Release 3.0.0-rc.44

* feat: impl npm owner hooks
* fix: fix tagDir/packageDir for oss-cnpm

.travis.yml

@@ -1,10 +1,10 @@
-sudo: false
 language: node_js
 node_js:
-  - '8'
   - '10'
-addons:
-  - postgresql: '9.3'
+  - '12'
+services:
+  - mysql
+  - postgresql
 script: 'make test-travis-all'
 after_script:
   - 'npm i codecov && codecov'

History.md

@@ -1,3 +1,121 @@
+3.0.0-rc.44 / 2021-06-11
+==================
+
+**features**
+  * [[`a1e8a82`](https://github.com/cnpm/cnpmjs.org/commit/a1e8a8289276275b995d15b3c254fbdbace6dbae)] - feat: impl npm owner hooks (#1645) (killa <<killa123@126.com>>)
+
+3.0.0-rc.43 / 2021-05-36
+==================
+
+**features**
+  * [[`a21aed0`](https://github.com/cnpm/cnpmjs.org/commit/a21aed08c5fe1ea09f4fda157ac3c12bd609781d)] - feat: impl sync to/from backup files (#1612) (killa <<killa123@126.com>>)
+
+**fixes**
+  * [[`2245dc2`](https://github.com/cnpm/cnpmjs.org/commit/2245dc2967ec070b8bcc618ebfad0cd4cd297fb8)] - feat: impl accelerate request (#1637) (killa <<killa123@126.com>>)
+
+3.0.0-rc.42 / 2021-04-30
+==================
+
+**features**
+  * [[`a21aed0`](https://github.com/cnpm/cnpmjs.org/commit/a21aed08c5fe1ea09f4fda157ac3c12bd609781d)] - feat: impl sync to/from backup files (#1612) (killa <<killa123@126.com>>)
+
+3.0.0-rc.39 / 2021-01-14
+==================
+
+**features**
+  * [[`33dd355`](http://github.com/cnpm/cnpmjs.org/commit/33dd3554f5daf13de33f04128be6853ce120636f)] - feat: impl dist-tag hooks (#1612) (killa <<killa123@126.com>>)
+
+3.0.0-rc.38 / 2021-01-12
+==================
+
+**features**
+  * [[`c6040b`](http://github.com/cnpm/cnpmjs.org/commit/1c6040bc95610e23b4756baa09e8119cda2fe01e)] - performance: optimise query pkg latestModified  (#1611) (killa <<killa123@126.com>>)
+
+
+3.0.0-rc.37 / 2020-10-21
+==================
+
+**features**
+  * [[`39c3223`](http://github.com/cnpm/cnpmjs.org/commit/39c322332ffafc512bf56c1679d2904fece2ae07)] - feat: new registry api (#1597) (killa <<killa123@126.com>>)
+  * [[`45f2f8b`](http://github.com/cnpm/cnpmjs.org/commit/45f2f8b31f095eeadf0f47e234d6eb225e6b197f)] - feat: impl registry token api (#1590) (killa <<killa123@126.com>>)
+  * [[`e97835f`](http://github.com/cnpm/cnpmjs.org/commit/e97835f7020e945e59fa7a84b14ab58c580add1e)] - feat: support custom web middlewares (#1563) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`3cb3fe0`](http://github.com/cnpm/cnpmjs.org/commit/3cb3fe02f01dd669ad4bd3aebca51c44eb9e5938)] - feat: list all package versions by date (#1557) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`a8ff647`](http://github.com/cnpm/cnpmjs.org/commit/a8ff647aa0f73076f4625e395e5da8ced9f61680)] - feat: retry sync fail on cnpm registry (#1547) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`2c511f2`](http://github.com/cnpm/cnpmjs.org/commit/2c511f2209329e95b0cbe7603fa98a7f93c66474)] - feat: add unpublishRemoveTarball mode (#1536) (Khaidi Chu <<i@2333.moe>>)
+  * [[`19563f5`](http://github.com/cnpm/cnpmjs.org/commit/19563f58517ffaebed8006630bd467f15b71d9ff)] - feat: allow to disable npm audits proxy (#1430) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`8e2367e`](http://github.com/cnpm/cnpmjs.org/commit/8e2367ee1676bd36a4112cf0f6dce2c4f422806e)] - feat: dont check db data on tgz download request (#1477) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`be05886`](http://github.com/cnpm/cnpmjs.org/commit/be05886452803d46f614bdde497ccdec8e9ed734)] - feat: add vary header on cdn (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`ea46399`](http://github.com/cnpm/cnpmjs.org/commit/ea46399265615c70ee33d9cab9ba5d5ce312fb67)] - feat: allow disable search page (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`581925d`](http://github.com/cnpm/cnpmjs.org/commit/581925db9733d295be02e75f0090db05fd6bae75)] - feat: support cache-control header on registry request (#1468) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`7f0c141`](http://github.com/cnpm/cnpmjs.org/commit/7f0c141ac2f7679b5322aadd537c5ff1bef0b032)] - feat: allow config request protocol (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`807187e`](http://github.com/cnpm/cnpmjs.org/commit/807187ebeb0b266828a59724234e1a99c3238eb3)] - feat: add redis cache to import list all versions api perf (#1441) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`99c4c3f`](http://github.com/cnpm/cnpmjs.org/commit/99c4c3fe35a9fde805751ef3d44413413f053f45)] - feat: support customized middlewares (#1436) (Khaidi Chu <<i@2333.moe>>)
+  * [[`4b57c11`](http://github.com/cnpm/cnpmjs.org/commit/4b57c118a0b044f41b1c98eaf92449221c984c15)] - feat: can override tgz download options (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`b395c66`](http://github.com/cnpm/cnpmjs.org/commit/b395c666be3ae6b237803239fae8678647f3b70b)] - feat: proxy npm audit request (#1419) (alsotang <<alsotang@gmail.com>>)
+  * [[`a4a25f9`](http://github.com/cnpm/cnpmjs.org/commit/a4a25f9e381aa20e1ef1e709f320aae41f3ae466)] - feat: use faster etag instead of koa-etag (#1409) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`90580a7`](http://github.com/cnpm/cnpmjs.org/commit/90580a72e56c69f8f03bbdb64d79b4b1b139fbbf)] - feat: configurable view directory (#1400) (Khaidi Chu <<i@2333.moe>>)
+  * [[`ad2d341`](http://github.com/cnpm/cnpmjs.org/commit/ad2d341d2c9317b062a25363f4805aedfef3913b)] - feat: sync downloads total <= 10000 unpublish package (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`25a9030`](http://github.com/cnpm/cnpmjs.org/commit/25a90300473e6ac437e393de139cebde1e354e8c)] - feat: allow to close mysql trace (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`017af69`](http://github.com/cnpm/cnpmjs.org/commit/017af69cce23c870694d124f4a865864e5c061cd)] - feat: add badgeService define on config (#1387) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`842c031`](http://github.com/cnpm/cnpmjs.org/commit/842c0316ede2b19b76d9c1ca790902de467c82e9)] - feat: show versions list on package page (#1386) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`bd87907`](http://github.com/cnpm/cnpmjs.org/commit/bd87907b69d3e65aa544930b5c7f04e75bdbc773)] - feat: auto retry if download tgz error (#1363) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`533c27f`](http://github.com/cnpm/cnpmjs.org/commit/533c27fa78323ee50fcd549115034915ea3017ef)] - feat: support nfs.url return multi urls (#1344) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`e61c7fa`](http://github.com/cnpm/cnpmjs.org/commit/e61c7fa32bdc54ef4474a071da686c70e512b009)] - feat: support pass through querystring to tgz url (#1334) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`34d3a1e`](http://github.com/cnpm/cnpmjs.org/commit/34d3a1eabe927dc5c8c87436e2b644c70a7abc2a)] - feat: auto sync delete packages which deleted in 24 hours (#1315) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`4210b7b`](http://github.com/cnpm/cnpmjs.org/commit/4210b7bdf8bfe8dfa2578802fd1d14e7411d4ea6)] - feat: can config to not sync deleted versions (#1282) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`56c9457`](http://github.com/cnpm/cnpmjs.org/commit/56c945740f545abe9ba55759f6b1502a3abc453d)] - feat: let opensearch host can be config (#1258) (fengmk2 <<fengmk2@gmail.com>>)
+
+**fixes**
+  * [[`b7089d3`](http://github.com/cnpm/cnpmjs.org/commit/b7089d33d400f9fd4fc398479d4dac5aab26b633)] - fix: set maintainer to current user if maintainer is undefined (#1592) (killa <<killa123@126.com>>)
+  * [[`2b74e00`](http://github.com/cnpm/cnpmjs.org/commit/2b74e00cb9ae20e9cf2f06c54ef8dbe6a36b4066)] - fix: release 3.0.0-rc.35 fix npm include functions dir (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`61549b4`](http://github.com/cnpm/cnpmjs.org/commit/61549b47a2f49c163bef6994f1e0f5f761317975)] - fix: avoid "ENAMETOOLONG: name too long" error (#1583) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`e7bafb2`](http://github.com/cnpm/cnpmjs.org/commit/e7bafb2ee9d80ce3ef4087a6b69bc17517f85ec5)] - fix: audit proxy test cases (#1537) (Khaidi Chu <<i@2333.moe>>)
+  * [[`92b7216`](http://github.com/cnpm/cnpmjs.org/commit/92b72169a89cec333177d1ba65205a31e60ebbb2)] - fix: maintainer permission greater than scope (#1494) (Khaidi Chu <<i@2333.moe>>)
+  * [[`f084eba`](http://github.com/cnpm/cnpmjs.org/commit/f084ebae2106c8d4435dc0385e493fe18c6cec8a)] - fix: cpu usage 100% in node@6.x (#1470) (Yiman Liu <<413893093@qq.com>>)
+  * [[`8d57216`](http://github.com/cnpm/cnpmjs.org/commit/8d572169b7293a33035257d3525c66b0abb5b679)] - fix: add cache on total (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`585f55b`](http://github.com/cnpm/cnpmjs.org/commit/585f55bbcc0ce257bfab2f0f545dd8a89c66ca49)] - fix: download url pathname (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`da2f964`](http://github.com/cnpm/cnpmjs.org/commit/da2f9640b87f1b110210b7b8caaf26b4b854ede8)] - fix: dont override exists weburl (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`b094f56`](http://github.com/cnpm/cnpmjs.org/commit/b094f5692f83700f152dd6ea9eb65f67385f6b5f)] - fix: changes stream syncer without deps (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`65bca46`](http://github.com/cnpm/cnpmjs.org/commit/65bca46f3c275bac5dc7497eb266d84605f6f8f8)] - fix: don't cache npm_service.cnpmjs.org request (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`f9d4858`](http://github.com/cnpm/cnpmjs.org/commit/f9d4858862a4b70cb989c3c60478c2424ca2c139)] - fix: avoid toString as downloads count key (#1438) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`8a2f744`](http://github.com/cnpm/cnpmjs.org/commit/8a2f744749fc9f1297ff298fafe14deacf67efea)] - fix: don't update __all__ downloads every times (#1417) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`9bdb695`](http://github.com/cnpm/cnpmjs.org/commit/9bdb695375a800464636d70981f433b7a11dd82d)] - fix: proxy to source registry when package is public scoped with encoded path (#1415) (Albert Zhang <<label4king@163.com>>)
+  * [[`8bd0a2d`](http://github.com/cnpm/cnpmjs.org/commit/8bd0a2d49195734afa988cce69804d8540bbda19)] - fix: swap compress middleware and notFound position (#1413) (alsotang <<alsotang@gmail.com>>)
+  * [[`93d5def`](http://github.com/cnpm/cnpmjs.org/commit/93d5def8ac8882edbd526e5a7341e07c99463b25)] - fix: show package when non-semver version of semver tag (#1411) (Khaidi Chu <<i@2333.moe>>)
+  * [[`6a8434e`](http://github.com/cnpm/cnpmjs.org/commit/6a8434e0cae391981579af1a0b533aff0008904f)] - fix: Don't display sync info when the sync mode is none (#1410) (XingKai Zhang <<jack_zhxk@163.com>>)
+  * [[`4a3a851`](http://github.com/cnpm/cnpmjs.org/commit/4a3a851256483d438753b154d80d28c12c1d625c)] - fix: use <%- instead of <%= in user profile page (#1404) (Khaidi Chu <<i@2333.moe>>)
+  * [[`3497bae`](http://github.com/cnpm/cnpmjs.org/commit/3497bae2b94237664716911de965a4b27afc083a)] - fix: Obfuscate email address (#1391) (Ankur Kumar <<ankurk91@users.noreply.github.com>>)
+  * [[`9b8491b`](http://github.com/cnpm/cnpmjs.org/commit/9b8491b736ebcb98df02d26c41334cf7fce306dc)] - fix: use https://cdn.staticfile.org (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`fc79930`](http://github.com/cnpm/cnpmjs.org/commit/fc799304d8c6710e71364bdf1d1ed0961b9e8695)] - fix: should return `[done] Sync {name}` string when task finished (#1382) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`3c20267`](http://github.com/cnpm/cnpmjs.org/commit/3c20267b22491cd2ac2d751ccc459cf1f4fb0f1f)] - fix: don't retry to save log when db error (#1381) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`5149aa5`](http://github.com/cnpm/cnpmjs.org/commit/5149aa5a1eb01dfc17f8de1cb6c6abfecca0ed96)] - fix: proxy public package from source registry (#1375) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`fc07a38`](http://github.com/cnpm/cnpmjs.org/commit/fc07a38bde81bd93ef9067f3aacb06ae8e76e12b)] - fix: make sure replicate pkg is the latest pkg (#1347) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`17f8b66`](http://github.com/cnpm/cnpmjs.org/commit/17f8b6648b2cf8cb4cf17daef2a2477f74a671e8)] - fix: retry from registry when no_db_file error on replicate (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`d1fe6ce`](http://github.com/cnpm/cnpmjs.org/commit/d1fe6cede7b5a082eabfe9eb94225c9af9399e62)] - fix: add other_urls on download dist tarball (#1345) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`8fbad39`](http://github.com/cnpm/cnpmjs.org/commit/8fbad397f3ab7177c6e6c9b458b4b0bf3d24fbd7)] - fix: use rimraf instead of fs.unlink (#1338) (Yiyu He <<dead_horse@qq.com>>)
+  * [[`0121de3`](http://github.com/cnpm/cnpmjs.org/commit/0121de31a3b7a8da38e31fca4e10d973c07d79e7)] - fix: no need to resync again (#1336) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`84a3037`](http://github.com/cnpm/cnpmjs.org/commit/84a3037d90d4b3a316752eda7440ff5c73b0872f)] - fix: avoid query too frequently (#1329) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`1f60a01`](http://github.com/cnpm/cnpmjs.org/commit/1f60a0136c5f2e4a33827d1f36b38c49e1e3dec6)] - fix: replicate request error, try to request from official registry (#1316) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`6f656a0`](http://github.com/cnpm/cnpmjs.org/commit/6f656a0736c7d1d8b58288ff97590d7cb1317ecd)] - fix: save sync last time when successes > 1000 (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`1b30146`](http://github.com/cnpm/cnpmjs.org/commit/1b30146e94e7e72f9e762947b1ecdbd176d64532)] - fix: npm >= v5.5.0 login need not `email` (#1275) (#1304) (wmzy <<1256573276@qq.com>>)
+  * [[`820ae23`](http://github.com/cnpm/cnpmjs.org/commit/820ae23454f0f9755456681f3ced03e634cb3109)] - fix: control sync frequency (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`bfb29f8`](http://github.com/cnpm/cnpmjs.org/commit/bfb29f82c967cb68f4de3a314200d95a8c59baff)] - fix: use _npmUser reset the maintainers (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`95aa035`](http://github.com/cnpm/cnpmjs.org/commit/95aa035a275089b50dfc2590497e3bc7319f4f6b)] - fix: make sure maintainers exists on sync worker (liang feng <<anhulife@gmail.com>>)
+  * [[`6c69a38`](http://github.com/cnpm/cnpmjs.org/commit/6c69a38a508812f0320866d70b555de02e1fc204)] - fix: if replicate error, retry from official registry (#1230) (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`43ffa99`](http://github.com/cnpm/cnpmjs.org/commit/43ffa995cb8a724e8cd04224c2f137d407bfe014)] - fix: "start" should wait for "stop" to remove the pid file(using Promise) (#1220) (cloudstone <<baby31529@gmail.com>>)
+  * [[`6c019de`](http://github.com/cnpm/cnpmjs.org/commit/6c019de514c9f4a62db1a1814ca2359408609074)] - fix: changes_stream_syncer log url should not contain sync_upstream=true (fengmk2 <<fengmk2@gmail.com>>)
+
+**others**
+  * [[`522ad11`](http://github.com/cnpm/cnpmjs.org/commit/522ad11124f168788b28dd925417ae37eb9d3991)] - update readme for now situation (#1506) (alsotang <<alsotang@gmail.com>>)
+  * [[`0c59791`](http://github.com/cnpm/cnpmjs.org/commit/0c59791e50ef9d3080d5a2ab3e24b5899bd91446)] - Release Release 3.0.0-rc.19 (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`79fb163`](http://github.com/cnpm/cnpmjs.org/commit/79fb163a3b12f1b9c4c9eafad7f2041e7c4c4dbf)] - chore: README fix typo ( not to use plural for code ) (#1448) (Paul Verest <<enide.github@gmail.com>>)
+  * [[`be00b65`](http://github.com/cnpm/cnpmjs.org/commit/be00b6557359d328c851e538827d6c681c2c3416)] - refactor: add detail message to error and keep reason (#1445) (alsotang <<alsotang@gmail.com>>)
+  * [[`f7e9670`](http://github.com/cnpm/cnpmjs.org/commit/f7e9670025c6e7f09d8aa88c676938a2cf4849b5)] - Release Release 3.0.0-rc.14 (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`d0c3f1b`](http://github.com/cnpm/cnpmjs.org/commit/d0c3f1b19e46e73ce389e78413304a1542811b5f)] - test: shouldjs change from getter to function call (#1420) (alsotang <<alsotang@gmail.com>>)
+  * [[`d889eba`](http://github.com/cnpm/cnpmjs.org/commit/d889ebafbd6ff1bc15fbf277fd8e143a57e6cac6)] - deps: use agentkeepalive@4 (fengmk2 <<fengmk2@gmail.com>>)
+  * [[`938a14d`](http://github.com/cnpm/cnpmjs.org/commit/938a14d0a13b711c7b91d795151a7266b0a43c5a)] - chore: Hall of Fame integration on README (#1388) (Gwenael Pluchon <<gwenael.pluchon+github@gmail.com>>)
+  * [[`26d7147`](http://github.com/cnpm/cnpmjs.org/commit/26d7147562a1ae21db8bfec26983daf311353d96)] - refactor: normalize database structure (#1376) (Khaidi Chu <<i@2333.moe>>)
+  * [[`5334375`](http://github.com/cnpm/cnpmjs.org/commit/53343751f7c0a34ea0a346172bff0818d27864dd)] - chore: add latest-3 tag (fengmk2 <<fengmk2@gmail.com>>)
 
 3.0.0-alpha.8 / 2017-06-15
 ==================

Makefile

@@ -1,6 +1,6 @@
 TESTS = $(shell ls -S `find test -type f -name "*.test.js" -print`)
 REPORTER = spec
-TIMEOUT = 60000
+TIMEOUT = 600000
 MOCHA_OPTS =
 DB = sqlite
 
@@ -61,7 +61,7 @@ test-cov-mysql: init-mysql
 	@$(MAKE) test-cov DB=mysql
 
 test-travis: init-database
-	@NODE_ENV=test DB=${DB} CNPM_SOURCE_NPM=https://registry.npmjs.com CNPM_SOURCE_NPM_ISCNPM=false \
+	@NODE_ENV=test DB=${DB} \
 		node \
 		node_modules/.bin/istanbul cover \
 		node_modules/.bin/_mocha \

README.md

@@ -1,10 +1,9 @@
 cnpmjs.org
 =======
 
-[![NPM version][npm-image]][npm-url]
+[![npm version][npm-image]][npm-url]
 [![build status][travis-image]][travis-url]
 [![Test coverage][codecov-image]][codecov-url]
-[![David deps][david-image]][david-url]
 [![Known Vulnerabilities][snyk-image]][snyk-url]
 [![npm download][download-image]][download-url]
 
@@ -14,8 +13,6 @@ cnpmjs.org
 [travis-url]: https://travis-ci.org/cnpm/cnpmjs.org
 [codecov-image]: https://codecov.io/gh/cnpm/cnpmjs.org/branch/master/graph/badge.svg
 [codecov-url]: https://codecov.io/gh/cnpm/cnpmjs.org
-[david-image]: https://img.shields.io/david/cnpm/cnpmjs.org.svg?style=flat-square
-[david-url]: https://david-dm.org/cnpm/cnpmjs.org
 [snyk-image]: https://snyk.io/test/npm/cnpmjs.org/badge.svg?style=flat-square
 [snyk-url]: https://snyk.io/test/npm/cnpmjs.org
 [download-image]: https://img.shields.io/npm/dm/cnpmjs.org.svg?style=flat-square
@@ -23,51 +20,44 @@ cnpmjs.org
 
 ![logo](https://raw.github.com/cnpm/cnpmjs.org/master/logo.png)
 
-## What is this?
+## Description
 
 Private npm registry and web for Enterprise, base on [koa](http://koajs.com/),
 MySQL and [Simple Store Service](https://github.com/cnpm/cnpmjs.org/wiki/NFS-Guide).
 
