search

n4bb12 / verdaccio-github-oauth-ui

📦🔐 GitHub OAuth plugin for Verdaccio
https://verdaccio.org
MIT License
73 stars 45 forks source link

Verdaccio 5.4.0 broke `getMajorVersion()`, preventing startup #143

Closed danopia closed 2 years ago

danopia commented 2 years ago

Bug Report

Versions

Version
node.js ~16.13.1
verdaccio 5.4.0
verdaccio-github-oauth-ui (Plugin) 3.2.0
verdaccio-github-oauth-ui (CLI) N/A

Expected behavior

Verdaccio should be able to start up with the plugin loaded.

Observed behaviour

With Verdaccio 5.4.0, the plugin crashes while validating config:

[github-oauth-ui] Version: verdaccio-github-oauth-ui@3.2.0
 error--- error loading a plugin github-oauth-ui: TypeError: Cannot read properties of undefined (reading 'replace')
    at getMajorVersion (/verdaccio/node_modules/verdaccio-github-oauth-ui/dist/server.js:843:29)
    at new Verdaccio (/verdaccio/node_modules/verdaccio-github-oauth-ui/dist/server.js:1786:54)
    at new Plugin (/verdaccio/node_modules/verdaccio-github-oauth-ui/dist/server.js:2680:22)
    at /verdaccio/node_modules/verdaccio/build/lib/plugin-loader.js:125:32
    at Array.map (<anonymous>)
    at loadPlugin (/verdaccio/node_modules/verdaccio/build/lib/plugin-loader.js:62:37)
    at Auth._loadPlugin (/verdaccio/node_modules/verdaccio/build/lib/auth.js:56:38)
    at new Auth (/verdaccio/node_modules/verdaccio/build/lib/auth.js:46:25)
    at defineAPI (/verdaccio/node_modules/verdaccio/build/api/index.js:43:16)
    at _default (/verdaccio/node_modules/verdaccio/build/api/index.js:130:10)
 error--- verdaccio-github-oauth-ui doesn't look like a valid plugin
 fatal--- uncaught exception, please report this
Error: sanity check has failed, "github-oauth-ui" is not a valid plugin

The TypeError is thrown from here:

https://github.com/n4bb12/verdaccio-github-oauth-ui/blob/dd4dc88820dd5aab63c9f46681c04dceec9be263/src/server/plugin/Config.ts#L54-L56

This appears to be caused by Verdaccio 5.4.0 defaulting to not having its own user-agent, instead copying the user-agent from the requesting client. Upstream PR: https://github.com/verdaccio/verdaccio/pull/2793

Steps to reproduce

  1. Install the newest version of things:

    {
  "name": "@private/verdaccio",
  "version": "1.0.0",
  "private": true,
  "dependencies": {
    "verdaccio": "5.4.0",
    "verdaccio-github-oauth-ui": "3.2.0"
  }
}

  2. Run Verdaccio with a config file:

    ./node_modules/.bin/verdaccio --config config-with-github-oauth-ui.yaml

Additional context

Adding user_agent: true to the Verdaccio config is a valid workaround for the issue.

juanpicado commented 2 years ago

oh, I broke something 😢 , I thought nobody was relying on this, but anyway I did it for the sake of security 🙏🏼 .

danopia commented 2 years ago

@juanpicado is there a better way for a plugin to know the verdaccio version? It looks like it's used for compatibility here, just knowing if the version is supported, and which JS/CSS to serve

juanpicado commented 2 years ago

No yet but is planned for the next major.

juanpicado commented 2 years ago

There is a section for plugin changes on the roadmap, still fresh for new feedback https://github.com/verdaccio/verdaccio/discussions/1690 if you want to drop your thoughts