feat: block tgz

elrrrrrrr · elrrrrrrr · commit c6be752d1dc5 · 2025-02-27T13:34:21.000+08:00
diff --git a/app/core/service/PackageVersionService.ts b/app/core/service/PackageVersionService.ts
@@ -5,9 +5,10 @@ import { PackageVersionRepository } from '../../repository/PackageVersionReposit
 import { getScopeAndName } from '../../common/PackageUtil';
 import { SqlRange } from '../entity/SqlRange';
 import { BugVersionService } from './BugVersionService';
-import type { PackageJSONType } from '../../repository/PackageRepository';
+import type { PackageJSONType, PackageRepository } from '../../repository/PackageRepository';
 import { DistRepository } from '../../repository/DistRepository';
 import { BugVersionAdvice } from '../entity/BugVersion';
+import { PackageVersionBlockRepository } from '../../repository/PackageVersionBlockRepository';
 
 @SingletonProto({
   accessLevel: AccessLevel.PUBLIC,
@@ -16,6 +17,12 @@ export class PackageVersionService {
   @Inject()
   private packageVersionRepository: PackageVersionRepository;
 
+  @Inject()
+  private packageRepository: PackageRepository;
+
+  @Inject()
+  private packageVersionBlockRepository: PackageVersionBlockRepository;
+
   @Inject()
   private readonly bugVersionService: BugVersionService;
 
@@ -115,4 +122,13 @@ export class PackageVersionService {
     }
     return version;
   }
+
+  async findBlockInfo(fullname: string) {
+    const [scope, name] = getScopeAndName(fullname);
+    const pkg = await this.packageRepository.findPackage(scope, name);
+    if (!pkg) {
+      return null;
+    }
+    return await this.packageVersionBlockRepository.findPackageBlock(pkg.packageId);
+  }
 }
diff --git a/app/port/controller/package/DownloadPackageVersionTar.ts b/app/port/controller/package/DownloadPackageVersionTar.ts
@@ -19,6 +19,7 @@ import { PackageManagerService } from '../../../core/service/PackageManagerServi
 import { ProxyCacheService } from '../../../core/service/ProxyCacheService';
 import { PackageSyncerService } from '../../../core/service/PackageSyncerService';
 import { RegistryManagerService } from '../../../core/service/RegistryManagerService';
+import { PackageVersionService } from '../../../core/service/PackageVersionService';
 
 @HTTPController()
 export class DownloadPackageVersionTarController extends AbstractController {
@@ -31,6 +32,8 @@ export class DownloadPackageVersionTarController extends AbstractController {
   @Inject()
   private packageSyncerService: PackageSyncerService;
   @Inject()
+  private packageVersionService: PackageVersionService;
+  @Inject()
   private nfsAdapter: NFSAdapter;
 
   // Support OPTIONS Request on tgz download
@@ -55,6 +58,16 @@ export class DownloadPackageVersionTarController extends AbstractController {
     const version = this.getAndCheckVersionFromFilename(ctx, fullname, filenameWithVersion);
     const storeKey = `/packages/${fullname}/${version}/${filenameWithVersion}.tgz`;
     const downloadUrl = await this.nfsAdapter.getDownloadUrl(storeKey);
+
+    // block tgz only all versions have been blocked
+    const blockInfo = await this.packageVersionService.findBlockInfo(fullname);
+    if (blockInfo?.reason) {
+      this.setCDNHeaders(ctx);
+      ctx.logger.info('[PackageController:downloadVersionTar] %s@%s, block for %s',
+        fullname, version, blockInfo.reason);
+      throw this.createPackageBlockError(blockInfo.reason, fullname, version);
+    }
+
     if (this.config.cnpmcore.syncMode === SyncMode.all && downloadUrl) {
       // try nfs url first, avoid db query
       this.packageManagerService.plusPackageVersionCounter(fullname, version);
@@ -67,7 +80,6 @@ export class DownloadPackageVersionTarController extends AbstractController {
     let pkg;
     let packageVersion;
     try {
-      pkg = await this.getPackageEntityByFullname(fullname, allowSync);
       packageVersion = await this.getPackageVersionEntity(pkg, version, allowSync);
     } catch (error) {
       if (this.config.cnpmcore.syncMode === SyncMode.proxy) {
diff --git a/test/port/controller/package/DownloadPackageVersionTarController.test.ts b/test/port/controller/package/DownloadPackageVersionTarController.test.ts
@@ -4,13 +4,16 @@ import { app, mock } from 'egg-mock/bootstrap';
 import { TestUtil } from '../../../../test/TestUtil';
 import { NFSClientAdapter } from '../../../../app/infra/NFSClientAdapter';
 import { SyncMode } from '../../../../app/common/constants';
+import { PackageManagerService } from '../../../../app/core/service/PackageManagerService';
 