-Our goal is to provide a low cost maintenance and easy to use solution for private npm.
+Our goal is to provide a low cost maintenance, easy to use, and easy to scale solution for private npm.
 
-## What can you do with `cnpmjs.org`
+## What can you do with `cnpmjs.org`?
 
 * Build a private npm for your own enterprise. ([alibaba](http://www.alibaba.com/) is using `cnpmjs.org` now)
-* Build a mirror NPM. (we use it to build a mirror in China: [cnpmjs.org](http://cnpmjs.org/))
-* Build a completely independent NPM registry to store whatever you like.
+* Build a npm mirror. (we use it to build a mirror in China: [https://npm.taobao.org/](https://npm.taobao.org/))
+* Use the private npm service provided by Alibaba Cloud DevOps which build with cnpm. [https://packages.aliyun.com/](https://packages.aliyun.com/?channel=pd_cnpm_github)
 
 ## Features
 
 * **Support "scoped" packages**: [npm/npm#5239](https://github.com/npm/npm/issues/5239)
 * **Support [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)**
 * **Simple to deploy**: only need `mysql` and a [simple store system](https://github.com/cnpm/cnpmjs.org/wiki/NFS-Guide).
-You can get the source code through `npm` or `git`.
-* **Low cost and easy maintenance**: `package.json` info store in MySQL, MariaDB, SQLite or PostgreSQL databases,
-tarball(tgz file) store in CDN or other store systems.
-* **Automatic synchronization**: automatic synchronization from any registry specified, support two sync modes:
-  - Sync all modules from a specified registry, like [npm registry](http://registry.npmjs.org).
-  - Only sync the modules that exists in your own registry.
-* **Manual synchronization**: automatic synchronization may has little delay, but you can syn immediately by manually.
+* **Low cost and easy maintenance**: `package.json` info can store in MySQL, MariaDB, SQLite or PostgreSQL.
+tarball(tgz file) can store in Amazon S3 or other object storage service.
+* **Automatic synchronization**: automatically sync from any registry specified. support two sync modes:
+  - Sync all modules from upstream
+  - Only sync the modules after first access.
+* **Manual synchronization**: automatic synchronization may has little delay. you can sync manually on web page.
 * **Customized client**: we provide a client [cnpm](https://github.com/cnpm/cnpm)
 to extend `npm` with more features(`sync` command, [gzip](https://github.com/npm/npm-registry-client/pull/40) support).
-And it easy to wrap for your own registry which build with `cnpmjs.org`.
-* **Compatible with NPM client**: you can use the origin NPM client with `cnpmjs.org`,
-only need to change the registry in config. Even include manual synchronization (through `install` command).
-* **Version badge**: base on [shields.io](http://shields.io/) ![cnpm-badge](http://cnpmjs.org/badge/v/cnpmjs.org.svg?style=flat-square)
-* **Support http_proxy**: if you're behind firewall, need to request through http proxy
+And it is easy to wrap for your own registry which build with `cnpmjs.org`.
+* **Compatible with npm client**: you can use the official npm client with `cnpmjs.org`.
+you only need to change the registry in client config.
+* **Support http_proxy**: if you're behind a firewall, you can provide a http proxy for cnpmjs.org.
 
-**PROTIP** Be sure to read [Migrating from 1.x to 2.x](https://github.com/cnpm/cnpmjs.org/wiki/Migrating-from-1.x-to-2.x)
-as well as [New features in 2.x](https://github.com/cnpm/cnpmjs.org/wiki/New-features-in-2.x).
+## Docs
 
-## Getting Start
-
-* [Deploy a private npm registry in 5 minutes](https://github.com/cnpm/cnpmjs.org/wiki/Deploy-a-private-npm-registry-in-5-minutes)
-* @[dead-horse](https://github.com/dead-horse): [What is cnpm?](http://deadhorse.me/slides/cnpmjs.html)
-* install and deploy cnpmjs.org through npm: [examples](https://github.com/cnpm/custom-cnpm-example)
-* Mirror NPM in China: [cnpmjs.org](http://cnpmjs.org)
+* [How to deploy](https://github.com/cnpm/cnpmjs.org/wiki/Deploy)
 * cnpm client: [cnpm](https://github.com/cnpm/cnpm), `npm install -g cnpm`
-* [How to deploy cnpmjs.org](https://github.com/cnpm/cnpmjs.org/wiki/Deploy)
 * [Sync packages through `http_proxy`](https://github.com/cnpm/cnpmjs.org/wiki/Sync-packages-through-http_proxy)
+* [Migrating from 1.x to 2.x](https://github.com/cnpm/cnpmjs.org/wiki/Migrating-from-1.x-to-2.x)
+* [New features in 2.x](https://github.com/cnpm/cnpmjs.org/wiki/New-features-in-2.x).
 * [wiki](https://github.com/cnpm/cnpmjs.org/wiki)
 
 ## Develop on your local machine
@@ -105,7 +95,7 @@ $ make dev
 
 ### Dockerized cnpmjs.org Installation Guide
 
-Cnpmjs.org shipped with a simple but pragmatic Docker Compose configuration.With the configuration, you can set up a MySQL backed cnpmjs.org instance by executing just one command on Docker installed environment.
+Cnpmjs.org shipped with a simple but pragmatic Docker Compose configuration.With the configuration, you can set up a MySQL backend cnpmjs.org instance by executing just one command on Docker installed environment.
 
 #### Preparation
 
@@ -182,8 +172,7 @@ Tips: make sure your code is following the [node-style-guide](https://github.com
 
 ## Sponsors
 
-- [![阿里云](https://static.aliyun.com/images/www-summerwind/logo.gif)](http://click.aliyun.com/m/4288/) (2016.2 - now)
-- [![UCloud云计算](https://www.ucloud.cn/static/style/images/about/logo.png)](http://www.ucloud.cn?sem=sdk-CNPMJS) (2015.3 - 2016.3)
+- [![阿里云](https://static.aliyun.com/images/www-summerwind/logo.gif)](http://click.aliyun.com/m/4288/) [![阿里云云效](https://img.alicdn.com/tfs/TB116yt3fb2gK0jSZK9XXaEgFXa-106-20.png)](https://devops.aliyun.com/?channel=pd_cnpm_github) (2016.2 - now)
 
 ## License
 

common/urllib.js

@@ -5,6 +5,8 @@ var urllib = require('urllib');
 var HttpAgent = require('agentkeepalive');
 var HttpsAgent = require('agentkeepalive').HttpsAgent;
 var config = require('../config');
+var url = require('url');
+var URL = require('url').URL;
 
 var httpAgent;
 var httpsAgent;
@@ -57,5 +59,26 @@ var client = urllib.create({
   httpsAgent: httpsAgent
 });
 
+var request = urllib.HttpClient.prototype.request;
+
+function getAccelerateUrl(url) {
+  const urlObj = typeof url === 'string' ? new URL(url) : url;
+  const newHost = config.accelerateHostMap && config.accelerateHostMap[urlObj.host];
+  if (newHost) {
+    urlObj.host = newHost;
+  }
+  return urlObj.toString();
+}
+
+client.request = function (requestUrl, options) {
+  const accelerateUrl = getAccelerateUrl(requestUrl);
+  options = Object.assign({}, options, {
+    formatRedirectUrl: function (from, to) {
+      return getAccelerateUrl(url.resolve(from, to));
+    }
+  });
+  return Reflect.apply(request, client, [ accelerateUrl, options ]);
+};
+
 module.exports = client;
 module.exports.USER_AGENT = urllib.USER_AGENT;

config/index.js

@@ -8,7 +8,7 @@ var os = require('os');
 var utility = require('utility');
 
 var version = require('../package.json').version;
-
+var Nfs = require('fs-cnpm');
 var root = path.dirname(__dirname);
 var dataDir = path.join(process.env.HOME || root, '.cnpmjs.org');
 
@@ -31,6 +31,9 @@ var config = {
   bindingHost: '127.0.0.1', // only binding on 127.0.0.1 for local access
   // default is ctx.protocol
   protocol: '',
+  // When sync package, cnpm not know the access protocol.
+  // So should set manually
+  backupProtocol: 'http',
 
   // debug mode
   // if in debug mode, some middleware like limit wont load
@@ -62,6 +65,7 @@ var config = {
   viewDir: path.join(root, 'view', 'web'),
 
   customRegistryMiddlewares: [],
+  customWebMiddlewares: [],
 
   // config for koa-limit middleware
   // for limit download rates
@@ -100,6 +104,7 @@ var config = {
 
   logoURL: 'https://os.alipayobjects.com/rmsportal/oygxuIUkkrRccUz.jpg', // cnpm logo image url
   adBanner: '',
+  customHeader: '',
   customReadmeFile: '', // you can use your custom readme file instead the cnpm one
   customFooter: '', // you can add copyright and site total script html here
   npmClientName: 'cnpm', // use `${name} install package`
@@ -147,19 +152,25 @@ var config = {
     storage: path.join(dataDir, 'data.sqlite'),
 
     logging: !!process.env.SQL_DEBUG,
-
-    // enable proxy npm audits request or not
-    enableNpmAuditsProxy: true,
   },
 
+  // return total modules and versions, default is true
+  // it will use `SELECT count(DISTINCT name) FROM module` SQL on Database
+  enableTotalCount: true,
+
+  // enable proxy npm audits request or not
+  enableNpmAuditsProxy: true,
+
   // package tarball store in local filesystem by default
-  nfs: require('fs-cnpm')({
+  nfs: new Nfs({
     dir: path.join(dataDir, 'nfs')
   }),
   // if set true, will 302 redirect to `nfs.url(dist.key)`
   downloadRedirectToNFS: false,
   // don't check database and just download tgz from nfs
   downloadTgzDontCheckModule: false,
+  // remove original tarball when publishing
+  unpublishRemoveTarball: true,
 
   // registry url name
   registryHost: 'r.cnpmjs.org',
@@ -191,6 +202,7 @@ var config = {
   // please don't change it if not necessary
   officialNpmRegistry: 'https://registry.npmjs.com',
   officialNpmReplicate: 'https://replicate.npmjs.com',
+  cnpmRegistry: 'https://r.cnpmjs.com',
 
   // sync source, upstream registry
   // If you want to directly sync from official npm's registry
@@ -210,6 +222,8 @@ var config = {
   // exist: only sync exist modules
   // all: sync all modules
   syncModel: 'none', // 'none', 'all', 'exist'
+  // sync package.json/dist-tag.json to sync dir
+  syncBackupFiles: false,
 
   syncConcurrency: 1,
   // sync interval, default is 10 minutes
@@ -289,13 +303,37 @@ var config = {
     enable: false,
     connectOptions: null,
   },
+
+  // custom format full package list
+  // change `GET /:name` request response body
+  // use on `controllers/registry/list.js`
+  formatCustomFullPackageInfoAndVersions: (ctx, packageInfo) => {
+    return packageInfo;
+  },
+  // custom format one package version
+  // change `GET /:name/:version` request response body
+  // use on `controllers/registry/show.js`
+  formatCustomOnePackageVersion: (ctx, packageVersion) => {
+    return packageVersion;
+  },
+  // registry download accelerate map
+  accelerateHostMap: {},
 };
 
 if (process.env.NODE_ENV === 'test') {
   config.enableAbbreviatedMetadata = true;
-  config.customRegistryMiddlewares.push(() => {
+  config.customRegistryMiddlewares.push((app) => {
     return function* (next) {
       this.set('x-custom-middleware', 'true');
+      this.set('x-custom-app-models', typeof app.models.query === 'function' ? 'true' : 'false');
+      yield next;
+    };
+  });
+
+  config.customWebMiddlewares.push((app) => {
+    return function* (next) {
+      this.set('x-custom-web-middleware', 'true');
+      this.set('x-custom-web-app-models', typeof app.models.query === 'function' ? 'true' : 'false');
       yield next;
     };
   });

controllers/registry/package/dist_tag.js

@@ -1,6 +1,7 @@
 'use strict';
 
 var packageService = require('../../../services/package');
+var hook = require('../../../services/hook');
 
 function ok() {
   return {
@@ -34,6 +35,19 @@ exports.update = function* () {
   for (var tag in tags) {
     var version = tags[tag];
     yield packageService.addModuleTag(name, tag, version);
+
+    // hooks
+    const envelope = {
+      event: 'package:dist-tag',
+      name: name,
+      tag: tag,
+      type: 'package',
+      version: version,
+      hookOwner: null,
+      payload: null,
+      change: null,
+    };
+    hook.trigger(envelope);
   }
   this.status = 201;
   this.body = ok();
@@ -60,6 +74,18 @@ exports.set = function* () {
   yield packageService.addModuleTag(name, tag, version);
   this.status = 201;
   this.body = ok();
+  // hooks
+  const envelope = {
+    event: 'package:dist-tag',
+    name: name,
+    tag: tag,
+    type: 'package',
+    version: version,
+    hookOwner: null,
+    payload: null,
+    change: null,
+  };
+  hook.trigger(envelope);
 };
 
 // DELETE /-/package/:pkg/dist-tags/:tag -- Remove tag from dist-tags
@@ -77,4 +103,15 @@ exports.destroy = function* () {
   }
   yield packageService.removeModuleTagsByNames(name, tag);
   this.body = ok();
+  // hooks
+  const envelope = {
+    event: 'package:dist-tag:rm',
+    name: name,
+    tag: tag,
+    type: 'package',
+    hookOwner: null,
+    payload: null,
+    change: null,
+  };
+  hook.trigger(envelope);
 };

controllers/registry/package/list.js

@@ -258,6 +258,10 @@ module.exports = function* list() {
   info.bugs = pkg.bugs;
   info.license = pkg.license;
 
+  if (typeof config.formatCustomFullPackageInfoAndVersions === 'function') {
+    info = config.formatCustomFullPackageInfoAndVersions(this, info);
+  }
+
   debug('show module %s: %s, latest: %s', name, rev, latestMod.version);
   this.jsonp = info;
   // use faster etag

controllers/registry/package/list_versions.js

@@ -0,0 +1,37 @@
+'use strict';
+
+const moment = require('moment');
+const packageService = require('../../../services/package');
+
+// GET /-/allversions?date={2020-02-20}
+// List all packages versions sync at date(gmt_modified)
+
+module.exports = function* () {
+  const query = this.query;
+  const date = moment(query.date, 'YYYY-MM-DD');
+  if (!date.isValid()) {
+    this.status = 400;
+    const error = '[query_parse_error] Invalid value for `date`, should be `YYYY-MM-DD` format.';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+
+  const today = date.format('YYYY-MM-DD');
+  const rows = yield packageService.findAllModuleAbbreviateds({
+    gmt_modified: {
+      $gte: `${today} 00:00:00`,
+      $lte: `${today} 23:59:59`,
+    },
+  });
+  this.body = rows.map(row => {
+    return {
+      name: row.name,
+      version: row.version,
+      publish_time: new Date(row.publish_time),
+      gmt_modified: row.gmt_modified,
+    };
+  });
+};

controllers/registry/package/remove.js

@@ -6,6 +6,7 @@ var packageService = require('../../../services/package');
 var totalService = require('../../../services/total');
 var nfs = require('../../../common/nfs');
 var logger = require('../../../common/logger');
+var config = require('../../../config');
 
 // DELETE /:name/-rev/:rev
 // https://github.com/npm/npm-registry-client/blob/master/lib/unpublish.js#L25
@@ -27,23 +28,25 @@ module.exports = function* remove(next) {
     totalService.plusDeleteModule(),
   ];
 
-  var keys = [];
-  for (var i = 0; i < mods.length; i++) {
-    var row = mods[i];
-    var dist = row.package.dist;
-    var key = dist.key;
-    if (!key) {
-      key = urlparse(dist.tarball).pathname;
+  if (config.unpublishRemoveTarball) {
+    var keys = [];
+    for (var i = 0; i < mods.length; i++) {
+      var row = mods[i];
+      var dist = row.package.dist;
+      var key = dist.key;
+      if (!key) {
+        key = urlparse(dist.tarball).pathname;
+      }
+      key && keys.push(key);
     }
-    key && keys.push(key);
-  }
 
-  try {
-    yield keys.map(function (key) {
-      return nfs.remove(key);
-    });
-  } catch (err) {
-    logger.error(err);
+    try {
+      yield keys.map(function (key) {
+        return nfs.remove(key);
+      });
+    } catch (err) {
+      logger.error(err);
+    }
   }
 
   // remove the maintainers

controllers/registry/package/remove_version.js

@@ -5,6 +5,7 @@ var packageService = require('../../../services/package');
 var nfs = require('../../../common/nfs');
 var logger = require('../../../common/logger');
 var getCDNKey = require('../../../lib/common').getCDNKey;
+var config = require('../../../config');
 
 // DELETE /:name/download/:filename/-rev/:rev
 // https://github.com/npm/npm-registry-client/blob/master/lib/unpublish.js#L97
@@ -38,21 +39,25 @@ module.exports = function* removeOneVersion(next) {
     return yield next;
   }
 
-  var key = mod.package && mod.package.dist && mod.package.dist.key;
-  if (!key) {
-    key = getCDNKey(mod.name, filename);
+  if (config.unpublishRemoveTarball) {
+    var key = mod.package && mod.package.dist && mod.package.dist.key;
+    if (!key) {
+      key = getCDNKey(mod.name, filename);
+    }
+
+    if (revertTo && revertTo.package) {
+      debug('removing key: %s from nfs, revert to %s@%s', key, revertTo.name, revertTo.package.version);
+    } else {
+      debug('removing key: %s from nfs, no revert mod', key);
+    }
+
+    try {
+      yield nfs.remove(key);
+    } catch (err) {
+      logger.error(err);
+    }
   }
 
-  if (revertTo && revertTo.package) {
-    debug('removing key: %s from nfs, revert to %s@%s', key, revertTo.name, revertTo.package.version);
-  } else {
-    debug('removing key: %s from nfs, no revert mod', key);
-  }
-  try {
-    yield nfs.remove(key);
-  } catch (err) {
-    logger.error(err);
-  }
   // remove version from table
   yield packageService.removeModulesByNameAndVersions(name, [version]);
   debug('removed %s@%s', name, version);

controllers/registry/package/save.js

@@ -78,15 +78,25 @@ module.exports = function* save(next) {
   var versionPackage = pkg.versions[version];
   var maintainers = versionPackage.maintainers;
 
-  // should never happened in normal request
   if (!maintainers) {
-    this.status = 400;
-    const error = '[maintainers_error] request body need maintainers';
-    this.body = {
-      error,
-      reason: error,
-    };
-    return;
+    var authorizeType = common.getAuthorizeType(this);
+    if (authorizeType === common.AuthorizeType.BEARER) {
+      // With the token mode, pub lib with no maintainers
+      // make the maintainer to be puber
+      maintainers = [{
+        name: this.user.name,
+        email: this.user.email,
+      }];
+    } else {
+      // should never happened in normal request
+      this.status = 400;
+      const error = '[maintainers_error] request body need maintainers';
+      this.body = {
+        error,
+        reason: error,
+      };
+      return;
+    }
   }
 
   // notice that admins can not publish to all modules

controllers/registry/package/show.js

@@ -1,9 +1,7 @@
 'use strict';
 
 var debug = require('debug')('cnpmjs.org:controllers:registry:package:show');
-var semver = require('semver');
 var packageService = require('../../../services/package');
-var setDownloadURL = require('../../../lib/common').setDownloadURL;
 var SyncModuleWorker = require('../../sync_module_worker');
 var config = require('../../../config');
 
@@ -18,40 +16,13 @@ var config = require('../../../config');
 module.exports = function* show() {
   var name = this.params.name || this.params[0];
   var tag = this.params.version || this.params[1];
-  if (tag === '*') {
-    tag = 'latest';
-  }
-  var version = semver.valid(tag);
-  var range = semver.validRange(tag);
-  var mod;
-  if (version) {
-    mod = yield packageService.getModule(name, version);
-  } else if (range) {
-    mod = yield packageService.getModuleByRange(name, range);
-  } else {
-    mod = yield packageService.getModuleByTag(name, tag);
-  }
+  var mod = yield packageService.showPackage(name, tag, this);
 
   if (mod) {
-    setDownloadURL(mod.package, this);
-    mod.package._cnpm_publish_time = mod.publish_time;
-    mod.package.publish_time = mod.package.publish_time || mod.publish_time;
-    var rs = yield [
-      packageService.listMaintainers(name),
-      packageService.listModuleTags(name),
-    ];
-    var maintainers = rs[0];
-    if (maintainers.length > 0) {
-      mod.package.maintainers = maintainers;
+    if (typeof config.formatCustomOnePackageVersion === 'function') {
+      mod.package = config.formatCustomOnePackageVersion(this, mod.package);
     }
-    var tags = rs[1];
-    var distTags = {};
-    for (var i = 0; i < tags.length; i++) {
-      var t = tags[i];
-      distTags[t.tag] = t.version;
-    }
-    // show tags for npminstall faster download
-    mod.package['dist-tags'] = distTags;
+
     this.jsonp = mod.package;
     if (config.registryCacheControlHeader) {
       this.set('cache-control', config.registryCacheControlHeader);
@@ -65,7 +36,7 @@ module.exports = function* show() {
   // if not fond, sync from source registry
   if (!this.allowSync) {
     this.status = 404;
-    const error = '[not_exists] version not found: ' + version;
+    const error = '[not_exists] version not found: ' + tag;
     this.jsonp = {
       error,
       reason: error,

controllers/registry/package/update.js

@@ -4,6 +4,7 @@ var debug = require('debug')('cnpmjs.org:controllers:registry:package:update');
 var packageService = require('../../../services/package');
 var userService = require('../../../services/user');
 var config = require('../../../config');
+var hook = require('../../../services/hook');
 
