') {
        throw new Error(
          'no package name passed to command and no package.json found'
        )
      } else
        throw err
    }

    if (requireScope && !name.match(/^@[^/]+\/.*$/))
      throw UsageError('This command is only available for scoped packages.')
    else
      return name
  }
}

module.exports = Object.assign(cmd, { usage, completion, subcommands })