 describe('test/port/controller/package/DownloadPackageVersionTarController.test.ts', () => {
   let publisher: any;
   let nfsClientAdapter: NFSClientAdapter;
+  let packageManagerService: PackageManagerService;
   beforeEach(async () => {
     publisher = await TestUtil.createUser();
     nfsClientAdapter = await app.getEggObject(NFSClientAdapter);
+    packageManagerService = await app.getEggObject(PackageManagerService);
   });
 
   const scope = '@cnpm';
@@ -38,6 +41,8 @@ describe('test/port/controller/package/DownloadPackageVersionTarController.test.
     assert(res.status === 201);
     assert(res.body.ok === true);
     assert.match(res.body.rev, /^\d+\-\w{24}$/);
+
+    await packageManagerService.unblockPackageByFullname(scopedName);
   });
 
   describe('[GET /:fullname/-/:name-:version.tgz] download()', () => {
@@ -56,6 +61,14 @@ describe('test/port/controller/package/DownloadPackageVersionTarController.test.
       assert(res.headers.location === `https://cdn.mock.com/packages/${scopedName}/1.0.0/${name}-1.0.0.tgz`);
     });
 
+    it('should block tgz', async () => {
+      await packageManagerService.blockPackageByFullname(scopedName, 'test');
+      const res = await app.httpRequest()
+        .get(`/${scopedName}/-/testmodule-download-version-tar-1.0.0.tgz`)
+        .expect(451);
+      assert.equal(res.body.error, '[UNAVAILABLE_FOR_LEGAL_REASONS] @cnpm/testmodule-download-version-tar@1.0.0 was blocked, reason: test');
+    });
+
     it('should support cors OPTIONS Request', async () => {
       mock(nfsClientAdapter, 'url', async (storeKey: string) => {
         return `https://cdn.mock.com${storeKey}`;
@@ -337,6 +350,14 @@ describe('test/port/controller/package/DownloadPackageVersionTarController.test.
       assert(res.headers.location === `https://cdn.mock.com/packages/${scopedName}/1.0.0/${name}-1.0.0.tgz`);
     });
 
+    it('should block tgz', async () => {
+      await packageManagerService.blockPackageByFullname(scopedName, 'test');
+      const res = await app.httpRequest()
+        .get(`/${scopedName}/download/${scopedName}-1.0.0.tgz`)
+        .expect(451);
+      assert.equal(res.body.error, '[UNAVAILABLE_FOR_LEGAL_REASONS] @cnpm/testmodule-download-version-tar@1.0.0 was blocked, reason: test');
+    });
+
     it('should download a version tar with streaming success', async () => {
       mock(nfsClientAdapter, 'url', 'not-function');
       const res = await app.httpRequest()
@@ -385,6 +406,15 @@ describe('test/port/controller/package/DownloadPackageVersionTarController.test.
       assert(res.headers.location === `https://cdn.mock.com/packages/${scopedName}/1.0.0/${name}-1.0.0.tgz`);
     });
 
+    it('should block tgz', async () => {
+      await packageManagerService.blockPackageByFullname(scopedName, 'test');
+      const res = await app.httpRequest()
+        .get(`/${scopedName}/-/${scope}/${name}-1.0.0.tgz`)
+        .expect(451);
+      assert.equal(res.body.error, '[UNAVAILABLE_FOR_LEGAL_REASONS] @cnpm/testmodule-download-version-tar@1.0.0 was blocked, reason: test');
+    });
+
+
     it('should download a version tar with streaming success', async () => {
       mock(nfsClientAdapter, 'url', 'not-function');
       const res = await app.httpRequest()