 // PUT /:name/-rev/:rev
 //
@@ -158,6 +159,31 @@ function* updateMaintainers() {
 
   var r = yield packageService.updatePrivateModuleMaintainers(name, usernames);
   debug('result: %j', r);
+  if (r.add && r.add.length) {
+    const envelope = {
+      event: 'package:owner',
+      name: name,
+      type: 'package',
+      version: null,
+      hookOwner: null,
+      payload: null,
+      change: null,
+    };
+    hook.trigger(envelope);
+  }
+  if (r.remove && r.remove.length) {
+    const envelope = {
+      event: 'package:owner-rm',
+      name: name,
+      type: 'package',
+      version: null,
+      hookOwner: null,
+      payload: null,
+      change: null,
+    };
+    hook.trigger(envelope);
+  }
+
 
   this.status = 201;
   this.body = {

controllers/registry/token/create.js

@@ -0,0 +1,53 @@
+'use strict';
+
+var ipRegex = require('ip-regex');
+var tokenService = require('../../../services/token');
+var userService = require('../../../services/user');
+var ipv4 = ipRegex.v4({ exact: true });
+
+module.exports = function* createToken() {
+  var readonly = this.request.body.readonly;
+  if (typeof readonly !== 'undefined' && typeof readonly !== 'boolean') {
+    this.status = 400;
+    var error = '[bad_request] readonly ' + readonly + ' is not boolean';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+  var cidrWhitelist = this.request.body.cidr_whitelist;
+  if (typeof cidrWhitelist !== 'undefined') {
+    var isValidateWhiteList = Array.isArray(cidrWhitelist) && cidrWhitelist.every(function (cidr) {
+      return ipv4.test(cidr);
+    });
+    if (!isValidateWhiteList) {
+      this.status = 400;
+      var error = '[bad_request] cide white list ' + JSON.stringify(cidrWhitelist) + ' is not validate ip array';
+      this.body = {
+        error,
+        reason: error,
+      };
+      return;
+    }
+  }
+
+  var password = this.request.body.password;
+  var user = yield userService.auth(this.user.name, password);
+  if (!user) {
+    this.status = 401;
+    var error = '[unauthorized] incorrect or missing password.';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+
+  var token = yield tokenService.createToken(this.user.name, {
+    readonly: !!readonly,
+    cidrWhitelist: cidrWhitelist || [],
+  });
+  this.status = 201;
+  this.body = token;
+};

controllers/registry/token/del.js

@@ -0,0 +1,8 @@
+'use strict';
+
+var tokenService = require('../../../services/token');
+
+module.exports = function* deleteToken() {
+  yield tokenService.deleteToken(this.user.name, this.params.UUID);
+  this.status = 204;
+};

controllers/registry/token/list.js

@@ -0,0 +1,60 @@
+'use strict';
+
+var tokenService = require('../../../services/token');
+
+var DEFAULT_PER_PAGE = 10;
+var MIN_PER_PAGE = 1;
+var MAX_PER_PAGE = 9999;
+
+module.exports = function* createToken() {
+  var perPage = typeof this.query.perPage === 'undefined' ? DEFAULT_PER_PAGE : parseInt(this.query.perPage);
+  if (Number.isNaN(perPage)) {
+    this.status = 400;
+    var error = 'perPage ' + this.query.perPage + ' is not a number';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+  if (perPage < MIN_PER_PAGE || perPage > MAX_PER_PAGE) {
+    this.status = 400;
+    var error = 'perPage ' + this.query.perPage + ' is out of boundary';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+
+  var page = typeof this.query.page === 'undefined' ? 0 : parseInt(this.query.page);
+  if (Number.isNaN(page)) {
+    this.status = 400;
+    var error = 'page ' + this.query.page + ' is not a number';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+  if (page < 0) {
+    this.status = 400;
+    var error = 'page ' + this.query.page + ' is invalidate';
+    this.body = {
+      error,
+      reason: error,
+    };
+    return;
+  }
+
+  var tokens = yield tokenService.listToken(this.user.name, {
+    page: page,
+    perPage: perPage,
+  });
+
+  this.status = 200;
+  this.body = {
+    objects: tokens,
+    urls: {},
+  };
+};

controllers/registry/user/add.js

@@ -3,6 +3,7 @@
 var ensurePasswordSalt = require('./common').ensurePasswordSalt;
 var userService = require('../../../services/user');
 var config = require('../../../config');
+var tokenService = require('../../../services/token');
 
 // npm 1.4.4
 // add new user first
@@ -63,8 +64,13 @@ module.exports = function* addUser() {
     return;
   }
   if (loginedUser) {
+    var token = yield tokenService.createToken(body.name, {
+      readonly: !!body.readonly,
+      cidrWhitelist: body.cidr_whitelist || [],
+    });
     this.status = 201;
     this.body = {
+      token: token.token,
       ok: true,
       id: 'org.couchdb.user:' + loginedUser.login,
       rev: Date.now() + '-' + loginedUser.login
@@ -118,8 +124,15 @@ module.exports = function* addUser() {
   // add new user
   var result = yield userService.add(user);
   this.etag = '"' + result.rev + '"';
+
+  var token = yield tokenService.createToken(body.name, {
+    readonly: !!body.readonly,
+    cidrWhitelist: body.cidr_whitelist || [],
+  });
+
   this.status = 201;
   this.body = {
+    token: token.token,
     ok: true,
     id: 'org.couchdb.user:' + name,
     rev: result.rev

controllers/registry/user/ping.js

@@ -0,0 +1,7 @@
+'use strict';
+
+// https://docs.npmjs.com/cli/ping
+module.exports = function* () {
+  this.status = 200;
+  this.body = {};
+};

controllers/registry/user/whoami.js

@@ -0,0 +1,9 @@
+'use strict';
+
+// https://docs.npmjs.com/cli/whoami
+module.exports = function* () {
+  this.status = 200;
+  this.body = {
+    username: this.user.name,
+  };
+};

controllers/sync.js

@@ -19,6 +19,7 @@ exports.sync = function* () {
   var publish = this.query.publish === 'true';
   var noDep = this.query.nodeps === 'true';
   var syncUpstreamFirst = this.query.sync_upstream === 'true';
+  var syncFromBackupFile = this.query.sync_from_backup === 'true';
   if (!config.sourceNpmRegistryIsCNpm) {
     syncUpstreamFirst = false;
   }
@@ -38,6 +39,7 @@ exports.sync = function* () {
     publish: publish,
     noDep: noDep,
     syncUpstreamFirst: syncUpstreamFirst,
+    syncFromBackupFile: syncFromBackupFile,
   };
 
   var logId = yield SyncModuleWorker.sync(name, username, options);

controllers/sync_module_worker.js

@@ -8,6 +8,7 @@ var thunkify = require('thunkify-wrap');
 var EventEmitter = require('events').EventEmitter;
 var util = require('util');
 var fs = require('fs');
+var mzFs = require('mz/fs');
 var path = require('path');
 var crypto = require('crypto');
 var sleep = require('co-sleep');
@@ -52,6 +53,7 @@ function SyncModuleWorker(options) {
   this.concurrency = options.concurrency || 1;
   this._publish = options.publish === true; // _publish_on_cnpm
   this.syncUpstreamFirst = options.syncUpstreamFirst;
+  this.syncFromBackupFile = options.syncFromBackupFile;
 
   this.syncingNames = {};
   this.nameMap = {};
@@ -164,6 +166,7 @@ SyncModuleWorker.prototype.start = function () {
     }
     yield arr;
     that._saveLog();
+    yield that._saveBackupFiles();
   }).catch(function (err) {
     logger.error(err);
     that._saveLog();
@@ -322,7 +325,194 @@ SyncModuleWorker.prototype.next = function* (concurrencyId) {
   yield this.syncByName(concurrencyId, name, registry);
 };
 
-SyncModuleWorker.prototype.syncByName = function* (concurrencyId, name, registry) {
+// TODO unimplement unpublish
+SyncModuleWorker.prototype._syncByNameFromBackupFile = function* (concurrencyId, name, retryCount) {
+  const that = this;
+  this.syncingNames[name] = true;
+
+  this.log('----------------- Syncing %s -------------------', name);
+
+  // ignore private scoped package
+  if (common.isPrivateScopedPackage(name)) {
+    this.log('[c#%d] [%s] ignore sync private scoped %j package',
+      concurrencyId, name, config.scopes);
+    yield this._doneOne(concurrencyId, name, true);
+    return;
+  }
+
+  // validate if unpublish
+  const unpublished = yield validateUnpublish(name);
+  if (unpublished) {
+    this.log('[c#%d] [%s] package is unpublished skip sync',
+      concurrencyId, name);
+    yield this._doneOne(concurrencyId, name, true);
+    return;
+  }
+
+  let packageJsons;
+  let tags;
+  try {
+    const packageDir = common.getSyncPackageDir(name);
+    const packageDirFiles = yield nfs.list(packageDir);
+    const packageJsonFileNames = packageDirFiles.filter(fileName => common.isBackupPkgFile(fileName));
+
+    const distTagDir = common.getSyncTagDir(name);
+    const distTagDirFiles = yield nfs.list(distTagDir);
+    const distTagFileNames = distTagDirFiles.filter(fileName => common.isBackupTagFile(fileName));
+
+    const packageJsonRes = yield gather(packageJsonFileNames.map(function* (packageJsonFileName) {
+      const version = common.getVersionFromFileName(packageJsonFileName);
+      return yield readPackage(name, version);
+    }), 5);
+    packageJsons = packageJsonRes.map(({ isError, error, value}) => {
+      if (isError) {
+        error.message = '[sync] read package.json failed: ' + error.message;
+        throw error;
+      }
+      return value;
+    });
+
+    packageJsons = packageJsons.sort((a, b) => {
+      return a.publish_time - b.publish_time;
+    });
+
+    const tagRes = yield gather(distTagFileNames.map(function* (tagFileName) {
+      const tag = common.getTagNameFromFileName(tagFileName);
+      const version = yield readDistTag(name, tag);
+      return {
+        tag,
+        version,
+      };
+    }));
+    tags = tagRes.map(({ isError, error, value}) => {
+      if (isError) {
+        error.message = '[sync] read dist-tag failed: ' + error.message;
+        throw error;
+      }
+      return value;
+    });
+  } catch (err) {
+    if (retryCount < 3) {
+      this.log('[c#%d] [%s] retry from oss after 3s, err: %s, retryCount: %s',
+        concurrencyId, name, err.stack, retryCount);
+      yield sleep(3000);
+      yield this._syncByNameFromBackupFile(concurrencyId, name, retryCount + 1);
+      return;
+    }
+    this.log('[c#%s] [error] [%s] sync error: %s', concurrencyId, name, err.stack);
+    yield this._doneOne(concurrencyId, name, false);
+    return;
+  }
+
+  const firstPkg = packageJsons[0];
+  const lastPkg = packageJsons[packageJsons.length - 1];
+
+  const times = packageJsons.reduce((times, packageJson) => {
+    times[packageJson.version] = new Date(packageJson.publish_time);
+    return times;
+  }, {
+    modified: new Date(lastPkg.publish_time),
+    created: new Date(firstPkg.publish_time),
+  });
+  const distTags = tags.reduce((distTags, tag) => {
+    distTags[tag.tag] = tag.version;
+    return distTags;
+  }, {});
+  const versions = packageJsons.reduce((versions, packageJson) => {
+    versions[packageJson.version] = packageJson;
+    return versions;
+  }, {});
+
+  const pkg = {
+    name,
+    'dist-tags': distTags,
+    versions: versions,
+    time: times,
+
+    description: lastPkg.description,
+    maintainers: lastPkg.maintainers,
+    author: lastPkg.author,
+    repository: lastPkg.repository,
+    readme: lastPkg.readme,
+    readmeFilename: lastPkg.readmeFilename,
+    homepage: lastPkg.homepage,
+    bugs: lastPkg.bugs,
+    license: lastPkg.license,
+  };
+
+  let syncVersions;
+  try {
+    syncVersions = yield this._sync(name, pkg);
+  } catch (err) {
+    this.log('[c#%s] [error] [%s] sync error: %s', concurrencyId, name, err.stack);
+    yield this._doneOne(concurrencyId, name, false);
+    return;
+  }
+
+  // has new version
+  if (syncVersions.length > 0) {
+    this.updates.push(name);
+  }
+
+  this.log('[c#%d] [%s] synced success, %d versions: %s',
+    concurrencyId, name, syncVersions.length, syncVersions.join(', '));
+  yield this._doneOne(concurrencyId, name, true);
+
+  return syncVersions;
+
+  function* validateUnpublish(name) {
+    const filePath = common.getTarballFilepath(name, '', `unpublish-package.json`);
+    const cdnKey = common.getUnpublishFileKey(name);
+    let unpublishInfo;
+    try {
+      yield nfs.download(cdnKey, filePath);
+      const packageJSONFile = yield mzFs.readFile(filePath, 'utf8');
+      unpublishInfo = JSON.parse(packageJSONFile);
+    } catch (_) {
+      // ...
+      return false;
+    } finally {
+      fs.unlink(filePath, utility.noop);
+    }
+    that.log('[c#%s] get unpublish info', concurrencyId, name);
+    yield that._unpublished(name, unpublishInfo);
+    return true;
+  }
+
+  function* readPackage(name, version) {
+    const filePath = common.getTarballFilepath(name, version, `package-${version}.json`);
+    const packageJsonKey = common.getPackageFileCDNKey(name, version);
+    try {
+      yield nfs.download(packageJsonKey, filePath);
+      const packageJSONFile = yield mzFs.readFile(filePath, 'utf8');
+      console.log('file: ', filePath, packageJSONFile);
+      const packageJSON = JSON.parse(packageJSONFile);
+      return packageJSON;
+    } finally {
+      fs.unlink(filePath, utility.noop);
+    }
+  }
+
+  function* readDistTag(name, tag) {
+    const filePath = common.getTarballFilepath(name, '', `tag-${tag}.json`);
+    const packageJsonKey = common.getDistTagCDNKey(name, tag);
+    try {
+      yield nfs.download(packageJsonKey, filePath);
+      const version = yield mzFs.readFile(filePath, 'utf8');
+      return version;
+    } finally {
+      fs.unlink(filePath, utility.noop);
+    }
+  }
+};
+
+SyncModuleWorker.prototype.syncByName = function* (concurrencyId, name, registry, retryCount) {
+  if (this.syncFromBackupFile) {
+    yield this._syncByNameFromBackupFile(concurrencyId, name, retryCount);
+    return;
+  }
+
+  retryCount = retryCount || 0;
   var that = this;
   that.syncingNames[name] = true;
   var pkg = null;
@@ -373,17 +563,28 @@ SyncModuleWorker.prototype.syncByName = function* (concurrencyId, name, registry
     // if 404
     if (!err.res || err.res.statusCode !== 404) {
       var errMessage = err.name + ': ' + err.message;
-      that.log('[c#%s] [error] [%s] get package(%s%s) error: %s, status: %s',
-        concurrencyId, name, registry, packageUrl, errMessage, status);
-      // replicate request error, try to request from official registry
-      if (registry !== config.officialNpmReplicate) {
+      that.log('[c#%s] [error] [%s] get package(%s%s) error: %s, status: %s, retryCount: %s',
+        concurrencyId, name, registry, packageUrl, errMessage, status, retryCount);
+
+      // retry from cnpmRegistry again, max 3 times
+      if (registry === config.cnpmRegistry && retryCount < 3) {
+        this.log('[c#%d] [%s] retry from %s after 3s, retryCount: %s',
+          concurrencyId, name, registry, retryCount);
+        yield sleep(3000);
+        yield that.syncByName(concurrencyId, name, registry, retryCount + 1);
+        return;
+      }
+
+      // replicate/cnpmRegistry request error, try to request from official registry
+      if (registry !== config.officialNpmReplicate && registry !== config.cnpmRegistry) {
         // sync fail
         yield that._doneOne(concurrencyId, name, false);
         return;
       }
 
       // retry from officialNpmRegistry when officialNpmReplicate fail
-      this.log('[c#%d] [%s] retry from %s', concurrencyId, name, config.officialNpmRegistry);
+      this.log('[c#%d] [%s] retry from %s, retryCount: %s',
+        concurrencyId, name, config.officialNpmRegistry, retryCount);
       try {
         var result = yield npmSerivce.request(packageUrl, { registry: config.officialNpmRegistry });
         pkg = result.data;
@@ -543,36 +744,39 @@ SyncModuleWorker.prototype._unpublished = function* (name, unpublishedInfo) {
   var r = yield packageService.saveUnpublishedModule(name, unpublishedInfo);
   this.log('    [%s] save unpublished info: %j to row#%s',
     name, unpublishedInfo, r.id);
-  if (mods.length === 0) {
-    return;
-  }
-  yield [
-    packageService.removeModulesByName(name),
-    packageService.removeModuleTags(name),
-  ];
-  var keys = [];
-  for (var i = 0; i < mods.length; i++) {
-    var row = mods[i];
-    var dist = row.package.dist;
-    var key = dist.key;
-    if (!key) {
-      key = urlparse(dist.tarball).pathname;
+  if (mods.length) {
+    yield [
+      packageService.removeModulesByName(name),
+      packageService.removeModuleTags(name),
+    ];
+    var keys = [];
+    for (var i = 0; i < mods.length; i++) {
+      var row = mods[i];
+      var dist = row.package.dist;
+      var key = dist.key;
+      if (!key) {
+        key = urlparse(dist.tarball).pathname;
+      }
+      key && keys.push(key);
     }
-    key && keys.push(key);
+
+    if (keys.length > 0) {
+      try {
+        yield keys.map(function (key) {
+          return nfs.remove(key);
+        });
+      } catch (err) {
+        // ignore error here
+        this.log('    [%s] delete nfs files: %j error: %s: %s',
+          name, keys, err.name, err.message);
+      }
+    }
+    this.log('    [%s] delete nfs files: %j success', name, keys);
   }
 
-  if (keys.length > 0) {
-    try {
-      yield keys.map(function (key) {
-        return nfs.remove(key);
-      });
-    } catch (err) {
-      // ignore error here
-      this.log('    [%s] delete nfs files: %j error: %s: %s',
-        name, keys, err.name, err.message);
-    }
+  if (config.syncBackupFiles) {
+    yield this._saveUnpublishFile(name, unpublishedInfo);
   }
-  this.log('    [%s] delete nfs files: %j success', name, keys);
 };
 
 SyncModuleWorker.prototype._sync = function* (name, pkg) {
@@ -1313,7 +1517,7 @@ SyncModuleWorker.prototype._syncOneVersion = function *(versionIndex, sourcePack
   var downurl = sourcePackage.dist.tarball;
   var urlobj = urlparse(downurl);
   var filename = path.basename(urlobj.pathname);
-  var filepath = common.getTarballFilepath(filename);
+  var filepath = common.getTarballFilepath(sourcePackage.name, sourcePackage.version, filename);
   var ws = fs.createWriteStream(filepath);
 
   var downloadOptions = {
@@ -1511,6 +1715,141 @@ SyncModuleWorker.prototype._syncOneVersion = function *(versionIndex, sourcePack
   }
 };
 
