You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
os: ubuntu 20.04 (docker: Linux 5.14 Alpine Linux)
platform: docker (also tested with npm, no difference)
Describe the bug
Hi,
I have a problem with Verdaccio configured with several proxies for same package name regex. (see configuration below)
While requesting packages Verdaccio makes a request using information about the last uplink specified in the configuration file despite the fact that the link to the package is already known in this part of the code.
I guess the main problem was found, could you tell me if it's right ?
In this commit self.uplinks[uplinkId].isUplinkValid(file.url)
was changed with hasProxyTo(name, uplinkId, self.config.packages)
As I can see (https://github.com/verdaccio/verdaccio/blob/4.x/src/lib/up-storage.ts#L408) isUplinkValid has a really needed check of host matching, unlike hasProxyTo
As a result of the change, my requests obtain last uplink in following for loop (the last item in uplink list in configuration file) despite file.url already contains another nexus hostname
So, we mixed up url from one uplink and auth credentials from another
for (const uplinkId in self.uplinks) {
if (hasProxyTo(name, uplinkId, self.config.packages)) {
uplink = self.uplinks[uplinkId];
}
}
To Reproduce
To reproduce this you need to have several nexuses with different credentials provided as a proxy for a similar package name regex (as shown below in my configuration)
Expected behavior
Verdaccio chooses the right unlink configuration for downloading a package
Logs, package manager log
(Had to mask all the URLs, since they are internal company repositories)
Verdaccio log example:
Previously was described here #3600
Environment
Describe the bug
Hi,
I have a problem with Verdaccio configured with several proxies for same package name regex. (see configuration below)
While requesting packages Verdaccio makes a request using information about the last uplink specified in the configuration file despite the fact that the link to the package is already known in this part of the code.
I guess the main problem was found, could you tell me if it's right ?
All come from here #1644
In this commit
self.uplinks[uplinkId].isUplinkValid(file.url)
was changed with
hasProxyTo(name, uplinkId, self.config.packages)
As I can see (https://github.com/verdaccio/verdaccio/blob/4.x/src/lib/up-storage.ts#L408)
isUplinkValid
has a really needed check of host matching, unlikehasProxyTo
As a result of the change, my requests obtain last uplink in following
for loop
(the last item in uplink list in configuration file) despitefile.url
already contains another nexus hostnameSo, we mixed up url from one uplink and auth credentials from another
Link to for loop in source code: https://github.com/verdaccio/verdaccio/blob/5.x/src/lib/storage.ts#L270
To Reproduce
To reproduce this you need to have several nexuses with different credentials provided as a proxy for a similar package name regex (as shown below in my configuration)
Expected behavior
Verdaccio chooses the right unlink configuration for downloading a package
Logs, package manager log
(Had to mask all the URLs, since they are internal company repositories)
Verdaccio log example:
Npm log example:
Configuration File (cat ~/.config/verdaccio/config.yaml)
Docker compose configuration:
Environment information
Docker:
The text was updated successfully, but these errors were encountered: