search

cnpm / cnpmcore

Private NPM Registry for Enterprise
https://npmmirror.com
MIT License
612 stars 82 forks source link

403 Forbidden - PUT http://127.0.0.1:7001/-/user/org.couchdb.user #718

Open a1528zhang opened 3 hours ago

a1528zhang commented 3 hours ago

本地环境: mac OS node 20

参考文档 https://github.com/cnpm/cnpmcore/blob/master/INTEGRATE.md,我自己创建了一个项目,然后根据 cnpmcore 的 sql 创建好了数据库,启动正常。 但是在验证的时候无法登录,日志如下

0 verbose cli /Users/az/.nvm/versions/node/v20.16.0/bin/node /Users/az/.nvm/versions/node/v20.16.0/bin/npm
1 info using npm@10.8.1
2 info using node@v20.16.0
3 silly config load:file:/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/npmrc
4 silly config load:file:/Users/az/.npmrc
5 silly config load:file:/Users/az/.nvm/versions/node/v20.16.0/etc/npmrc
6 verbose title npm login
7 verbose argv "login" "--registry" "http://127.0.0.1:7001"
8 verbose logfile logs-max:10 dir:/Users/az/.npm/_logs/2024-10-22T03_23_50_195Z-
9 verbose logfile /Users/az/.npm/_logs/2024-10-22T03_23_50_195Z-debug-0.log
10 notice Log in on http://127.0.0.1:7001/
11 verbose web login before first POST
12 silly logfile start cleaning logs, removing 1 files
13 silly logfile done cleaning log files
14 http fetch POST 403 http://127.0.0.1:7001/-/v1/login 49ms
15 verbose web login not supported, trying couch
16 verbose login before first PUT {
16 verbose login   _id: 'org.couchdb.user:az',
16 verbose login   name: 'az',
16 verbose login   password: 'XXXXX',
16 verbose login   type: 'user',
16 verbose login   roles: [],
16 verbose login   date: '2024-10-22T03:24:03.550Z'
16 verbose login }
17 http fetch PUT 403 http://127.0.0.1:7001/-/user/org.couchdb.user:az 17ms
18 verbose stack HttpErrorGeneral: 403 Forbidden - PUT http://127.0.0.1:7001/-/user/org.couchdb.user:az
18 verbose stack     at /Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
18 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
18 verbose stack     at async putCouch (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/node_modules/npm-profile/lib/index.js:133:18)
18 verbose stack     at async loginCouch (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/node_modules/npm-profile/lib/index.js:177:12)
18 verbose stack     at async otplease (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/lib/utils/auth.js:8:12)
18 verbose stack     at async Object.login (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/lib/utils/auth.js:91:11)
18 verbose stack     at async Login.exec (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/lib/commands/login.js:31:35)
18 verbose stack     at async Npm.exec (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/lib/npm.js:207:9)
18 verbose stack     at async module.exports (/Users/az/.nvm/versions/node/v20.16.0/lib/node_modules/npm/lib/cli/entry.js:74:5)
19 verbose statusCode 403
20 error code E403
21 error 403 403 Forbidden - PUT http://127.0.0.1:7001/-/user/org.couchdb.user:az
22 error 403 In most cases, you or one of your dependencies are requesting
22 error 403 a package version that is forbidden by your security policy, or
22 error 403 on a server you do not have access to.
23 verbose cwd /Users/az
24 verbose os Darwin 22.3.0
25 verbose node v20.16.0
26 verbose npm  v10.8.1
27 verbose exit 1
28 verbose code 1
29 error A complete log of this run can be found in: /Users/az/.npm/_logs/2024-10-22T03_23_50_195Z-debug-0.log

怎么解决?

github-actions[bot] commented 3 hours ago

我们已经看到你的反馈,如果是功能缺陷,可以提供一下重现该问题的方式;如果是新功能需求,我们会尽快加入讨论。同时我们非常期待你可以加入我们的贡献者行列,让项目可以长期可持续发展。

a1528zhang commented 2 hours ago

上面的问题原因是 csrf 防范默认开启: https://www.eggjs.org/zh-CN/core/security#%E5%AE%89%E5%85%A8%E5%A8%81%E8%83%81-csrf-%E7%9A%84%E9%98%B2%E8%8C%83 我在本地完全禁用掉后,不会有 403 的问题了

config.security = {
    xframe: {
      enable: false,
    },
    csrf: {
      // 判断是否需要 ignore 的方法,请求上下文 `context` 作为第一个参数
      ignore: () => true,
    },
  };

但是根据文档,我在调用 

  // 触发回调接口,会自动完成用户创建
  await this.httpclient.request(`${ctx.origin}/-/v1/login/sso/${name}`, { method: 'POST' });

# 后端得到日志
2024-10-22 11:54:29,165 INFO 73229 [-/::1/5688cec0-9029-11ef-a58b-37a6fc033f97/1ms POST /-/v1/login/sso/hello] [Tracing] auth: 0, npm-command: -, referer: -, user-agent: "node-urllib/2.44.0 Node.js/20.16.0 (OS X; arm64)"

这行代码成功后,再次执行

npm login --registry=http://127.0.0.1:7001

仍然需要我输入用户名密码,我查看数据库也没有任何数据