+SyncModuleWorker.prototype._saveBackupFiles = function *() {
+  if (!config.syncBackupFiles) {
+    return;
+  }
+  const pkgNames = Object.keys(this.nameMap);
+  const that = this;
+  yield gather(pkgNames.map(function* (pkgName) {
+    yield that._saveBackupFile(pkgName);
+  }), 5);
+};
+
+SyncModuleWorker.prototype._saveBackupFile = function *(pkgName) {
+  const [ mods, tags ] = yield [
+    packageService.listModulesByName(pkgName, [ 'version' ]),
+    packageService.listModuleTags(pkgName),
+  ];
+  const that = this;
+  yield gather(mods.map(function* (mod) {
+    yield that._savePackageJsonBackup(pkgName, mod.version);
+  }), 5);
+  yield gather(tags.map(function* (tag) {
+    yield that._saveDistTagBackup(pkgName, tag.tag, tag.version);
+  }), 5);
+  yield this._clearDeletedDistTags(pkgName, tags.map(t => t.tag));
+};
+
+SyncModuleWorker.prototype._saveUnpublishFile = function* (pkgName, pkg) {
+  const cdnKey = common.getUnpublishFileKey(pkgName);
+  const filePath = common.getTarballFilepath(pkgName, '', 'unpublish-package.json');
+  this.log('[%s] start save unpublish-package.json', pkgName);
+  const file = JSON.stringify(pkg);
+  yield mzFs.writeFile(filePath, file);
+
+  let shasum = crypto.createHash('sha1');
+  shasum.update(file);
+  shasum = shasum.digest('hex');
+
+  yield nfs.upload(filePath, {
+    key: cdnKey,
+    size: file.length,
+    shasum: shasum,
+  });
+  this.log('[%s:%s] save unpublish package.json backup success', pkgName);
+};
+
+SyncModuleWorker.prototype._savePackageJsonBackup = function *(pkgName, version) {
+  const cdnKey = common.getPackageFileCDNKey(pkgName, version);
+  const filePath = common.getTarballFilepath(pkgName, version, `package-${version}.json`);
+  this.log('[%s:%s] start backup package.json', pkgName, version);
+  // If package.json exists no need to sync
+  try {
+    yield nfs.download(cdnKey, filePath);
+    fs.unlink(filePath, utility.noop);
+    this.log('[%s:%s] package.json exits skip backup', pkgName, version);
+    // Download success, no need to sync
+    return;
+  } catch (_) {
+    // ...
+  }
+  // Version is from db, so mod can not be null
+  const mod = yield packageService.showPackage(pkgName, version, {
+    protocol: config.backupProtocol,
+  });
+
+  const file = JSON.stringify(mod.package);
+  yield mzFs.writeFile(filePath, file);
+
+  let shasum = crypto.createHash('sha1');
+  shasum.update(file);
+  shasum = shasum.digest('hex');
+
+  yield nfs.upload(filePath, {
+    key: cdnKey,
+    size: file.length,
+    shasum: shasum,
+  });
+  this.log('[%s:%s] package.json backup success', pkgName, version);
+};
+
+SyncModuleWorker.prototype._saveDistTagBackup = function *(pkgName, tag, version) {
+  const cdnKey = common.getDistTagCDNKey(pkgName, tag);
+  const filePath = common.getTarballFilepath(pkgName, '', `tag-${tag}.json`);
+  this.log('[%s:%s] start backup dist-tag.json', pkgName, tag);
+  let oldVersion;
+  try {
+    yield nfs.download(cdnKey, filePath);
+    oldVersion = yield mzFs.readFile(filePath, 'utf8');
+    fs.unlink(filePath, utility.noop);
+  } catch (_) {
+    // ...
+  }
+  this.log('[%s:%s] backup dist tag is %j current dist tag is %j', pkgName, tag, oldVersion, version);
+  if (oldVersion === version) {
+    this.log('[%s:%s] tag equal skip sync', pkgName, tag);
+    return;
+  }
+  this.log('[%s:%s] tag not equal start sync', pkgName, tag);
+  const file = version;
+  yield mzFs.writeFile(filePath, file);
+
+  let shasum = crypto.createHash('sha1');
+  shasum.update(file);
+  shasum = shasum.digest('hex');
+
+  yield nfs.upload(filePath, {
+    key: cdnKey,
+    size: file.length,
+    shasum: shasum,
+  });
+  this.log('[%s:%s] backup dist tag success', pkgName, tag);
+};
+
+SyncModuleWorker.prototype._clearDeletedDistTags = function *(pkgName, tagNames) {
+  const syncDir = common.getSyncTagDir(pkgName);
+  const backupDistTagFiless = yield nfs.list(syncDir);
+  const currentTagNames = new Set(tagNames);
+  const shouldDelTags = backupDistTagFiless.filter(tagFileName => {
+    const tagName = common.getTagNameFromFileName(tagFileName);
+    return (
+      // File is an dist-tag file
+      tagName
+      // tag is deleted
+      && !currentTagNames.has(tagName)
+    );
+  });
+  this.log('[%s] current tags %j backup tags %j should delete tags %j', pkgName, tagNames, backupDistTagFiless, shouldDelTags);
+  const that = this;
+  yield shouldDelTags.map(function* (tagFileName) {
+    const filePath = path.join(syncDir, tagFileName);
+    that.log('[%s] delete tags %s', pkgName, filePath);
+    yield nfs.remove(filePath);
+  });
+  this.log('[%s] delete tags success', pkgName);
+};
+
 SyncModuleWorker.sync = function* (name, username, options) {
   options = options || {};
   var result = yield logService.create({name: name, username: username});
@@ -1522,6 +1861,7 @@ SyncModuleWorker.sync = function* (name, username, options) {
     noDep: options.noDep,
     publish: options.publish,
     syncUpstreamFirst: options.syncUpstreamFirst,
+    syncFromBackupFile: options.syncFromBackupFile,
   });
   worker.start();
   return result.id;

docs/db.sql

@@ -92,7 +92,8 @@ CREATE TABLE IF NOT EXISTS `module` (
  UNIQUE KEY `uk_name` (`name`,`version`),
  KEY `idx_gmt_modified` (`gmt_modified`),
  KEY `idx_publish_time` (`publish_time`),
- KEY `idx_author` (`author`)
+ KEY `idx_author` (`author`),
+ KEY `idx_name_gmt_modified` (`name`,`gmt_modified`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='module info';
 -- ALTER TABLE `module` ADD `description` longtext;
 -- ALTER TABLE `module` ADD `publish_time` bigint(20) unsigned, ADD KEY `publish_time` (`publish_time`);
@@ -318,3 +319,17 @@ CREATE TABLE IF NOT EXISTS `dist_file` (
 -- ALTER TABLE `dist_file`
 --   CHANGE `name` `name` varchar(214) NOT NULL COMMENT 'file name',
 --   CHANGE `parent` `parent` varchar(214) NOT NULL COMMENT 'parent dir' DEFAULT '/';
+
+CREATE TABLE IF NOT EXISTS `token` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'primary key',
+ `gmt_create` datetime NOT NULL COMMENT 'create time',
+ `gmt_modified` datetime NOT NULL COMMENT 'modified time',
+ `token` varchar(100) NOT NULL COMMENT 'token',
+ `user_id` varchar(100) NOT NULL COMMENT 'user name',
+ `readonly` tinyint NOT NULL DEFAULT 0 COMMENT 'readonly or not, 1: true, other: false',
+ `token_key` varchar(200) NOT NULL COMMENT 'token sha512 hash',
+ `cidr_whitelist` varchar(500) NOT NULL COMMENT 'ip list, ["127.0.0.1"]',
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `uk_token` (`token`),
+ KEY `idx_user` (`user_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='token info';

docs/dockerize/config.js

@@ -229,6 +229,7 @@ var config = {
   // global hook function: function* (envelope) {}
   // envelope format please see https://github.com/npm/registry/blob/master/docs/hooks/hooks-payload.md#payload
   globalHook: null,
+  accelerateHostMap: {},
 };
 
 if (process.env.NODE_ENV !== 'test') {

docs/registry-api.md

@@ -50,7 +50,7 @@ Status: 4xx
 
 ## Authentication
 
-There is only one way to authenticate through the API.
+There are two ways to authenticate through the API.
 
 ## Basic Authentication
 
@@ -58,6 +58,12 @@ There is only one way to authenticate through the API.
 $ curl -u "username:password" https://registry.npmjs.org
 ```
 
+## Bearer Authentication
+
+```bash
+$ curl -H "Authorization: Bearer ${UUId}" https://registry.npmjs.org
+```
+
 ## Failed login limit
 
 ```bash
@@ -903,7 +909,8 @@ Status: 201 Created
 {
   "ok": true,
   "id": "org.couchdb.user:fengmk2",
-  "rev": "32-984ee97e01aea166dcab6d1517c730e3"
+  "rev": "32-984ee97e01aea166dcab6d1517c730e3",
+  "token": "85d32fad-bd43-4dd7-9451-4f7d907313a2"
 }
 ```
 
@@ -956,3 +963,76 @@ Status: 201 Created
 ```
 
 ## Search
+
+## Token
+
+- [Create token](/docs/registry-api.md#create-token)
+- [List token](/docs/registry-api.md#list-token)
+- [Delete token](/docs/registry-api.md#delete-token)
+
+### Create token
+
+* Authentication required.
+
+```
+POST /-/npm/v1/tokens
+```
+
+#### Input
+```json
+{
+  "password": "123",
+  "readonly": false,
+  "cidr_whitelist": [
+    "127.0.0.1"
+  ]
+}
+```
+
+#### Response 200
+```json
+HTTP/1.1 200 OK
+
+{
+  "token": "85d32fad-bd43-4dd7-9451-4f7d907313a2",
+  "key": "d06309a210570ef71cd9c7bd4849e7e96eeaa841976e63326436f6fd320dc4bbd452710e4e0fedc2efc2ea4a793b7159e95e9596e85e00dee26adc3f8afbb97f",
+  "cidr_whitelist": [ "127.0.0.1" ],
+  "created": "2015-01-04T08:28:51.378Z",
+  "updated": "2015-01-04T08:28:51.378Z",
+  "readonly": false
+}
+```
+
+### List token
+* Authentication required.
+
+```
+GET /-/npm/v1/tokens
+```
+
+### Input
+perPage=10&page=0
+
+#### Response 200
+```json
+{
+  "objects": [{
+    "token": "85d32f...7313a2",
+    "key": "d06309a210570ef71cd9c7bd4849e7e96eeaa841976e63326436f6fd320dc4bbd452710e4e0fedc2efc2ea4a793b7159e95e9596e85e00dee26adc3f8afbb97f",
+    "cidr_whitelist": [ "127.0.0.1" ],
+    "created": "2015-01-04T08:28:51.378Z",
+    "updated": "2015-01-04T08:28:51.378Z",
+    "readonly": false
+  }]
+}
+```
+
+### Delete token
+
+* Authentication required.
+
+```
+GET /-/npm/v1/tokens/token/:UUID
+```
+
+#### Response 204

docs/web/readme.md

@@ -8,6 +8,7 @@ So `cnpm` is meaning: **Company npm**.
 - [cnpmjs.org](/) version: <span id="app-version"></span>
 - [Node.js](https://nodejs.org) version: <span id="node-version"></span>
 - For developers in China, please visit [the China mirror](https://npm.taobao.org). 中国用户请访问[国内镜像站点](https://npm.taobao.org)。
+- Use the private npm service provided by Alibaba Cloud DevOps which build with cnpm. [https://packages.aliyun.com/](https://packages.aliyun.com/?channel=pd_cnpm_github)
 
 <div class="ant-table">
 <table class="downloads">
@@ -151,5 +152,5 @@ Release [History](/history).
 
 ## Sponsors
 
-- [![阿里云](https://static.aliyun.com/images/www-summerwind/logo.gif)](http://click.aliyun.com/m/4288/) (2016.2 - now)
+- [![阿里云](https://static.aliyun.com/images/www-summerwind/logo.gif)](http://click.aliyun.com/m/4288/) [![阿里云云效](https://img.alicdn.com/tfs/TB116yt3fb2gK0jSZK9XXaEgFXa-106-20.png)](https://devops.aliyun.com/?channel=pd_cnpm_github) (2016.2 - now)
 - [![UCloud云计算](https://www.ucloud.cn/static/style/images/about/logo.png)](http://www.ucloud.cn?sem=sdk-CNPMJS) (2015.3 - 2016.3)

index.js

@@ -1,17 +1,5 @@
-/**!
- * Copyright(c) cnpmjs.org and other contributors.
- * MIT Licensed
- *
- * Authors:
- *  dead_horse <dead_horse@qq.com> (http://deadhorse.me)
- */
-
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var config = require('./config');
 
 exports.loadConfig = config.loadConfig;

lib/common.js

@@ -2,13 +2,18 @@
 
 var crypto = require('crypto');
 var path = require('path');
-var config = require('../config');
+var utility = require('utility');
 var util = require('util');
+var config = require('../config');
+var BASIC_PREFIX = /basic /i;
+var BEARER_PREFIX = /bearer /i;
 
-exports.getTarballFilepath = function (filename) {
+exports.getTarballFilepath = function (packageName, packageVersion, filename) {
   // ensure download file path unique
   // TODO: not only .tgz, and also other extname
-  var name = filename.replace(/\.tgz$/, '.' + crypto.randomBytes(16).toString('hex') + '.tgz');
+  var name = filename.replace(/\.tgz$/, '.' + crypto.randomBytes(16).toString('hex'));
+  // use filename string md5 instead, fix "ENAMETOOLONG: name too long" error
+  name = packageName.replace(/\//g, '-').replace(/\@/g, '') + '-' + packageVersion.substring(0, 20) + '.' + utility.md5(name) + '.tgz';
   return path.join(config.uploadDir, name);
 };
 
@@ -21,6 +26,46 @@ exports.getCDNKey = function (name, filename) {
   return '/' + name + '/-/' + filename;
 };
 
+exports.getUnpublishFileKey = function (name) {
+  return `/${name}/sync/unpublish/unpublish-package.json`;
+};
+
+exports.getPackageFileCDNKey = function (name, version) {
+  return `/${name}/sync/packages/package-${version}.json`;
+};
+
+exports.getDistTagCDNKey = function (name, tag) {
+  return `/${name}/sync/tags/tag-${tag}.json`;
+};
+
+exports.getSyncTagDir = function (name) {
+  return `${name}/sync/tags/`;
+};
+
+exports.getSyncPackageDir = function (name) {
+  return `${name}/sync/packages/`;
+};
+
+const TAG_NAME_REG = /^tag-(.+)\.json$/;
+exports.getTagNameFromFileName = function (fileName) {
+  const res = fileName.match(TAG_NAME_REG);
+  return res && res[1];
+};
+
+exports.isBackupTagFile = function (fileName) {
+  return TAG_NAME_REG.test(fileName);
+};
+
+const PACKAGE_NAME_REG = /^package-(.+)\.json$/;
+exports.getVersionFromFileName = function (fileName) {
+  const res = fileName.match(PACKAGE_NAME_REG);
+  return res && res[1];
+};
+
+exports.isBackupPkgFile = function (fileName) {
+  return PACKAGE_NAME_REG.test(fileName);
+};
+
 exports.setDownloadURL = function (pkg, ctx, host) {
   if (pkg.dist) {
     host = host || config.registryHost || ctx.host;
@@ -64,8 +109,26 @@ exports.isLocalModule = function (mods) {
 };
 
 exports.isPrivateScopedPackage = function (name) {
+  if (!name) {
+    return false;
+  }
+
   if (name[0] !== '@') {
     return false;
   }
   return config.scopes.indexOf(name.split('/')[0]) >= 0;
 };
+
+var AuthorizeType = exports.AuthorizeType = {
+  BASIC: 'BASIC',
+  BEARER: 'BEARER',
+};
+
+exports.getAuthorizeType = function (ctx) {
+  var authorization = (ctx.get('authorization') || '').trim();
+  if (BASIC_PREFIX.test(authorization)) {
+    return AuthorizeType.BASIC;
+  } else if (BEARER_PREFIX.test(authorization)) {
+    return AuthorizeType.BEARER;
+  }
+};

middleware/auth.js

@@ -2,7 +2,9 @@
 
 var debug = require('debug')('cnpmjs.org:middleware:auth');
 var UserService = require('../services/user');
+var TokenService = require('../services/token');
 var config = require('../config');
+var common = require('../lib/common');
 
 /**
  * Parse the request authorization
@@ -13,25 +15,23 @@ module.exports = function () {
   return function* auth(next) {
     this.user = {};
 
-    var authorization = (this.get('authorization') || '').split(' ')[1] || '';
-    authorization = authorization.trim();
+    var authorization = (this.get('authorization') || '').trim();
     debug('%s %s with %j', this.method, this.url, authorization);
     if (!authorization) {
       return yield unauthorized.call(this, next);
     }
 
-    authorization = Buffer.from(authorization, 'base64').toString();
-    var pos = authorization.indexOf(':');
-    if (pos === -1) {
-       return yield unauthorized.call(this, next);
-    }
-
-    var username = authorization.slice(0, pos);
-    var password = authorization.slice(pos + 1);
-
     var row;
     try {
-      row = yield UserService.auth(username, password);
+      var authorizeType = common.getAuthorizeType(this);
+
+      if (authorizeType === common.AuthorizeType.BASIC) {
+        row = yield basicAuth(authorization);
+      } else if (authorizeType === common.AuthorizeType.BEARER) {
+        row = yield bearerAuth(authorization, this.method, this.ip);
+      } else {
+        return yield unauthorized.call(this, next);
+      }
     } catch (err) {
       // do not response error here
       // many request do not need login
@@ -51,6 +51,30 @@ module.exports = function () {
   };
 };
 
+function* basicAuth(authorization) {
+  authorization = authorization.split(' ')[1];
+  authorization = Buffer.from(authorization, 'base64').toString();
+
+  var pos = authorization.indexOf(':');
+  if (pos === -1) {
+    return null;
+  }
+
+  var username = authorization.slice(0, pos);
+  var password = authorization.slice(pos + 1);
+
+  return yield UserService.auth(username, password);
+}
+
+function* bearerAuth(authorization, method, ip) {
+  var token = authorization.split(' ')[1];
+  var isReadOperation = method === 'HEAD' || method === 'GET';
+  return yield TokenService.validateToken(token, {
+    isReadOperation: isReadOperation,
+    accessIp: ip,
+  });
+}
+
 function* unauthorized(next) {
   if (!config.alwaysAuth || this.method !== 'GET') {
     return yield next;

middleware/login.js

@@ -3,6 +3,11 @@
 var http = require('http');
 
 module.exports = function *login(next) {
+  if (this.path === '/-/ping' && this.query.write !== 'true') {
+    yield next;
+    return;
+  }
+
   if (this.user.error) {
     var status = this.user.error.status;
     this.status = http.STATUS_CODES[status]

models/index.js

@@ -26,6 +26,7 @@ module.exports = {
   User: load('user'),
   Total: load('total'),
   DownloadTotal: load('download_total'),
+  Token: load('token'),
 
   query: function* (sql, args) {
     var options = { replacements: args };

models/module.js

@@ -1,19 +1,5 @@
-/**!
- * cnpmjs.org - models/module.js
- *
- * Copyright(c) fengmk2 and other contributors.
- * MIT Licensed
- *
- * Authors:
- *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com)
- */
-
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 /*
 CREATE TABLE IF NOT EXISTS `module` (
  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'primary key',

models/token.js

@@ -0,0 +1,117 @@
+'use strict';
+
+/*
+CREATE TABLE IF NOT EXISTS `token` (
+ `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'primary key',
+ `gmt_create` datetime NOT NULL COMMENT 'create time',
+ `gmt_modified` datetime NOT NULL COMMENT 'modified time',
+ `token` varchar(100) NOT NULL COMMENT 'token',
+ `user_id` varchar(100) NOT NULL COMMENT 'user name',
+ `readonly` tinyint NOT NULL DEFAULT 0 COMMENT 'readonly or not, 1: true, other: false',
+ `token_key` varchar(200) NOT NULL COMMENT 'token sha512 hash',
+ `cidr_whitelist` varchar(500) NOT NULL COMMENT 'ip list, ["127.0.0.1"]',
+ PRIMARY KEY (`id`),
+ UNIQUE KEY `uk_token` (`token`),
+ KEY `idx_user_id` (`user_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='token info';
+ */
+
+module.exports = function (sequelize, DataTypes) {
+  return sequelize.define('Token', {
+    token: {
+      type: DataTypes.STRING(100),
+      allowNull: false,
+      comment: 'token',
+    },
+    userId: {
+      field: 'user_id',
+      type: DataTypes.STRING(100),
+      allowNull: false,
+      comment: 'user name'
+    },
+    readonly: {
+      type: DataTypes.BOOLEAN,
+      allowNull: false,
+      defaultValue: false,
+      comment: 'readonly or not, 1: true, other: false',
+    },
+    key: {
+      field: 'token_key',
+      type: DataTypes.STRING(256),
+      allowNull: false,
+      comment: 'token sha512 hash',
+    },
+    cidrWhitelist: {
+      field: 'cidr_whitelist',
+      type: DataTypes.STRING(500),
+      allowNull: false,
+      comment: 'ip list, ["127.0.0.1"]',
+      get: function () {
+        try {
+          return JSON.parse(this.getDataValue('cidrWhitelist'));
+        } catch (_) {
+          return [];
+        }
+      },
+      set: function (val) {
+        try {
+          var stringifyVal = JSON.stringify(val);
+          this.setDataValue('cidrWhitelist', stringifyVal);
+        } catch (_) {
+          // ...
+        }
+      }
+    },
+  }, {
+    tableName: 'token',
+    comment: 'token info',
+    indexes: [
+      {
+        unique: true,
+        fields: [ 'token' ],
+      },
+      {
+        fields: [ 'user_id' ],
+      }
+    ],
+    classMethods: {
+      findByToken: function* (token) {
+        return yield this.find({ where: { token: token } });
+      },
+      add: function* (tokenObj) {
+        var row = this.build(tokenObj);
+        return yield row.save();
+      },
+      listByUser: function* (userId, offset, limit) {
+        return yield this.findAll({
+          where: {
+            userId: userId,
+          },
+          limit: limit,
+          offset: offset,
+          order: 'id asc',
+        });
+      },
+      deleteByKeyOrToken: function* (userId, keyOrToken) {
+        const self = this;
+        yield sequelize.transaction(function (t) {
+          return self.destroy({
+            where: {
+              userId: userId,
+              $or: [
+                { key: { like: keyOrToken + '%' } },
+                { token: keyOrToken },
+              ],
+            },
+            transaction: t,
+          }).then(function (deleteRows) {
+            // Key like query should not match more than 1 row
+            if (deleteRows > 1) {
+              throw new Error(`Token ID "${keyOrToken}" was ambiguous`);
+            }
+          });
+        });
+      },
+    },
+  });
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cnpmjs.org",
-  "version": "3.0.0-rc.29",
+  "version": "3.0.0-rc.44",
   "description": "Private npm registry and web for Enterprise, base on MySQL and Simple Store Service",
   "main": "index.js",
   "scripts": {
@@ -28,7 +28,7 @@
     "copy-to": "^2.0.1",
     "debug": "^3.0.0",
     "error-formater": "^1.0.3",
-    "fs-cnpm": "^1.2.0",
+    "fs-cnpm": "^2.1.0",
     "giturl": "^1.0.0",
     "graceful": "^1.0.1",
     "gravatar": "^1.6.0",
@@ -36,6 +36,7 @@
     "humanize-ms": "^1.2.1",
     "humanize-number": "~0.0.2",
     "ioredis": "^4.6.2",
+    "ip-regex": "^4.1.0",
     "is-type-of": "^1.2.0",
     "kcors": "^1.2.1",
     "koa": "^1.2.0",
@@ -68,6 +69,7 @@
     "tunnel-agent": "^0.6.0",
     "urllib": "^2.24.0",
     "utility": "^1.12.0",
+    "uuid": "^8.3.0",
     "xss": "^0.3.3"
   },
   "devDependencies": {

routes/registry.js

@@ -11,6 +11,7 @@ var unpublishable = require('../middleware/unpublishable');
 var showTotal = require('../controllers/total');
 
 var listAll = require('../controllers/registry/package/list_all');
+var listAllPackageVersions = require('../controllers/registry/package/list_versions');
 var listShorts = require('../controllers/registry/package/list_shorts');
 var listSince = require('../controllers/registry/package/list_since');
 var listAllVersions = require('../controllers/registry/package/list');
@@ -28,6 +29,12 @@ var listPackagesByUser = require('../controllers/registry/package/list_by_user')
 var addUser = require('../controllers/registry/user/add');
 var showUser = require('../controllers/registry/user/show');
 var updateUser = require('../controllers/registry/user/update');
+var whoami = require('../controllers/registry/user/whoami');
+var ping = require('../controllers/registry/user/ping');
+
+var createToken = require('../controllers/registry/token/create');
+var delToken = require('../controllers/registry/token/del');
+var listToken = require('../controllers/registry/token/list');
 
 var sync = require('../controllers/sync');
 var userPackage = require('../controllers/registry/user_package');
@@ -51,6 +58,11 @@ function routes(app) {
   // get all module names, for auto completion
   app.get('/-/short', listShorts);
 
+  app.get('/-/allversions', listAllPackageVersions);
+
+  app.get('/-/whoami', login, whoami);
+  app.get('/-/ping', login, ping);
+
   // module
   // scope package: params: [$name]
   app.get(/^\/(@[\w\-\.]+\/[^\/]+)$/, syncByInstall, listAllVersions);
@@ -99,6 +111,11 @@ function routes(app) {
   app.get('/-/user/org.couchdb.user::name', showUser);
   app.put('/-/user/org.couchdb.user::name/-rev/:rev', login, updateUser);
 
+  // token api
+  app.get('/-/npm/v1/tokens', login, listToken);
+  app.post('/-/npm/v1/tokens', login, createToken);
+  app.delete('/-/npm/v1/tokens/token/:UUID', login, delToken);
+
   // list all packages of user
   app.get('/-/by-user/:user', userPackage.list);
   app.get('/-/users/:user/packages', listPackagesByUser);

servers/registry.js

@@ -16,6 +16,7 @@ var block = require('../middleware/block');
 var auth = require('../middleware/auth');
 var staticCache = require('../middleware/static');
 var notFound = require('../middleware/registry_not_found');
+var models = require('../models');
 var cors = require('kcors');
 var proxyToNpm = require('../middleware/proxy_to_npm');
 var maxrequests = require('koa-maxrequests');
@@ -52,6 +53,7 @@ app.use(notFound);
 app.use(conditional());
 app.use(etag());
 
+app.models = models;
 for (const middleware of config.customRegistryMiddlewares) {
   app.use(middleware(app));
 }

servers/web.js

@@ -17,6 +17,7 @@ var auth = require('../middleware/auth');
 var proxyToNpm = require('../middleware/proxy_to_npm');
 var routes = require('../routes/web');
 var config = require('../config');
+var models = require('../models');
 var jsonp = require('koa-safe-jsonp');
 var path = require('path');
 var http = require('http');
@@ -42,6 +43,12 @@ if (config.pagemock) {
   }));
 }
 
+// add app.models, let middleware can access models ref
+app.models = models;
+for (const mw of config.customWebMiddlewares) {
+  app.use(mw(app));
+}
+
 app.use(opensearch);
 app.keys = ['todokey', config.sessionSecret];
 app.proxy = true;
@@ -67,7 +74,8 @@ var footer = config.customFooter || fs.readFileSync(path.join(viewDir, 'footer.h
 var layout = fs.readFileSync(path.join(viewDir, 'layout.html'), 'utf8')
   .replace('{{footer}}', footer)
   .replace('{{logoURL}}', config.logoURL)
-  .replace('{{adBanner}}', config.adBanner || '');
+  .replace('{{adBanner}}', config.adBanner || '')
+  .replace('{{customHeader}}', config.customHeader || '');
 fs.writeFileSync(layoutFile, layout);
 
 // custom web readme home page support

services/package.js

@@ -3,6 +3,7 @@
 var semver = require('semver');
 var models = require('../models');
 var common = require('./common');
+var libCommon = require('../lib/common');
 var config = require('../config');
 var Tag = models.Tag;
 var User = models.User;
@@ -251,16 +252,12 @@ exports.listModulesByName = function* (moduleName, attributes) {
 };
 
 exports.getModuleLastModified = function* (name) {
-  var mod = yield Module.find({
+  var gmt_modified = yield Module.max('gmt_modified', {
     where: {
       name: name,
     },
-    order: [
-      ['gmt_modified', 'DESC']
-    ],
-    attributes: [ 'gmt_modified' ]
   });
-  return mod && mod.gmt_modified || null;
+  return gmt_modified;
 };
 
 // module:update
@@ -345,6 +342,18 @@ exports.listModuleAbbreviatedsByName = function* (name) {
   return rows;
 };
 
+exports.findAllModuleAbbreviateds = function* (where, order, limit, offset) {
+  const params = {
+    where,
+    order,
+    limit,
+    offset,
+    attributes: [ 'name', 'version', 'publish_time', 'gmt_modified'  ],
+  };
+  const rows = yield models.ModuleAbbreviated.findAll(params);
+  return rows;
+};
+
 // https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object
 exports.saveModuleAbbreviated = function* (mod) {
   var pkg = JSON.stringify({
@@ -857,3 +866,45 @@ exports.saveUnpublishedModule = function* (name, pkg) {
 exports.getUnpublishedModule = function* (name) {
   return yield ModuleUnpublished.findByName(name);
 };
+
+exports.showPackage = function* (name, tag, ctx) {
+  if (tag === '*') {
+    tag = 'latest';
+  }
+  if (tag === '*') {
+    tag = 'latest';
+  }
+  var version = semver.valid(tag);
+  var range = semver.validRange(tag);
+  var mod;
+  if (version) {
+    mod = yield exports.getModule(name, version);
+  } else if (range) {
+    mod = yield exports.getModuleByRange(name, range);
+  } else {
+    mod = yield exports.getModuleByTag(name, tag);
+  }
+
+  if (mod) {
+    libCommon.setDownloadURL(mod.package, ctx || {});
+    mod.package._cnpm_publish_time = mod.publish_time;
+    mod.package.publish_time = mod.package.publish_time || mod.publish_time;
+    var rs = yield [
+      exports.listMaintainers(name),
+      exports.listModuleTags(name),
+    ];
+    var maintainers = rs[0];
+    if (maintainers.length > 0) {
+      mod.package.maintainers = maintainers;
+    }
+    var tags = rs[1];
+    var distTags = {};
+    for (var i = 0; i < tags.length; i++) {
+      var t = tags[i];
+      distTags[t.tag] = t.version;
+    }
+    // show tags for npminstall faster download
+    mod.package['dist-tags'] = distTags;
+    return mod;
+  }
+};

services/token.js

@@ -0,0 +1,121 @@
+'use strict';
+
+var Token = require('../models').Token;
+var UserService = require('./user');
+var uuid = require('uuid');
+var crypto = require('crypto');
+var DEFAULT_TOKEN_OPTIONS = {
+  readonly: false,
+  cidrWhitelist: [],
+};
+var DEFAULT_LIST_TOKEN_OPTIONS = {
+  perPage: 10,
+  page: 0,
+};
+
+/**
+ * 1. check the token exits
+ * 1. check readOnly
+ * 1. check cidr white list
+ *
+ * @param {string} token -
+ * @param {object} options -
+ * @param {string} options.isReadOperation -
+ * @param {string} options.accessIp -
+ */
+exports.validateToken = function* (token, options) {
+  var row = yield Token.findByToken(token);
+  if (!row) {
+    return null;
+  }
+
+  var name = row.userId;
+  var tokenObj = convertToken(row);
+  // write operation and readonly token
+  // validate fail
+  if (!options.isReadOperation && tokenObj.readonly) {
+    return null;
+  }
+
+  // has a cidr whitelist and access ip not in list
+  // validate fail
+  var cidrWhitelist = tokenObj.cidr_whitelist;
+  if (cidrWhitelist.length && !cidrWhitelist.includes(options.accessIp)) {
+    return null;
+  }
+
+  return yield UserService.get(name);
+};
+
+/**
+ * create token for user
+ * @param {string} userId -
+ * @param {object} [options] -
+ * @param {object} [options.readonly] - default is false
+ * @param {object} [options.cidrWhitelist] - default is []
+ */
+exports.createToken = function* (userId, options) {
+  options = Object.assign({}, DEFAULT_TOKEN_OPTIONS, options);
+  var token = uuid.v4();
+  var key = createTokenKey(token);
+  var tokenObj = {
+    token: token,
+    userId: userId,
+    readonly: options.readonly,
+    key: key,
+    cidrWhitelist: options.cidrWhitelist,
+  };
+  var row = yield Token.add(tokenObj);
+  return convertToken(row, { redacte: false });
+};
+
+/**
+ * list token for user
+ * @param {string} userId -
+ * @param {object} [options] -
+ * @param {object} [options.perPage] - default is 10
+ * @param {object} [options.page] - default is 0
+ */
+exports.listToken = function* (userId, options) {
+  options = Object.assign({}, DEFAULT_LIST_TOKEN_OPTIONS, options);
+  var rows = yield Token.listByUser(userId, options.perPage * options.page, options.perPage);
+  return rows.map(function(row) {
+    return convertToken(row);
+  });
+};
+
+/**
+ * delete token for user
+ * @param {string} userId -
+ * @param {string} keyOrToken - the key prefix or full token
+ */
+exports.deleteToken = function* (userId, keyOrToken) {
+  yield Token.deleteByKeyOrToken(userId, keyOrToken);
+};
+
+function convertToken(row, options) {
+  options = options || {};
+  var token = row.token;
+  if (options.redacte !== false) {
+    token = redacteToken(token);
+  }
+  return {
+    token: token,
+    key: row.key,
+    cidr_whitelist: row.cidrWhitelist,
+    created: row.gmt_create,
+    updated: row.gmt_create,
+    readonly: row.readonly,
+  };
+}
+
+function redacteToken(token) {
+  if (!token) {
+    return null;
+  }
+  return `${token.substr(0, 6)}...${token.substr(-6)}`;
+}
+
+function createTokenKey(token) {
+  return crypto.createHash('sha512').update(token).digest('hex');
+}

services/total.js

@@ -13,18 +13,29 @@ if (config.database.dialect === 'postgres') {
 }
 
 exports.get = function* () {
+  var rs;
   // var DB_SIZE_SQL = 'SELECT TABLE_NAME AS name, data_length, index_length \
   //   FROM information_schema.tables WHERE TABLE_SCHEMA = ? \
   //   GROUP BY TABLE_NAME \
   //   ORDER BY data_length DESC \
   //   LIMIT 0, 200';
-  var rs = yield [
-    // models.query(DB_SIZE_SQL, [config.db]),
-    models.queryOne(TOTAL_MODULE_SQL),
-    models.queryOne(TOTAL_VERSION_SQL),
-    models.queryOne(TOTAL_USER_SQL),
-    exports.getTotalInfo(),
-  ];
+  if (config.enableTotalCount) {
+    rs = yield [
+      // models.query(DB_SIZE_SQL, [config.db]),
+      models.queryOne(TOTAL_MODULE_SQL),
+      models.queryOne(TOTAL_VERSION_SQL),
+      models.queryOne(TOTAL_USER_SQL),
+      exports.getTotalInfo(),
+    ];
+  } else {
+    rs = yield [
+      models.queryOne(TOTAL_USER_SQL),
+      exports.getTotalInfo(),
+    ];
+    // set total modules and versions to zero
+    rs.unshift({ count: 0 });
+    rs.unshift({ count: 0 });
+  }
 
   // var sizes = rs[0];
   var mc = rs[0];

test/common/urllib.test.js

@@ -0,0 +1,39 @@
+'use strict';
+
+const assert = require('assert');
+const mm = require('mm');
+const urllib = require('../../common/urllib');
+const config = require('../../config');
+
+describe('test/common/urllib.test.js', () => {
+  describe('accelerate request', () => {
+    beforeEach(() => {
+      mm(config, 'accelerateHostMap', {
+        'www.alipay.com': 'www.antgroup.com'
+      });
+    });
+
+    describe('direct', () => {
+      it('should work', function* () {
+        const res = yield urllib.request('https://www.alipay.com', {
+          followRedirect: true,
+        });
+        assert.deepStrictEqual(res.res.requestUrls, [
+          'https://www.antgroup.com/',
+        ]);
+      });
+    });
+
+    describe('redirect', () => {
+      it('should work', function* () {
+        const res = yield urllib.request('http://alipay.com', {
+          followRedirect: true,
+        });
+        assert.deepStrictEqual(res.res.requestUrls, [
+          'http://alipay.com/',
+          'https://www.antgroup.com/',
+        ]);
+      });
+    });
+  });
+});

test/controllers/registry/package/dist_tag.test.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var assert = require('assert');
 var request = require('supertest');
 var mm = require('mm');
 var pedding = require('pedding');
@@ -117,6 +118,27 @@ describe('test/controllers/registry/package/dist_tag.test.js', function () {
         .expect(201, done);
       });
     });
+
+    it('should fire globalHook', function (done) {
+      done = pedding(2, done);
+      mm(config, 'globalHook', function* (envelope) {
+        assert(envelope.version === '1.0.1');
+        assert(envelope.name === '@cnpmtest/dist_tag_test_module_set');
+        assert(envelope.type === 'package');
+        assert(envelope.event === 'package:dist-tag');
+        assert(envelope.tag === 'exists');
+        done();
+      })
+      request(app)
+        .put('/-/package/@cnpmtest/dist_tag_test_module_set/dist-tags/exists')
+        .set('authorization', utils.otherUserAuth)
+        .set('content-type', 'application/json')
+        .send(JSON.stringify('1.0.1'))
+        .expect({
+          ok: 'dist-tags updated'
+        })
+        .expect(201, done);
+    });
   });
 
   describe('destroy()', function () {
@@ -178,6 +200,25 @@ describe('test/controllers/registry/package/dist_tag.test.js', function () {
       })
       .expect(200, done);
     });
+
+    it('should fire globalHook', function (done) {
+      done = pedding(2, done);
+      mm(config, 'globalHook', function* (envelope) {
+        assert(envelope.name === '@cnpmtest/dist_tag_test_module_destroy');
+        assert(envelope.type === 'package');
+        assert(envelope.event === 'package:dist-tag:rm');
+        assert(envelope.tag === 'next');
+        done();
+      })
+      request(app)
+        .delete('/-/package/@cnpmtest/dist_tag_test_module_destroy/dist-tags/next')
+        .set('authorization', utils.otherUserAuth)
+        .set('content-type', 'application/json')
+        .expect({
+          ok: 'dist-tags updated'
+        })
+        .expect(200, done);
+    });
   });
 
   describe('save()', function () {
@@ -243,6 +284,39 @@ describe('test/controllers/registry/package/dist_tag.test.js', function () {
         }, done);
       });
     });
+
+    it('should fire globalHook', function (done) {
+      done = pedding(3, done);
+      mm(config, 'globalHook', function* (envelope) {
+        if (envelope.tag === 'latest') {
+          assert(envelope.version === '1.0.1');
+          assert(envelope.name === '@cnpmtest/dist_tag_test_module_save');
+          assert(envelope.type === 'package');
+          assert(envelope.event === 'package:dist-tag');
+          assert(envelope.tag === 'latest');
+          done();
+        }
+        if (envelope.tag === 'new') {
+          assert(envelope.version === '1.0.1');
+          assert(envelope.name === '@cnpmtest/dist_tag_test_module_save');
+          assert(envelope.type === 'package');
+          assert(envelope.event === 'package:dist-tag');
+          assert(envelope.tag === 'new');
+          done();
+        }
+      })
+      request(app)
+        .put('/-/package/@cnpmtest/dist_tag_test_module_save/dist-tags')
+        .set('authorization', utils.otherUserAuth)
+        .send({
+          latest: '1.0.1',
+          new: '1.0.1'
+        })
+        .expect({
+          ok: 'dist-tags updated'
+        })
+        .expect(201, done);
+    });
   });
 
   describe('update()', function () {

test/controllers/registry/package/list.test.js

@@ -49,6 +49,7 @@ describe('test/controllers/registry/package/list.test.js', () => {
       var data = res.body;
       data.name.should.equal('@cnpmtest/testmodule-list-1');
       assert(res.headers['x-custom-middleware'] === 'true');
+      assert(res.headers['x-custom-app-models'] === 'true');
       done();
     });
   });
@@ -229,6 +230,29 @@ describe('test/controllers/registry/package/list.test.js', () => {
     }, done);
   });
 
+  it('should config.formatCustomFullPackageInfoAndVersions work', async () => {
+    mm(config, 'formatCustomFullPackageInfoAndVersions', (ctx, info) => {
+      console.log('%s %s, query: %j', ctx.method, ctx.url, ctx.query);
+      info.description = '';
+      info.readme = '';
+      for (const version in info.versions) {
+        const item = info.versions[version];
+        item.description = '';
+        item.readme = '';
+      }
+      return info;
+    });
+    const res = await request(app)
+      .get('/@cnpmtest/testmodule-list-1?a=123123');
+    assert(res.status === 200);
+    assert(res.body.description === '');
+    assert(res.body.readme === '');
+    const firstVersion = Object.keys(res.body.versions)[0];
+    assert(firstVersion);
+    assert(res.body.versions[firstVersion].description === '');
+    assert(res.body.versions[firstVersion].readme === '');
+  });
+
   describe.skip('unpublished', () => {
     before(done => {
       mm(config, 'syncModel', 'all');
@@ -319,7 +343,7 @@ describe('test/controllers/registry/package/list.test.js', () => {
           assert(Object.keys(data.versions).length > 0);
           for (const v in data.versions) {
             const pkg = data.versions[v];
-            assert('_hasShrinkwrap' in pkg);
+            // assert('_hasShrinkwrap' in pkg);
             assert(pkg.publish_time && typeof pkg.publish_time === 'number');
             assert(pkg._publish_on_cnpm === undefined);
           }
@@ -344,7 +368,7 @@ describe('test/controllers/registry/package/list.test.js', () => {
           assert(Object.keys(data.versions).length > 0);
           for (const v in data.versions) {
             const pkg = data.versions[v];
-            assert('_hasShrinkwrap' in pkg);
+            // assert('_hasShrinkwrap' in pkg);
             assert(pkg.publish_time && typeof pkg.publish_time === 'number');
             assert(pkg._publish_on_cnpm === undefined);
           }
@@ -382,7 +406,7 @@ describe('test/controllers/registry/package/list.test.js', () => {
           assert(Object.keys(data.versions).length > 0);
           for (const v in data.versions) {
             const pkg = data.versions[v];
-            assert('_hasShrinkwrap' in pkg);
+            // assert('_hasShrinkwrap' in pkg);
             assert(pkg.publish_time && typeof pkg.publish_time === 'number');
             assert(pkg._publish_on_cnpm === undefined);
           }
@@ -407,7 +431,7 @@ describe('test/controllers/registry/package/list.test.js', () => {
           assert(Object.keys(data.versions).length > 0);
           for (const v in data.versions) {
             const pkg = data.versions[v];
-            assert('_hasShrinkwrap' in pkg);
+            // assert('_hasShrinkwrap' in pkg);
             assert(pkg.publish_time && typeof pkg.publish_time === 'number');
             assert(pkg._publish_on_cnpm === undefined);
             assert(pkg.dist.tarball.includes('.tgz?bucket=foo-us1&admin=1&other_urls=http'));

test/controllers/registry/package/list_by_user.test.js

@@ -46,14 +46,14 @@ describe('test/controllers/registry/package/list_by_user.test.js', function () {
         map['@cnpmtest/list_by_user_module1'].should.be.an.Object();
         map['@cnpmtest/list_by_user_module1'].should.eql({
           name: '@cnpmtest/list_by_user_module1',
-          description: '',
+          description: 'mk2testmodule version description here',
           version: '1.0.1',
         });
 
         map['@cnpmtest/list_by_user_module2'].should.be.an.Object();
         map['@cnpmtest/list_by_user_module2'].should.eql({
           name: '@cnpmtest/list_by_user_module2',
-          description: '',
+          description: 'mk2testmodule version description here',
           version: '2.0.0',
         });
       })

test/controllers/registry/package/list_versions.test.js

@@ -0,0 +1,43 @@
+'use strict';
+
+const should = require('should');
+const request = require('supertest');
+const mm = require('mm');
+const moment = require('moment');
+const config = require('../../../../config');
+const app = require('../../../../servers/registry');
+const utils = require('../../../utils');
+
+describe('test/controllers/registry/package/list_versions.test.js', function () {
+  afterEach(mm.restore);
+
+  before(function (done) {
+    utils.sync('pedding', done);
+  });
+
+  describe('GET /-/allversions', function () {
+    it('should get 200', function (done) {
+      mm(config, 'syncModel', 'all');
+      request(app)
+      .get('/-/allversions?date=' + moment().format('YYYY-MM-DD'))
+      .expect(200, function (err, res) {
+        should.not.exist(err);
+        console.log(res.body);
+        const rows = res.body;
+        rows.length.should.above(0);
+        done();
+      });
+    });
+
+    it('should get 404', function (done) {
+      mm(config, 'syncModel', 'all');
+      request(app)
+      .get('/-/allversions?date=notadsfwe')
+      .expect(400, function (err, res) {
+        should.not.exist(err);
+        res.body.reason.should.equal('[query_parse_error] Invalid value for `date`, should be `YYYY-MM-DD` format.');
+        done();
+      });
+    });
+  });
+});

test/controllers/registry/package/remove.test.js

@@ -65,6 +65,32 @@ describe('test/controllers/registry/package/remove.test.js', function () {
     });
   });
 
+  it('should not remove nfs', function (done) {
+    let called = false;
+    mm(config, 'unpublishRemoveTarball', false);
+    mm(nfs, 'remove', function* () {
+      called = true;
+    });
+
+    var pkg = utils.getPackage('@cnpmtest/testmodule-remove-2', '3.0.0', utils.otherUser);
+    request(app)
+      .put('/' + pkg.name)
+      .set('authorization', utils.otherUserAuth)
+      .send(pkg)
+      .expect(201, function() {
+        request(app)
+          .del('/@cnpmtest/testmodule-remove-2/-rev/1')
+          .set('authorization', utils.adminAuth)
+          .expect(200, function (err) {
+            called.should.equal(false);
+            should.not.exist(err);
+            request(app)
+              .get('/@cnpmtest/testmodule-remove-2')
+              .expect(404, done);
+          });
+      });
+  });
+
   describe('mock error', function () {
     beforeEach(function (done) {
       var pkg = utils.getPackage('@cnpmtest/testmodule-remove-mock-1', '2.0.0', utils.admin);

test/controllers/registry/package/remove_version.test.js

@@ -7,6 +7,7 @@ var app = require('../../../../servers/registry');
 var utils = require('../../../utils');
 var packageService = require('../../../../services/package');
 var nfs = require('../../../../common/nfs');
+var config = require('../../../../config');
 
 describe('test/controllers/registry/package/remove_version.test.js', function () {
   afterEach(mm.restore);
@@ -78,6 +79,32 @@ describe('test/controllers/registry/package/remove_version.test.js', function ()
     .expect(200, done);
   });
 
+  it('should not remove nfs', function (done) {
+    let called = false;
+    mm(config, 'unpublishRemoveTarball', false);
+    mm(nfs, 'remove', function* () {
+      called = true;
+    });
+
+    var pkg = utils.getPackage('@cnpmtest/testmodule-remove_version-2', '3.0.0', utils.otherUser);
+    request(app)
+      .put('/' + pkg.name)
+      .set('authorization', utils.otherUserAuth)
+      .send(pkg)
+      .expect(201, function() {
+        request(app)
+          .del('/@cnpmtest/testmodule-remove_version-2/download/@cnpmtest/testmodule-remove_version-2-3.0.0.tgz/-rev/1')
+          .set('authorization', utils.adminAuth)
+          .expect(200, function (err) {
+            called.should.equal(false);
+            should.not.exist(err);
+            request(app)
+              .get('/@cnpmtest/testmodule-remove-2')
+              .expect(404, done);
+          });
+      });
+  });
+
   describe('mock error', function () {
     before(function (done) {
       var pkg = utils.getPackage('@cnpmtest/testmodule-remove_version-1', '0.0.2', utils.otherUser);

test/controllers/registry/package/save.test.js

@@ -6,6 +6,7 @@ var request = require('supertest');
 var pedding = require('pedding');
 var mm = require('mm');
 var packageService = require('../../../../services/package');
+var tokenService = require('../../../../services/token');
 var app = require('../../../../servers/registry');
 var config = require('../../../../config');
 var utils = require('../../../utils');
@@ -172,6 +173,20 @@ describe('test/controllers/registry/package/save.test.js', function () {
       .expect(400, done);
     });
 
+    it('should publish use token', function* () {
+      var token = yield tokenService.createToken(utils.admin);
+
+      var pkg = utils.getPackageWithToken('testmodule-new-3', '0.0.1', utils.admin);
+
+      yield request(app)
+        .put('/' + pkg.name)
+        .set('authorization', 'Bearer ' + token.token)
+        .send(pkg)
+        .expect(201);
+
+      yield tokenService.deleteToken(utils.admin, token.token);
+    });
+
     it('should 400 when dist-tags missing', function (done) {
       var pkg = utils.getPackage('testmodule-new-1', '0.0.1', utils.admin);
       delete pkg['dist-tags'];

test/controllers/registry/package/show.test.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var assert = require('assert');
 var should = require('should');
 var request = require('supertest');
 var mm = require('mm');
@@ -184,6 +185,20 @@ describe('test/controllers/registry/package/show.test.js', function () {
     .expect(404, done);
   });
 
+  it('should config.formatCustomOnePackageVersion work', async () => {
+    mm(config, 'formatCustomOnePackageVersion', (ctx, packageVersion) => {
+      console.log('%s %s, query: %j', ctx.method, ctx.url, ctx.query);
+      packageVersion.description = '';
+      packageVersion.readme = '';
+      return packageVersion;
+    });
+    const res = await request(app)
+      .get('/@cnpmtest/testmodule-show/0.0.1?b=123123');
+    assert(res.status === 200);
+    assert(res.body.description === '');
+    assert(res.body.readme === '');
+  });
+
   describe('show sync package', function () {
     before(function (done) {
       utils.sync('baidu', done);

test/controllers/registry/package/update.test.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var assert = require('assert');
 var should = require('should');
 var request = require('supertest');
 var mm = require('mm');
@@ -119,6 +120,13 @@ describe('test/controllers/registry/package/update.test.js', function () {
     });
 
     it('should add again new maintainers', function (done) {
+      done = pedding(done, 2);
+      mm(config, 'globalHook', function* (envelope) {
+        assert(envelope.name === '@cnpmtest/testmodule-update-1');
+        assert(envelope.type === 'package');
+        assert(envelope.event === 'package:owner');
+        done();
+      });
       request(app)
       .put('/@cnpmtest/testmodule-update-1/-rev/1')
       .send({
@@ -171,6 +179,14 @@ describe('test/controllers/registry/package/update.test.js', function () {
     });
 
     it('should rm maintainers', function (done) {
+      done = pedding(done, 2);
+      mm(config, 'globalHook', function* (envelope) {
+        assert(envelope.name === '@cnpmtest/testmodule-update-1');
+        assert(envelope.type === 'package');
+        assert(envelope.event === 'package:owner-rm');
+        done();
+      });
+
       request(app)
       .put('/@cnpmtest/testmodule-update-1/-rev/1')
       .send({

test/controllers/registry/token/create.test.js

@@ -0,0 +1,79 @@
+'use strict';
+
+var should = require('should');
+var request = require('supertest');
+var app = require('../../../../servers/registry');
+var tokenService = require('../../../../services/token');
+var TestUtil = require('../../../utils');
+
+describe('test/controllers/registry/token/create.test.js', function () {
+  describe('POST /-/npm/v1/tokens', function () {
+    var token;
+
+    beforeEach(function* () {
+      token = yield tokenService.createToken(TestUtil.admin);
+    });
+
+    afterEach(function* () {
+      yield tokenService.deleteToken(TestUtil.admin, token.token);
+    });
+
+    it('should work', function (done) {
+      request(app)
+        .post('/-/npm/v1/tokens')
+        .set('authorization', 'Bearer ' + token.token)
+        .send({
+          password: TestUtil.admin,
+          readonly: true,
+          cidr_whitelist: [ '127.0.0.1' ],
+        })
+        .expect(201, function (err, res) {
+          should.not.exist(err);
+          res.body.should.have.keys('token', 'key', 'cidr_whitelist', 'readonly', 'created', 'updated');
+          res.body.readonly.should.equal(true);
+          res.body.cidr_whitelist.should.deepEqual([ '127.0.0.1' ]);
+          done();
+        });
+    });
+
+    describe('password is wrong', function () {
+      it('should 401', function (done) {
+        request(app)
+          .post('/-/npm/v1/tokens')
+          .set('authorization', 'Bearer ' + token.token)
+          .send({
+            password: 'wrong password',
+            readonly: true,
+            cidr_whitelist: [ '127.0.0.1' ],
+          })
+          .expect(401, done);
+      });
+    });
+
+    describe('client error', function () {
+      it('should check readonly', function (done) {
+        request(app)
+          .post('/-/npm/v1/tokens')
+          .set('authorization', 'Bearer ' + token.token)
+          .send({
+            password: TestUtil.admin,
+            readonly: 'true',
+            cidr_whitelist: [ '127.0.0.1' ],
+          })
+          .expect(400, done);
+      });
+
+      it('should check cird', function (done) {
+        request(app)
+          .post('/-/npm/v1/tokens')
+          .set('authorization', 'Bearer ' + token.token)
+          .send({
+            password: TestUtil.admin,
+            readonly: true,
+            cidr_whitelist: [ 'xxx.0.0.1' ],
+          })
+          .expect(400, done);
+      });
+    });
+  });
+});

test/controllers/registry/token/del.test.js

@@ -0,0 +1,24 @@
+'use strict';
+
+var should = require('should');
+var app = require('../../../../servers/registry');
+var request = require('supertest');
+var tokenService = require('../../../../services/token');
+var TestUtil = require('../../../utils');
+
+describe('test/controllers/registry/token/del.test.js', function () {
+  describe('DELETE /-/npm/v1/tokens', function () {
+    var token;
+
+    beforeEach(function* () {
+      token = yield tokenService.createToken(TestUtil.admin);
+    });
+
+    it('should work', function (done) {
+      request(app)
+        .delete(`/-/npm/v1/tokens/token/${token.token}`)
+        .set('authorization', 'Bearer ' + token.token)
+        .expect(204, done);
+    });
+  });
+});

test/controllers/registry/token/list.test.js

@@ -0,0 +1,62 @@
+'use strict';
+
+var should = require('should');
+var app = require('../../../../servers/registry');
+var request = require('supertest');
+var tokenService = require('../../../../services/token');
+var TestUtil = require('../../../utils');
+
+describe('test/controllers/registry/token/list.test.js', function () {
+  describe('GET /-/npm/v1/tokens', function () {
+    var token;
+
+    beforeEach(function* () {
+      token = yield tokenService.createToken(TestUtil.admin);
+    });
+
+    afterEach(function* () {
+      yield tokenService.deleteToken(TestUtil.admin, token.token);
+    });
+
+    it('should work', function (done) {
+      request(app)
+        .get(`/-/npm/v1/tokens`)
+        .set('authorization', 'Bearer ' + token.token)
+        .expect(200, function (err, res) {
+          should.not.exist(err);
+          should.exist(res.body.objects);
+          done();
+        });
+    });
+
+    describe('client error', function () {
+      it('should check perPage is number', function (done) {
+        request(app)
+          .get(`/-/npm/v1/tokens?perPage=xxx`)
+          .set('authorization', 'Bearer ' + token.token)
+          .expect(400, done);
+      });
+
+      it('should check perPage in boundary', function (done) {
+        request(app)
+          .get(`/-/npm/v1/tokens?perPage=999999999`)
+          .set('authorization', 'Bearer ' + token.token)
+          .expect(400, done);
+      });
+
+      it('should check page is number', function (done) {
+        request(app)
+          .get(`/-/npm/v1/tokens?page=xxx`)
+          .set('authorization', 'Bearer ' + token.token)
+          .expect(400, done);
+      });
+
+      it('should check page gt 0', function (done) {
+        request(app)
+          .get(`/-/npm/v1/tokens?page=-4`)
+          .set('authorization', 'Bearer ' + token.token)
+          .expect(400, done);
+      });
+    });
+  });
+});

test/controllers/registry/user/add.test.js

@@ -127,7 +127,7 @@ describe('test/controllers/registry/user/add.test.js', function () {
       })
       .expect(201, function (err, res) {
         should.not.exist(err);
-        res.body.should.have.keys('ok', 'id', 'rev');
+        res.body.should.have.keys('ok', 'id', 'rev', 'token');
         res.body.id.should.equal('org.couchdb.user:cnpmjstest11111');
         res.body.rev.should.match(/\d+\-cnpmjstest11111/);
         res.body.ok.should.equal(true);

test/controllers/registry/user/ping.test.js

@@ -0,0 +1,78 @@
+'use strict';
+
+var should = require('should');
+var request = require('supertest');
+var mm = require('mm');
+var app = require('../../../../servers/registry');
+var config = require('../../../../config');
+var tokenService = require('../../../../services/token');
+var TestUtil = require('../../../utils');
+
+describe('test/controllers/registry/user/ping.test.js', function () {
+  afterEach(mm.restore);
+
+  describe('/-/ping', function () {
+    var token;
+
+    beforeEach(function* () {
+      mm(config, 'syncModel', 'all');
+      token = yield tokenService.createToken(TestUtil.admin);
+    });
+
+    afterEach(function* () {
+      yield tokenService.deleteToken(TestUtil.admin, token.token);
+    });
+
+    describe('with write', function () {
+      describe('has login', function () {
+        it('should work', function (done) {
+          request(app)
+            .get('/-/ping?write=true')
+            .set('authorization', 'Bearer ' + token.token)
+            .expect(200, function (err) {
+              should.not.exist(err);
+              done();
+            });
+        });
+      });
+
+      describe('has not login', function () {
+        it('should work', function (done) {
+          request(app)
+            .get('/-/ping?write=true')
+            .set('authorization', 'Bearer mock_token')
+            .expect(401, function (err) {
+              should.not.exist(err);
+              done();
+            });
+        });
+      });
+    });
+
+    describe('with not write', function () {
+      describe('has login', function () {
+        it('should work', function (done) {
+          request(app)
+            .get('/-/ping')
+            .set('authorization', 'Bearer ' + token.token)
+            .expect(200, function (err) {
+              should.not.exist(err);
+              done();
+            });
+        });
+      });
+
+      describe('has not login', function () {
+        it('should work', function (done) {
+          request(app)
+            .get('/-/ping')
+            .set('authorization', 'Bearer ' + token.token)
+            .expect(200, function (err) {
+              should.not.exist(err);
+              done();
+            });
+        });
+      });
+    });
+  });
+});

test/controllers/registry/user/whoami.test.js

@@ -0,0 +1,37 @@
+'use strict';
+
+var should = require('should');
+var request = require('supertest');
+var mm = require('mm');
+var app = require('../../../../servers/registry');
+var config = require('../../../../config');
+var tokenService = require('../../../../services/token');
+var TestUtil = require('../../../utils');
+
+describe('test/controllers/registry/user/whoami.test.js', function () {
+  afterEach(mm.restore);
+
+  describe('/-/whoami', function () {
+    var token;
+
+    beforeEach(function* () {
+      mm(config, 'syncModel', 'all');
+      token = yield tokenService.createToken(TestUtil.admin);
+    });
+
+    afterEach(function* () {
+      yield tokenService.deleteToken(TestUtil.admin, token.token);
+    });
+
+    it('should work', function (done) {
+      request(app)
+        .get('/-/whoami')
+        .set('authorization', 'Bearer ' + token.token)
+        .expect(200, function (err, res) {
+          should.not.exist(err);
+          res.body.username.should.eql(TestUtil.admin);
+          done();
+        });
+    });
+  });
+});

test/controllers/registry/user_package.test.js

@@ -49,8 +49,8 @@ describe('test/controllers/registry/user_package.test.js', function () {
         should.not.exist(err);
         res.body.fengmk2.should.be.an.Array();
         res.body.fengmk2.should.containEql('pedding');
-        res.body['dead-horse'].should.be.an.Array();
-        res.body['dead-horse'].should.containEql('pedding');
+        // res.body['dead-horse'].should.be.an.Array();
+        // res.body['dead-horse'].should.containEql('pedding');
         done();
       });
 
@@ -60,8 +60,8 @@ describe('test/controllers/registry/user_package.test.js', function () {
         should.not.exist(err);
         res.body.fengmk2.should.be.an.Array();
         res.body.fengmk2.should.containEql('pedding');
-        res.body['dead-horse'].should.be.an.Array();
-        res.body['dead-horse'].should.containEql('pedding');
+        // res.body['dead-horse'].should.be.an.Array();
+        // res.body['dead-horse'].should.containEql('pedding');
         done();
       });
     });

test/controllers/sync_module_worker.test.js

@@ -1,13 +1,16 @@
 'use strict';
 
 var assert = require('assert');
+var awaitEvent = require('await-event');
 var should = require('should');
 var mm = require('mm');
 var thunkify = require('thunkify-wrap');
 var request = require('supertest');
 var urllib = require('urllib');
 var urlparse = require('url').parse;
+var fs = require('mz/fs');
 var config = require('../../config');
+var common = require('../../lib/common');
 var SyncModuleWorker = require('../../controllers/sync_module_worker');
 var logService = require('../../services/module_log');
 var packageService = require('../../services/package');
@@ -307,7 +310,7 @@ describe('test/controllers/sync_module_worker.test.js', () => {
     console.log('get %d rows', rows.length);
     rows.forEach(row => {
       assert(row.package.deprecated);
-      assert(row.package._hasShrinkwrap === false);
+      // assert(row.package._hasShrinkwrap === false);
     });
 
     // mock deprecated missing
@@ -455,4 +458,353 @@ describe('test/controllers/sync_module_worker.test.js', () => {
       });
     });
   });
+
+  describe('save backup files', function () {
+    const pkgName = 'backup-test';
+
+    beforeEach(() => {
+      mm(config, 'syncBackupFiles', true);
+    });
+
+    describe('package not exists', () => {
+      const mockPackageJson = {
+        name: pkgName,
+        version: '1.0.0',
+        description: 'foo',
+      };
+
+      beforeEach(() => {
+        mm(packageService, 'listModulesByName', function* () {
+          return [
+            { name: pkgName, version: '1.0.0' },
+          ];
+        });
+        mm(packageService, 'showPackage', function* () {
+          return { package: mockPackageJson };
+        });
+      });
+
+      afterEach(function* () {
+        yield config.nfs.remove(common.getPackageFileCDNKey(pkgName, '1.0.0'));
+      });
+
+      it('should upload new file', function* () {
+        var worker = new SyncModuleWorker({
+          name: pkgName,
+          username: 'fengmk2',
+        });
+        yield worker._saveBackupFiles();
+
+        const cdnKey = common.getPackageFileCDNKey(pkgName, '1.0.0');
+        const filePath = '/tmp/tnpm-1.0.0.json';
+        yield config.nfs.download(cdnKey, filePath);
+        const fileContent = yield fs.readFile(filePath, 'utf8');
+        const packageJson = JSON.parse(fileContent);
+        assert.deepStrictEqual(packageJson, mockPackageJson);
+      });
+    });
+
+    describe('new dist tag', () => {
+      beforeEach(() => {
+        mm(packageService, 'listModulesByName', function* () {
+          return [];
+        });
+        mm(packageService, 'listModuleTags', function* () {
+          return [
+            { tag: 'latest', version: '1.0.0' },
+          ];
+        });
+      });
+
+      afterEach(function* () {
+        yield config.nfs.remove(common.getDistTagCDNKey(pkgName, 'latest'));
+      });
+
+      it('should create dist-tag file', function* () {
+        var worker = new SyncModuleWorker({
+          name: pkgName,
+          username: 'fengmk2',
+        });
+        yield worker._saveBackupFiles();
+
+        const cdnKey = common.getDistTagCDNKey(pkgName, 'latest');
+        const filePath = '/tmp/tnpm-dist-tag.json';
+        yield config.nfs.download(cdnKey, filePath);
+        const fileContent = yield fs.readFile(filePath, 'utf8');
+        assert(fileContent === '1.0.0');
+      });
+    });
+
+    describe('remove dist tag', () => {
+      beforeEach(function* () {
+        mm(packageService, 'listModulesByName', function* () {
+          return [];
+        });
+        mm(packageService, 'listModuleTags', function* () {
+          return [];
+        });
+        const cdnKey = common.getDistTagCDNKey(pkgName, 'latest');
+        const filePath = '/tmp/tnpm-dist-tag.json';
+        yield fs.writeFile(filePath, '1.0.0');
+        yield config.nfs.upload(filePath, {
+          key: cdnKey,
+        });
+      });
+
+      it('should delete', function* () {
+        var worker = new SyncModuleWorker({
+          name: pkgName,
+          username: 'fengmk2',
+        });
+        yield worker._saveBackupFiles();
+
+        const cdnKey = common.getDistTagCDNKey(pkgName, 'latest');
+        let err;
+        try {
+          const filePath = '/tmp/tnpm-dist-tag.json';
+          yield config.nfs.download(cdnKey, filePath);
+        } catch (e) {
+          err = e;
+        }
+        assert(/ENOENT/.test(err));
+      });
+    });
+
+    describe('update dist tag', () => {
+      beforeEach(function* () {
+        mm(packageService, 'listModulesByName', function* () {
+          return [];
+        });
+        mm(packageService, 'listModuleTags', function* () {
+          return [
+            { tag: 'latest', version: '1.0.1' },
+          ];
+        });
+        const cdnKey = common.getDistTagCDNKey(pkgName, 'latest');
+        const filePath = '/tmp/tnpm-dist-tag.json';
+        yield fs.writeFile(filePath, '1.0.0');
+        yield config.nfs.upload(filePath, {
+          key: cdnKey,
+        });
+      });
+
+      afterEach(function* () {
+        yield config.nfs.remove(common.getDistTagCDNKey(pkgName, 'latest'));
+      });
+
+      it('should update dist-tag file', function* () {
+        var worker = new SyncModuleWorker({
+          name: pkgName,
+          username: 'fengmk2',
+        });
+        yield worker._saveBackupFiles();
+
+        const cdnKey = common.getDistTagCDNKey(pkgName, 'latest');
+        const filePath = '/tmp/tnpm-dist-tag.json';
+        yield config.nfs.download(cdnKey, filePath);
+        const fileContent = yield fs.readFile(filePath, 'utf8');
+        assert(fileContent === '1.0.1');
+      });
+    });
+
+    describe('package unpublished', () => {
+      it('should sync unpublished info', function* () {
+        var worker = new SyncModuleWorker({
+          name: ['afp'],
+          username: 'fengmk2'
+        });
+
+        worker.start();
+        yield awaitEvent(worker, 'end');
+
+        const cdnKey = common.getUnpublishFileKey('afp');
+        const filePath = '/tmp/unpublish-package.json';
+        yield config.nfs.download(cdnKey, filePath);
+        const fileContent = yield fs.readFile(filePath, 'utf8');
+        assert(fileContent);
+      });
+    });
+  });
+
+  describe('sync from backup files', function () {
+    const pkgName = 'sync-from-backup-files';
+    const publishTime100 = Date.now() - 1000 * 60;
+    const publishTime101 = Date.now();
+
+    afterEach(function* () {
+      try {
+        yield config.nfs.remove(common.getDistTagCDNKey(pkgName, 'latest'));
+        yield config.nfs.remove(common.getDistTagCDNKey(pkgName, 'beta'));
+        yield config.nfs.remove(common.getPackageFileCDNKey(pkgName, '1.0.1'));
+        yield config.nfs.remove(common.getPackageFileCDNKey(pkgName, '1.0.0'));
+      } catch (_) {
+        // ...
+      }
+    });
+
+    beforeEach(function* () {
+      mm(config, 'syncBackupFiles', true);
+
+      const packageFileCDNKey100 = common.getPackageFileCDNKey(pkgName, '1.0.0');
+      const packageFilePath = '/tmp/tnpm-package.json';
+      yield fs.writeFile(packageFilePath, JSON.stringify({
+        name: pkgName,
+        version: '1.0.0',
+        publish_time: publishTime100,
+        description: 'mock desc',
+        maintainers: [],
+        author: {},
+        repository: {},
+        readme: 'mock readme',
+        readmeFilename: 'README.md',
+        homepage: 'mock home page',
+        bugs: {},
+        license: 'MIT',
+      }));
+      yield config.nfs.upload(packageFilePath, {
+        key: packageFileCDNKey100,
+      });
+
+      const packageFileCDNKey101 = common.getPackageFileCDNKey(pkgName, '1.0.1');
+      yield fs.writeFile(packageFilePath, JSON.stringify({
+        name: pkgName,
+        version: '1.0.1',
+        publish_time: publishTime101,
+        description: 'mock desc 101',
+        maintainers: [],
+        author: {},
+        repository: {},
+        readme: 'mock readme 101',
+        readmeFilename: 'README.md',
+        homepage: 'mock home page 101',
+        bugs: {},
+        license: 'MIT',
+      }));
+      yield config.nfs.upload(packageFilePath, {
+        key: packageFileCDNKey101,
+      });
+
+      const distTagCDNKey = common.getDistTagCDNKey(pkgName, 'latest');
+      const distTagFilePath = '/tmp/tnpm-dist-tag.json';
+      yield fs.writeFile(distTagFilePath, '1.0.0');
+      yield config.nfs.upload(distTagFilePath, {
+        key: distTagCDNKey,
+      });
+
+      const distTagCDNKeyBeta = common.getDistTagCDNKey(pkgName, 'beta');
+      yield fs.writeFile(distTagFilePath, '1.0.1');
+      yield config.nfs.upload(distTagFilePath, {
+        key: distTagCDNKeyBeta,
+      });
+    });
+
+    it('should create pkg', function (done) {
+      var worker = new SyncModuleWorker({
+        name: pkgName,
+        username: 'fengmk2',
+        syncFromBackupFile: true,
+      });
+      var syncPkg;
+      mm(worker, '_sync', function* (name, pkg) {
+        syncPkg = pkg;
+        return [ '1.0.0' ];
+      })
+      worker.start();
+      worker.on('end', function () {
+        assert.deepStrictEqual(worker.successes, [
+          pkgName,
+        ]);
+
+        assert.deepStrictEqual(syncPkg, {
+          name: pkgName,
+          'dist-tags': { beta: '1.0.1', latest: '1.0.0' },
+          versions: {
+            '1.0.0': {
+              name: pkgName,
+              version: '1.0.0',
+              publish_time: publishTime100,
+              description: 'mock desc',
+              maintainers: [],
+              author: {},
+              repository: {},
+              readme: 'mock readme',
+              readmeFilename: 'README.md',
+              homepage: 'mock home page',
+              bugs: {},
+              license: 'MIT'
+            },
+            '1.0.1': {
+              name: pkgName,
+              version: '1.0.1',
+              publish_time: publishTime101,
+              description: 'mock desc 101',
+              maintainers: [],
+              author: {},
+              repository: {},
+              readme: 'mock readme 101',
+              readmeFilename: 'README.md',
+              homepage: 'mock home page 101',
+              bugs: {},
+              license: 'MIT'
+            }
+          },
+          time: {
+            modified: new Date(publishTime101),
+            created: new Date(publishTime100),
+            '1.0.0': new Date(publishTime100),
+            '1.0.1': new Date(publishTime101),
+          },
+          description: 'mock desc 101',
+          maintainers: [],
+          author: {},
+          repository: {},
+          readme: 'mock readme 101',
+          readmeFilename: 'README.md',
+          homepage: 'mock home page 101',
+          bugs: {},
+          license: 'MIT'
+        });
+        done();
+      });
+    });
+
+    describe('unpublish', () => {
+      before(function* () {
+        const filePath = '/tmp/unpublish-package.json';
+        const cdnKey = common.getUnpublishFileKey('afp');
+        yield fs.writeFile(filePath, JSON.stringify({
+          name: 'xinglie',
+          time: '2017-02-21T13:10:22.892Z',
+          tags: { latest: '0.0.1' },
+          maintainers:[{
+            name: 'xinglie',
+            email: 'kooboy_li@163.com'
+          }],
+          versions:["0.0.1"]
+        }));
+        yield config.nfs.upload(filePath, {
+          key: cdnKey,
+        });
+      });
+
+      it('should unpublished pkg', function* () {
+        const worker = new SyncModuleWorker({
+          name: ['afp'],
+          username: 'fengmk2',
+          syncFromBackupFile: true,
+        });
+        let unpublishPkg;
+        mm(worker, '_unpublished', function(pkg) {
+          unpublishPkg = pkg;
+          return Promise.resolve();
+        });
+
+        worker.start();
+        yield awaitEvent(worker, 'end');
+
+        assert(unpublishPkg === 'afp');
+      });
+    });
+
+  });
 });

test/controllers/web/package/search.test.js

@@ -41,8 +41,8 @@ describe('test/controllers/web/package/search.test.js', function () {
       .expect(200)
       .expect({
         keyword: '@cnpmtest/testmodule-web-search',
-        match: { name: '@cnpmtest/testmodule-web-search', description: '' },
-        packages: [ { name: '@cnpmtest/testmodule-web-search', description: '' } ],
+        match: { name: '@cnpmtest/testmodule-web-search', description: 'mk2testmodule version description here' },
+        packages: [ { name: '@cnpmtest/testmodule-web-search', description: 'mk2testmodule version description here' } ],
         keywords: []
       })
       .expect('content-type', 'application/json; charset=utf-8', done);
@@ -52,7 +52,7 @@ describe('test/controllers/web/package/search.test.js', function () {
       request(app)
       .get('/browse/keyword/@cnpmtest/testmodule-web-search?type=json&callback=foo')
       .expect(200)
-      .expect('/**/ typeof foo === \'function\' && foo({"keyword":"@cnpmtest/testmodule-web-search","match":{"name":"@cnpmtest/testmodule-web-search","description":""},"packages":[{"name":"@cnpmtest/testmodule-web-search","description":""}],"keywords":[]});')
+      .expect('/**/ typeof foo === \'function\' && foo({"keyword":"@cnpmtest/testmodule-web-search","match":{"name":"@cnpmtest/testmodule-web-search","description":"mk2testmodule version description here"},"packages":[{"name":"@cnpmtest/testmodule-web-search","description":"mk2testmodule version description here"}],"keywords":[]});')
       .expect('content-type', 'application/javascript; charset=utf-8', done);
     });
 
@@ -87,8 +87,8 @@ describe('test/controllers/web/package/search.test.js', function () {
           .expect({
             keyword: '@cnpmtest/testmodule-web-searc',
             match: null,
-            packages: [ { name: '@cnpmtest/testmodule-web-search', description: '' },
-            { name: '@cnpmtest/testmodule-web-search_a', description: '' }],
+            packages: [ { name: '@cnpmtest/testmodule-web-search', description: 'mk2testmodule version description here' },
+            { name: '@cnpmtest/testmodule-web-search_a', description: 'mk2testmodule version description here' }],
             keywords: []
           })
           .expect('content-type', 'application/json; charset=utf-8', done);
@@ -101,7 +101,7 @@ describe('test/controllers/web/package/search.test.js', function () {
           .expect({
             keyword: '@cnpmtest/testmodule-web-searc',
             match: null,
-            packages: [ { name: '@cnpmtest/testmodule-web-search', description: '' }],
+            packages: [ { name: '@cnpmtest/testmodule-web-search', description: 'mk2testmodule version description here' }],
             keywords: []
           })
           .expect('content-type', 'application/json; charset=utf-8', done);

test/controllers/web/user/show.test.js

@@ -81,6 +81,8 @@ describe('controllers/web/user/show.test.js', function () {
 
           // he.enclde('fengmk2@gmail.com') ↓
           assert(res.text.includes('fengmk2@gmail.com'));
+          assert(res.headers['x-custom-web-middleware'] === 'true');
+          assert(res.headers['x-custom-web-app-models'] === 'true');
           done()
         });
     });

test/fixtures/package_and_tgz.json

@@ -1 +1,53 @@
-{"_id":"mk2testmodule","name":"mk2testmodule","description":"","dist-tags":{"latest":"0.0.1"},"versions":{"0.0.1":{"name":"mk2testmodule","version":"0.0.1","description":"","main":"index.js","scripts":{"test":"echo \"Error: no test specified\" && exit 1"},"author":"","license":"ISC","readme":"ERROR: No README data found!","_id":"mk2testmodule@0.0.1","dist":{"shasum":"fa475605f88bab9b1127833633ca3ae0a477224c","tarball":"http://127.0.0.1:7001/mk2testmodule/-/mk2testmodule-0.0.1.tgz"},"_from":".","_npmVersion":"1.4.3","_npmUser":{"name":"fengmk2","email":"fengmk2@gmail.com"},"maintainers":[{"name":"fengmk2","email":"fengmk2@gmail.com"}]}},"readme":"ERROR: No README data found!","maintainers":[{"name":"fengmk2","email":"fengmk2@gmail.com"}],"_attachments":{"mk2testmodule-0.0.1.tgz":{"content_type":"application/octet-stream","data":"H4sIAAAAAAAAA+2SsWrDMBCGPfspDg2ZinOyEgeylg6Zu2YR8rVRHEtGkkOg5N0jWaFdujVQAv6W4/7/dHcSGqTq5Ccthxyro7emeDCI2KxWkOKmaaaIdc4TouZQ8FqgwI3AdVMgF8ijho9e5DdGH6SLq/y1T74LfMcn4asEYEb2xLbA+q4O5ENv2/FE7CVZZ3JeW5NcrLDiWW3JK6eHcHey2Es9Zdq0dIkfKau50EcjjYpCmpDKSB0s7Nmbc9ZtwVhIBviBlP7Q1O4ZLBZAFx2As3jyOnWTYzhY9zPzpBUZPy2/e39l5bX87wedmZmZeRJuheTX2wAIAAA=","length":251}}}
+{
+  "_id": "mk2testmodule",
+  "name": "mk2testmodule",
+  "description": "mk2testmodule description here",
+  "dist-tags": {
+    "latest": "0.0.1"
+  },
+  "versions": {
+    "0.0.1": {
+      "name": "mk2testmodule",
+      "version": "0.0.1",
+      "description": "mk2testmodule version description here",
+      "main": "index.js",
+      "scripts": {
+        "test": "echo \"Error: no test specified\" && exit 1"
+      },
+      "author": "",
+      "license": "ISC",
+      "readme": "ERROR: No README data found!",
+      "_id": "mk2testmodule@0.0.1",
+      "dist": {
+        "shasum": "fa475605f88bab9b1127833633ca3ae0a477224c",
+        "tarball": "http://127.0.0.1:7001/mk2testmodule/-/mk2testmodule-0.0.1.tgz"
+      },
+      "_from": ".",
+      "_npmVersion": "1.4.3",
+      "_npmUser": {
+        "name": "fengmk2",
+        "email": "fengmk2@gmail.com"
+      },
+      "maintainers": [
+        {
+          "name": "fengmk2",
+          "email": "fengmk2@gmail.com"
+        }
+      ]
+    }
+  },
+  "readme": "ERROR: No README data found!",
+  "maintainers": [
+    {
+      "name": "fengmk2",
+      "email": "fengmk2@gmail.com"
+    }
+  ],
+  "_attachments": {
+    "mk2testmodule-0.0.1.tgz": {
+      "content_type": "application/octet-stream",
+      "data": "H4sIAAAAAAAAA+2SsWrDMBCGPfspDg2ZinOyEgeylg6Zu2YR8rVRHEtGkkOg5N0jWaFdujVQAv6W4/7/dHcSGqTq5Ccthxyro7emeDCI2KxWkOKmaaaIdc4TouZQ8FqgwI3AdVMgF8ijho9e5DdGH6SLq/y1T74LfMcn4asEYEb2xLbA+q4O5ENv2/FE7CVZZ3JeW5NcrLDiWW3JK6eHcHey2Es9Zdq0dIkfKau50EcjjYpCmpDKSB0s7Nmbc9ZtwVhIBviBlP7Q1O4ZLBZAFx2As3jyOnWTYzhY9zPzpBUZPy2/e39l5bX87wedmZmZeRJuheTX2wAIAAA=",
+      "length": 251
+    }
+  }
+}

test/fixtures/package_and_tgz_by_token.json

@@ -0,0 +1 @@
+{"_id":"mk2testmodule","name":"mk2testmodule","description":"","dist-tags":{"latest":"0.0.1"},"versions":{"0.0.1":{"name":"mk2testmodule","version":"0.0.1","description":"","main":"index.js","scripts":{"test":"echo \"Error: no test specified\" && exit 1"},"author":"","license":"ISC","readme":"ERROR: No README data found!","_id":"mk2testmodule@0.0.1","dist":{"shasum":"fa475605f88bab9b1127833633ca3ae0a477224c","tarball":"http://127.0.0.1:7001/mk2testmodule/-/mk2testmodule-0.0.1.tgz"},"_from":".","_npmVersion":"1.4.3","_npmUser":{"name":"fengmk2","email":"fengmk2@gmail.com"}}},"readme":"ERROR: No README data found!","_attachments":{"mk2testmodule-0.0.1.tgz":{"content_type":"application/octet-stream","data":"H4sIAAAAAAAAA+2SsWrDMBCGPfspDg2ZinOyEgeylg6Zu2YR8rVRHEtGkkOg5N0jWaFdujVQAv6W4/7/dHcSGqTq5Ccthxyro7emeDCI2KxWkOKmaaaIdc4TouZQ8FqgwI3AdVMgF8ijho9e5DdGH6SLq/y1T74LfMcn4asEYEb2xLbA+q4O5ENv2/FE7CVZZ3JeW5NcrLDiWW3JK6eHcHey2Es9Zdq0dIkfKau50EcjjYpCmpDKSB0s7Nmbc9ZtwVhIBviBlP7Q1O4ZLBZAFx2As3jyOnWTYzhY9zPzpBUZPy2/e39l5bX87wedmZmZeRJuheTX2wAIAAA=","length":251}}}

test/middleware/auth.test.js

@@ -5,11 +5,12 @@ var app = require('../../servers/registry');
 var mm = require('mm');
 var config = require('../../config');
 var userService = require('../../services/user');
+var tokenService = require('../../services/token');
 
 describe('test/middleware/auth.test.js', function () {
   afterEach(mm.restore);
 
-  describe('auth()', function () {
+  describe('basic auth', function () {
     it('should pass if no authorization', function (done) {
       request(app)
       .get('/-/user/org.couchdb.user:cnpmjstest10')
@@ -63,6 +64,25 @@ describe('test/middleware/auth.test.js', function () {
     });
   });
 
+  describe('bearer auth', function () {
+    var token;
+
+    beforeEach(function* () {
+      token = yield tokenService.createToken('cnpmjstest10');
+    });
+
+    afterEach(function* () {
+      yield tokenService.deleteToken('cnpmjstest10', token.token);
+    });
+
+    it('should ok', function (done) {
+      request(app)
+        .get('/-/user/org.couchdb.user:cnpmjstest10')
+        .set('authorization', 'Bearer ' + token.token)
+        .expect(200, done);
+    });
+  });
+
   describe('config.alwaysAuth = true', function () {
     beforeEach(function () {
       mm(config, 'alwaysAuth', true);

test/models/token.test.js

@@ -0,0 +1,65 @@
+'use strict';
+
+var mm = require('mm');
+var should = require('should');
+var uuid = require('uuid');
+var sequelize = require('../../models').sequelize;
+var Token = require('../../models').Token;
+var TestUtil = require('../utils');
+
+describe('models/token.test.js', function () {
+  afterEach(mm.restore);
+
+  describe('deleteByKeyOrToken', function () {
+    var token1;
+    var token2;
+
+    beforeEach(function *() {
+      var token1Str = 'mock_token1_' + uuid.v4();
+      var token2Str= 'mock_token2_' + uuid.v4();
+
+      token1 = yield Token.add({
+        token: token1Str,
+        userId: TestUtil.admin,
+        readonly: false,
+        key: '1_token_1' + token1Str,
+        cidrWhitelist: [],
+      });
+
+      token2 = yield Token.add({
+        token: token2Str,
+        userId: TestUtil.admin,
+        readonly: false,
+        key: '1_token_2' + token2Str,
+        cidrWhitelist: [],
+      });
+    });
+
+    describe('delete by key', function () {
+      it('should work', function* () {
+        yield Token.deleteByKeyOrToken(TestUtil.admin, '1_token_1');
+        var tokenRow = yield Token.findByToken(token1.token);
+        should.not.exist(tokenRow);
+      });
+
+      describe('key is ambiguous', function () {
+        it('should not delete token', function* () {
+          var error;
+          try {
+            yield Token.deleteByKeyOrToken(TestUtil.admin, '1_token_');
+          } catch (e) {
+            error = e;
+          }
+          should.exist(error);
+          error.message.should.match(/Token ID ".+" was ambiguous/);
+
+          var token1Row = yield Token.findByToken(token1.token);
+          should.exist(token1Row);
+
+          var token2Row = yield Token.findByToken(token2.token);
+          should.exist(token2Row);
+        });
+      });
+    });
+  });
+});

test/services/package.test.js

@@ -1,59 +1,20 @@
-/**!
- * cnpmjs.org - test/services/package.test.js
- *
- * Copyright(c) fengmk2 and other contributors.
- * MIT Licensed
- *
- * Authors:
- *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.com)
- */
-
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var should = require('should');
 var sleep = require('co-sleep');
 var Package = require('../../services/package');
 var utils = require('../utils');
+var common = require('../../services/common');
 
 describe('test/services/package.test.js', function () {
-  function* createModule(name, version, user, tag) {
-    var sourcePackage = {
-      version: version,
-      name: name,
-      publish_time: Date.now(),
-    };
-    var mod = {
-      version: sourcePackage.version,
-      name: sourcePackage.name,
-      package: sourcePackage,
-      author: user || 'unittest',
-      publish_time: sourcePackage.publish_time,
-    };
-    var dist = {
-      tarball: 'http://registry.npmjs.org/' + name + '/-/' + name + '-' + version + '.tgz',
-      shasum: '9d7bc446e77963933301dd602d5731cb861135e0',
-      size: 100,
-    };
-    mod.package.dist = dist;
-    yield Package.saveModule(mod);
-    yield Package.saveModuleAbbreviated(mod);
-    // add tag
-    yield Package.addModuleTag(name, tag || 'latest', version);
-    return yield Package.getModule(mod.name, mod.version);
-  }
-
   describe('addModuleTag()', function () {
     it('should add latest tag to 1.0.0', function* () {
-      var r = yield createModule('test-addModuleTag-module-name', '1.0.0');
+      var r = yield utils.createModule('test-addModuleTag-module-name', '1.0.0');
       var tag = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag);
       tag.id.should.above(0);
 
-      r = yield createModule('test-addModuleTag-module-name', '1.1.0');
+      r = yield utils.createModule('test-addModuleTag-module-name', '1.1.0');
       var tag2 = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag2);
       tag.id.should.equal(tag2.id);
@@ -70,7 +31,7 @@ describe('test/services/package.test.js', function () {
 
   describe('getModuleByTag()', function () {
     it('should get latest module', function* () {
-      var r = yield createModule('test-getModuleByTag-module-name', '1.0.0');
+      var r = yield utils.createModule('test-getModuleByTag-module-name', '1.0.0');
       var tag = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag);
 
@@ -106,9 +67,9 @@ describe('test/services/package.test.js', function () {
 
   describe('listPublicModuleNamesByUser(), listPublicModulesByUser()', function () {
     before(function* () {
-      yield createModule('listPublicModuleNamesByUser-module0', '1.0.0', 'listPublicModuleNamesByUser-user');
-      yield createModule('listPublicModuleNamesByUser-module1', '1.0.0', 'listPublicModuleNamesByUser-user');
-      yield createModule('listPublicModuleNamesByUser-module2', '1.0.0', 'listPublicModuleNamesByUser-user');
+      yield utils.createModule('listPublicModuleNamesByUser-module0', '1.0.0', 'listPublicModuleNamesByUser-user');
+      yield utils.createModule('listPublicModuleNamesByUser-module1', '1.0.0', 'listPublicModuleNamesByUser-user');
+      yield utils.createModule('listPublicModuleNamesByUser-module2', '1.0.0', 'listPublicModuleNamesByUser-user');
     });
 
     it('should got all public module names', function* () {
@@ -143,8 +104,8 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should return all version modules', function* () {
-      yield createModule('test-listModulesByName-module-1', '1.0.0');
-      yield createModule('test-listModulesByName-module-1', '2.0.0');
+      yield utils.createModule('test-listModulesByName-module-1', '1.0.0');
+      yield utils.createModule('test-listModulesByName-module-1', '2.0.0');
       var modules = yield Package.listModulesByName('test-listModulesByName-module-1');
       modules.should.length(2);
       modules.forEach(function (mod) {
@@ -161,8 +122,8 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should work', function* () {
-      yield createModule('@cnpm-test/test-listPrivateModules-module-1', '1.0.0');
-      yield createModule('@cnpm-test/test-listPrivateModules-module-2', '1.0.0');
+      yield utils.createModule('@cnpm-test/test-listPrivateModules-module-1', '1.0.0');
+      yield utils.createModule('@cnpm-test/test-listPrivateModules-module-2', '1.0.0');
       var modules = yield Package.listPrivateModulesByScope('@cnpm-test');
       modules.should.length(2);
       modules[0].name.should.containEql('@cnpm-test/test-listPrivateModules-module-');
@@ -171,12 +132,12 @@ describe('test/services/package.test.js', function () {
 
   describe('listPublicModuleNamesSince(), listAllPublicModuleNames()', function () {
     it('should got those module names', function* () {
-      yield createModule('test-listPublicModuleNamesSince-module-0', '1.0.0');
+      yield utils.createModule('test-listPublicModuleNamesSince-module-0', '1.0.0');
       yield sleep(1100);
       var start = Date.now() - 1000;
-      yield createModule('test-listPublicModuleNamesSince-module-1', '1.0.0');
-      yield createModule('test-listPublicModuleNamesSince-module-1', '1.0.1', null, 'beta');
-      yield createModule('test-listPublicModuleNamesSince-module-2', '1.0.0');
+      yield utils.createModule('test-listPublicModuleNamesSince-module-1', '1.0.0');
+      yield utils.createModule('test-listPublicModuleNamesSince-module-1', '1.0.1', null, 'beta');
+      yield utils.createModule('test-listPublicModuleNamesSince-module-2', '1.0.0');
       var names = yield Package.listPublicModuleNamesSince(start);
       names.should.length(2);
       names.should.eql(['test-listPublicModuleNamesSince-module-1', 'test-listPublicModuleNamesSince-module-2']);
@@ -184,14 +145,14 @@ describe('test/services/package.test.js', function () {
       var alls = yield Package.listAllPublicModuleNames();
       alls.length.should.above(0);
       alls.forEach(function (name) {
-        name.should.not.containEql('@');
+        common.isPrivatePackage(name).should.equal(false);
       });
     });
   });
 
   describe('getModuleLastModified()', function () {
     it('should get a datetime', function* () {
-      yield createModule('test-getModuleLastModified-module-0', '1.0.0');
+      yield utils.createModule('test-getModuleLastModified-module-0', '1.0.0');
       var t = yield Package.getModuleLastModified('test-getModuleLastModified-module-0');
       t.should.be.a.Date();
     });
@@ -204,9 +165,9 @@ describe('test/services/package.test.js', function () {
 
   describe('removeModulesByName()', function () {
     it('should remove all', function* () {
-      yield createModule('test-removeModulesByName-module-1', '1.0.0');
-      yield createModule('test-removeModulesByName-module-1', '1.0.1', null, 'beta');
-      yield createModule('test-removeModulesByName-module-1', '2.0.0');
+      yield utils.createModule('test-removeModulesByName-module-1', '1.0.0');
+      yield utils.createModule('test-removeModulesByName-module-1', '1.0.1', null, 'beta');
+      yield utils.createModule('test-removeModulesByName-module-1', '2.0.0');
 
       var mods = yield Package.listModulesByName('test-removeModulesByName-module-1');
       mods.should.length(3);
@@ -218,10 +179,10 @@ describe('test/services/package.test.js', function () {
 
   describe('removeModulesByNameAndVersions()', function () {
     it('should remove some versions', function* () {
-      yield createModule('test-removeModulesByNameAndVersions-module-1', '0.0.0');
-      yield createModule('test-removeModulesByNameAndVersions-module-1', '1.0.0');
-      yield createModule('test-removeModulesByNameAndVersions-module-1', '1.0.1', null, 'beta');
-      yield createModule('test-removeModulesByNameAndVersions-module-1', '2.0.0');
+      yield utils.createModule('test-removeModulesByNameAndVersions-module-1', '0.0.0');
+      yield utils.createModule('test-removeModulesByNameAndVersions-module-1', '1.0.0');
+      yield utils.createModule('test-removeModulesByNameAndVersions-module-1', '1.0.1', null, 'beta');
+      yield utils.createModule('test-removeModulesByNameAndVersions-module-1', '2.0.0');
 
       var mods = yield Package.listModulesByName('test-removeModulesByNameAndVersions-module-1');
       mods.should.length(4);
@@ -245,11 +206,11 @@ describe('test/services/package.test.js', function () {
 
   describe('removeModuleTags()', function () {
     it('should remove all tags by name', function* () {
-      var r2 = yield createModule('test-removeModuleTagsByName2-module-name', '1.0.0');
+      var r2 = yield utils.createModule('test-removeModuleTagsByName2-module-name', '1.0.0');
       var tag = yield Package.addModuleTag(r2.name, 'latest', r2.version);
       should.exist(tag);
 
-      var r = yield createModule('test-removeModuleTagsByName-module-name', '1.0.0');
+      var r = yield utils.createModule('test-removeModuleTagsByName-module-name', '1.0.0');
       var tag = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag);
       var tag = yield Package.addModuleTag(r.name, 'beta', r.version);
@@ -268,7 +229,7 @@ describe('test/services/package.test.js', function () {
 
   describe('removeModuleTagsByIds()', function () {
     it('should remove tags by ids', function* () {
-      var r = yield createModule('test-removeModuleTagsByIds-module-name', '1.0.0');
+      var r = yield utils.createModule('test-removeModuleTagsByIds-module-name', '1.0.0');
       var tag1 = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag1);
       var tag2 = yield Package.addModuleTag(r.name, 'beta', r.version);
@@ -291,7 +252,7 @@ describe('test/services/package.test.js', function () {
 
   describe('removeModuleTagsByNames()', function () {
     it('should remove some tags', function* () {
-      var r = yield createModule('test-removeModuleTagsByNames-module-name', '1.0.0');
+      var r = yield utils.createModule('test-removeModuleTagsByNames-module-name', '1.0.0');
       var tag1 = yield Package.addModuleTag(r.name, 'latest', r.version);
       should.exist(tag1);
       var tag2 = yield Package.addModuleTag(r.name, 'beta', r.version);
@@ -340,17 +301,17 @@ describe('test/services/package.test.js', function () {
 
   describe('getModuleByRange()', function() {
     it('should get undefined when not match semver range', function* () {
-      yield createModule('test-getModuleByRange-module-0', '1.0.0');
-      yield createModule('test-getModuleByRange-module-0', '1.1.0');
-      yield createModule('test-getModuleByRange-module-0', '2.0.0');
+      yield utils.createModule('test-getModuleByRange-module-0', '1.0.0');
+      yield utils.createModule('test-getModuleByRange-module-0', '1.1.0');
+      yield utils.createModule('test-getModuleByRange-module-0', '2.0.0');
       var mod = yield Package.getModuleByRange('test-getModuleByRange-module-0', '~2.1.0');
       should.not.exist(mod);
     });
 
     it('should get package with semver range', function* () {
-      yield createModule('test-getModuleByRange-module-1', '1.0.0');
-      yield createModule('test-getModuleByRange-module-1', '1.1.0');
-      yield createModule('test-getModuleByRange-module-1', '2.0.0');
+      yield utils.createModule('test-getModuleByRange-module-1', '1.0.0');
+      yield utils.createModule('test-getModuleByRange-module-1', '1.1.0');
+      yield utils.createModule('test-getModuleByRange-module-1', '2.0.0');
       var mod = yield Package.getModuleByRange('test-getModuleByRange-module-1', '1');
       mod.package.name.should.equal(mod.name);
       mod.name.should.equal('test-getModuleByRange-module-1');
@@ -358,9 +319,9 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should get package with semver range when have invalid version', function* () {
-      yield createModule('test-getModuleByRange-module-2', '1.0.0');
-      yield createModule('test-getModuleByRange-module-2', '1.1.0');
-      yield createModule('test-getModuleByRange-module-2', 'next');
+      yield utils.createModule('test-getModuleByRange-module-2', '1.0.0');
+      yield utils.createModule('test-getModuleByRange-module-2', '1.1.0');
+      yield utils.createModule('test-getModuleByRange-module-2', 'next');
       var mod = yield Package.getModuleByRange('test-getModuleByRange-module-2', '1');
       mod.package.name.should.equal(mod.name);
       mod.name.should.equal('test-getModuleByRange-module-2');
@@ -412,7 +373,7 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should return updated module instance', function* () {
-      var r = yield createModule('test-updateModulePackageFields-name', '1.0.0');
+      var r = yield utils.createModule('test-updateModulePackageFields-name', '1.0.0');
       should.exist(r);
       var r1 = yield Package.updateModulePackageFields(r.id, {foo: 'update for field'});
       r1.id.should.equal(r.id);
@@ -428,7 +389,7 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should return updated module instance', function* () {
-      var r = yield createModule('test-updateModuleReadme-name', '1.0.0');
+      var r = yield utils.createModule('test-updateModuleReadme-name', '1.0.0');
       should.exist(r);
       var r1 = yield Package.updateModuleReadme(r.id, 'test updateModuleReadme');
       r1.id.should.equal(r.id);
@@ -444,7 +405,7 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should return updated module instance', function* () {
-      var r = yield createModule('test-updateModuleDescription-name', '1.0.0');
+      var r = yield utils.createModule('test-updateModuleDescription-name', '1.0.0');
       should.exist(r);
       var r1 = yield Package.updateModuleDescription(r.id, 'test updateModuleDescription');
       r1.id.should.equal(r.id);
@@ -461,7 +422,7 @@ describe('test/services/package.test.js', function () {
     });
 
     it('should return the update module when update lastTime exists', function* () {
-      var r1 = yield createModule('test-update-module-last-modified-package-name', '1.0.0');
+      var r1 = yield utils.createModule('test-update-module-last-modified-package-name', '1.0.0');
       yield sleep(1100);
       yield Package.updateModuleLastModified(r1.name);
       var r2 = yield Package.getModule(r1.name, r1.version);

test/services/token.test.js

@@ -0,0 +1,177 @@
+'use strict';
+
+var should = require('should');
+var TokenService = require('../../services/token');
+var TestUtils = require('../utils');
+
+describe('service/token.test.js', function() {
+  var token;
+  afterEach(function* () {
+    if (!token) return
+    yield TokenService.deleteToken(TestUtils.admin, token.token);
+  });
+
+  describe('createToken()', function() {
+    describe('default options', function() {
+      it('should create token success', function* () {
+        token = yield TokenService.createToken(TestUtils.admin);
+        should.exist(token);
+        should.exist(token.token);
+        should.exist(token.key);
+        token.cidr_whitelist.should.eql([]);
+        token.readonly.should.eql(false);
+      });
+    });
+
+    describe('custom options', function() {
+      it('should create token success', function* () {
+        token = yield TokenService.createToken(TestUtils.admin, {
+          cidrWhitelist: [ '127.0.0.1' ],
+          readonly: true,
+        });
+        should.exist(token);
+        should.exist(token.token);
+        should.exist(token.key);
+        token.cidr_whitelist.should.eql([ '127.0.0.1' ]);
+        token.readonly.should.eql(true);
+      });
+    });
+  });
+
+  describe('validateToken()', function() {
+    describe('normal', function() {
+      beforeEach(function* () {
+        token = yield TokenService.createToken(TestUtils.admin);
+      });
+
+      describe('token is exits', function() {
+        it('should get user', function* () {
+          var user = yield TokenService.validateToken(token.token, {
+            isReadOperation: true,
+            accessIp: '127.0.0.1',
+          });
+          should.exist(user);
+        });
+      });
+
+      describe('token is not exits', function() {
+        it('should not get user', function* () {
+          var user = yield TokenService.validateToken('not exits', {
+            isReadOperation: true,
+            accessIp: '127.0.0.1',
+          });
+          should.not.exist(user);
+        });
+      });
+    });
+
+    describe('readonly case', function() {
+      beforeEach(function* () {
+        token = yield TokenService.createToken(TestUtils.admin, {
+          readonly: true,
+        });
+      });
+
+      describe('read operation', function() {
+        it('should get user', function* () {
+          var user = yield TokenService.validateToken(token.token, {
+            isReadOperation: true,
+            accessIp: '127.0.0.1',
+          });
+          should.exist(user);
+        });
+      });
+
+      describe('write operation', function() {
+        it('should not get user', function* () {
+          var user = yield TokenService.validateToken('not exits', {
+            isReadOperation: false,
+            accessIp: '127.0.0.1',
+          });
+          should.not.exist(user);
+        });
+      });
+    });
+
+    describe('cidr case', function() {
+      beforeEach(function* () {
+        token = yield TokenService.createToken(TestUtils.admin, {
+          cidrWhitelist: [ '127.0.0.1' ],
+        });
+      });
+
+      describe('in white list', function() {
+        it('should get user', function* () {
+          var user = yield TokenService.validateToken(token.token, {
+            isReadOperation: true,
+            accessIp: '127.0.0.1',
+          });
+          should.exist(user);
+        });
+      });
+
+      describe('not in white list', function() {
+        it('should not get user', function* () {
+          var user = yield TokenService.validateToken('not exits', {
+            isReadOperation: true,
+            accessIp: '127.0.0.2',
+          });
+          should.not.exist(user);
+        });
+      });
+    });
+  });
+
+  describe('listToken()', function() {
+    var token1;
+    var token2;
+
+    beforeEach(function* () {
+      token1 = yield TokenService.createToken(TestUtils.admin);
+      token2 = yield TokenService.createToken(TestUtils.admin);
+    });
+
+    afterEach(function* () {
+      yield TokenService.deleteToken(token1.user, token1.token);
+      yield TokenService.deleteToken(token2.user, token2.token);
+    });
+
+    it('perPage/page should work', function* () {
+      var tokens = yield TokenService.listToken(TestUtils.admin, {
+        perPage: 1,
+        page: 0,
+      });
+      should.exist(tokens);
+      tokens[0].key.should.eql(token1.key);
+
+      tokens = yield TokenService.listToken(TestUtils.admin, {
+        perPage: 1,
+        page: 1,
+      });
+      should.exist(tokens);
+      tokens[0].key.should.eql(token2.key);
+    });
+  });
+
+  describe('deleteToken()', function() {
+    beforeEach(function* () {
+      token = yield TokenService.createToken(TestUtils.admin);
+    });
+
+    describe('delete by key prefix', function() {
+      it('should work', function* () {
+        yield TokenService.deleteToken(TestUtils.admin, token.key.substring(0, 6));
+        var user = yield TokenService.validateToken(token.token, { isReadOperation: false, accessIp: '127.0.0.1' });
+        should.not.exists(user);
+      });
+    });
+
+    describe('delete by token', function() {
+      it('should work', function* () {
+        yield TokenService.deleteToken(TestUtils.admin, token.token);
+        var user = yield TokenService.validateToken(token.token, { isReadOperation: false, accessIp: '127.0.0.1' });
+        should.not.exists(user);
+      });
+    });
+  });
+});

test/services/total.test.js

@@ -1,22 +1,13 @@
-/**!
- * cnpmjs.org - test/services/total.test.js
- *
- * Copyright(c) fengmk2 and other contributors.
- * MIT Licensed
- *
- * Authors:
- *   fengmk2 <fengmk2@gmail.com> (http://fengmk2.github.com)
- */
-
 'use strict';
 
-/**
- * Module dependencies.
- */
-
 var Total = require('../../services/total');
+var config = require('../../config');
+var utils = require('../utils');
+var mm = require('mm');
 
 describe('services/total.test.js', function () {
+  afterEach(mm.restore);
+
   describe('plusDeleteModule()', function () {
     it('should plus delete module count', function* () {
       var info = yield Total.getTotalInfo();
@@ -34,9 +25,21 @@ describe('services/total.test.js', function () {
   });
 
   describe('get()', function () {
-    it('should get all total info', function* () {
+    it('should get all total info, enableTotalCount: true', function* () {
+      yield utils.createModule('test-services-total-get-enableTotalCount-true', '1.0.0');
       var info = yield Total.get();
       info.disk_size.should.be.a.Number();
+      info.doc_count.should.above(0);
+      info.doc_version_count.should.above(0);
+    });
+
+    it('should get all total info, enableTotalCount: false', function* () {
+      mm(config, 'enableTotalCount', false);
+      yield utils.createModule('test-services-total-get-enableTotalCount-false', '1.0.0');
+      var info = yield Total.get();
+      info.disk_size.should.be.a.Number();
+      info.doc_count.should.equal(0);
+      info.doc_version_count.should.equal(0);
     });
   });
 

test/utils.js

@@ -5,6 +5,7 @@ var fs = require('fs');
 var mm = require('mm');
 var config = require('../config');
 var SyncModuleWorker = require('../controllers/sync_module_worker');
+var Package = require('../services/package');
 
 var fixtures = path.join(__dirname, 'fixtures');
 
@@ -30,6 +31,7 @@ var thirdUser = exports.thirdUser = 'cnpmjstest103';
 exports.thirdUserAuth = 'Basic ' + Buffer.from(thirdUser + ':' + thirdUser).toString('base64');
 
 var _pkg = fs.readFileSync(path.join(fixtures, 'package_and_tgz.json'));
+var _pkg2 = fs.readFileSync(path.join(fixtures, 'package_and_tgz_by_token.json'));
 
 exports.getPackage = function (name, version, user, tag, readme) {
   // name: mk2testmodule
@@ -57,6 +59,29 @@ exports.getPackage = function (name, version, user, tag, readme) {
   return pkg;
 };
 
+exports.getPackageWithToken = function (name, version, user, tag, readme) {
+  // name: mk2testmodule
+  name = name || 'mk2testmodule';
+  version = version || '0.0.1';
+  tag = tag || 'latest';
+  var tags = {};
+  tags[tag] = version;
+
+  var pkg = JSON.parse(_pkg2);
+  var versions = pkg.versions;
+  pkg.versions = {};
+  pkg.versions[version] = versions[Object.keys(versions)[0]];
+  pkg.versions[version].name = name;
+  pkg.versions[version].version = version;
+  pkg.versions[version]._id = name + '@' + version;
+  pkg.name = name;
+  pkg['dist-tags'] = tags;
+  if (readme) {
+    pkg.versions[version].readme = pkg.readme = readme;
+  }
+  return pkg;
+};
+
 exports.sync = function (name, callback) {
   mm(config, 'syncModel', 'all');
   var worker = new SyncModuleWorker({
@@ -74,3 +99,29 @@ exports.getFileContent = function (name) {
   var fixtures = path.join(__dirname, 'fixtures');
   return fs.readFileSync(path.join(fixtures, name), 'utf8');
 };
+
+exports.createModule = function* (name, version, user, tag) {
+  var sourcePackage = {
+    version: version,
+    name: name,
+    publish_time: Date.now(),
+  };
+  var mod = {
+    version: sourcePackage.version,
+    name: sourcePackage.name,
+    package: sourcePackage,
+    author: user || 'unittest',
+    publish_time: sourcePackage.publish_time,
+  };
+  var dist = {
+    tarball: 'http://registry.npmjs.org/' + name + '/-/' + name + '-' + version + '.tgz',
+    shasum: '9d7bc446e77963933301dd602d5731cb861135e0',
+    size: 100,
+  };
+  mod.package.dist = dist;
+  yield Package.saveModule(mod);
+  yield Package.saveModuleAbbreviated(mod);
+  // add tag
+  yield Package.addModuleTag(name, tag || 'latest', version);
+  return yield Package.getModule(mod.name, mod.version);
+}

view/web/layout.html

@@ -43,6 +43,7 @@
   </head>
   <body>
     <div class="container">
+      {{customHeader}}
       <header id="header">
         <div class="logo">
           <a href="/"><img src="{{logoURL}}"></a>