Skip to main content

Iwọlesi Akopọ

O jẹ oriṣi awọn idina ti o fayegba tabi ṣe idena wiwọle si ibi ipamọ ibilẹ ti o da lori pato awọn ilana kan.

The security constraints remain on the shoulders of the plugin being used, by default verdaccio uses the htpasswd plugin. If you use a different plugin the behaviour might be different. The default plugin does not handle allow_access and allow_publish by itself, it uses an internal fallback in case the plugin is not ready for it.

Fun alaye siwaju sii nipa awọn igbanilaaye lọ si abala sise ifasẹsi ninu wiki naa.

Ilo

packages:
# scoped packages
'@scope/*':
access: $all
publish: $all
proxy: server2

'private-*':
access: $all
publish: $all
proxy: uplink1

'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
access: $all
publish: $all
proxy: uplink2

ti ikankan ko ba jẹ yiyan ni pato, ohun ti atilẹwa ma si wa nibẹ

packages:
'**':
access: $all
publish: $authenticated

Akojọ ti awọn ẹgbẹ abẹle n sakoso nipasẹ verdaccio ni wọnyii:

'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous'

All users receive all those set of permissions independently of is anonymous or not plus the groups provided by the plugin, in case of htpasswd return the username as a group. For instance, if you are logged as npmUser the list of groups will be.

// groups without '$' are going to be deprecated eventually
'$all', '$anonymous', '@all', '@anonymous', 'all', 'undefined', 'anonymous', 'npmUser'

If you want to protect specific set packages under your group, you need to do something like this. Let's use a Regex that covers all prefixed npmuser- packages. We recommend using a prefix for your packages, in that way it will be easier to protect them.

packages:
'npmuser-*':
access: npmuser
publish: npmuser

Se atunbẹrẹ verdaccio ati ninu kọnsolu rẹ gbiyanju lati fi npmuser-core sori ẹrọ.

$ npm install npmuser-core
npm install npmuser-core
npm ERR! code E403
npm ERR! 403 Forbidden: npmuser-core@latest

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/user/.npm/_logs/2017-07-02T12_20_14_834Z-debug.log

You can change the existing behaviour using a different plugin authentication. verdaccio just checks whether the user that tried to access or publish a specific package belongs to the right group.

Please note that if you set the access permission of a package to something that requires Verdaccio to check your identity, for example $authenticated, npm does not send your access key by default when fetching packages. This means all requests for downloading packages will be rejected as they are made anonymously even if you have logged in. To make npm include you access key with all requests, you should set the always-auth npm setting to true on any client machines. This can be accomplished by running:

$ npm config set always-auth=true

Set multiple groups

Ti o ba fẹ lati dènà wiwọle/atẹjade si pato ẹgbẹ ti awọn akojọ kan. Sa ma ṣeto access ati publish.

  'company-*':
access: admin internal
publish: admin
proxy: server1
'supersecret-*':
access: secret super-secret-area ultra-secret-area
publish: secret ultra-secret-area
proxy: server1

Blocking access to set of packages

If you want to block the access/publish to a specific group of packages. Just do not define access and publish.

packages:
'old-*':
'**':
access: $all
publish: $authenticated

Blocking proxying a set of specific packages

Jẹ ki a wo apẹẹrẹ wọnyii:

Jẹ ki a ṣe apejuwe ohun ti a fẹ pẹlu apẹẹrẹ oke yii:

packages:
'jquery':
access: $all
publish: $all
'my-company-*':
access: $all
publish: $authenticated
'@my-local-scope/*':
access: $all
publish: $authenticated
'**':
access: $all
publish: $authenticated
proxy: npmjs

Lọ mọ pe aṣẹ ti awọn itumọ awọn akopọ rẹ jẹ pataki ati ki o ma lo wildcard nigbagbogbo. Nitori ti o ko ba se afikun rẹ verdaccio yoo se afikun rẹ fun ẹ atipe o ma kan ọna ti awọn igbarale rẹ jẹ yiyanju si.

  • Mo fẹ lati gbalejo igbarale jquery ti ara mi ṣugbọn mo nilo lati yago fun ṣiṣe aṣoju ikọkọ rẹ.
  • Mo fẹ ki gbogbo awọn igbarale ti o ni ibaamu pẹlu my-company-* ṣugbọn mo nilo lati yago fun ṣiṣe aṣoju ikọkọ qọn.
  • Mo fẹ ki gbogbo awọn igbarale ti o wa ni iwoye my-local-scope scope ṣugbọn mo nilo lati yago fun ṣiṣe aṣoju ikọkọ wọn.
  • Mo fẹ ki ṣe aṣoju ikọkọ wa fun gbogbo awọn igbarale yoku.

Be aware that the order of your packages definitions is important and always use double wilcard. Because if you do not include it verdaccio will include it for you and the way that your dependencies are resolved will be affected.

Ninu apẹẹrẹ titẹlẹ, ihuwasi naa yoo jẹ jijuwe:

'**':
access: $all
publish: $authenticated
proxy: npmjs uplink2

Unpublishing Packages

The property publish handle permissions for npm publish and npm unpublish. But, if you want to be more specific, you can use the property unpublish in your package access section, for instance:

packages:
'jquery':
access: $all
publish: $all
unpublish: root
'my-company-*':
access: $all
publish: $authenticated
unpublish:
'@my-local-scope/*':
access: $all
publish: $authenticated
# unpublish: property commented out
'**':
access: $all
publish: $authenticated
proxy: npmjs

Ti o ba fẹ alaye siwaju sii nipa bi o ṣe le lo ohun ini ibi ipamọ, jọwọ lọ si ọrọ iwoye yii.

  • gbogbo awọn olumulo le ṣe atẹjade akopọ jquery, ṣugbọn olumulo root nikan ni yoo ni anfani lati ṣe aitẹjade eyikeyi ti ẹya.
  • awọn olumulo to ni ifasẹsi nikan ni o le ṣe atẹjade awọn akopọ my-company-*, sugbọn ** ko si aaye fun ẹnikẹni lati aitẹjade wọn**.
  • Ti unpublish ba ti jẹ sisọ jade, iwọle naa yoo jẹ fifọwọsi tabi kikọ nipasẹ agbekalẹ publish naa.

Configuration

You can define mutiple packages and each of them must have an unique Regex. The syntax is based on minimatch glob expressions.

Ohun iniIruTi o niloApẹẹrẹAtilẹyinApejuwe
iwọleokunRara$allgbogboseto awọn ẹgbẹ ti aaye wa fun lati wọle si akopọ naa
atẹjadeokunRara$authenticatedgbogboseto awọn ẹgbẹ ti aaye wa fun lati wọle se atẹjade
aṣoju ikọkọokunRaranpmjsgbogbose adinku awọn iwa jade fun pato uplink kan
ibi ipamọokunRaraokun/awọn-foda kano n ṣẹda ẹka foda kan ninu foda ibi ipamọ fun ọkọọkan iwọle akopọ

A ṣafihan pe a ṣe igbaniyanju lati ma se lo allow_access/allow_publish ati proxy_access rara mọ, adinku ti ba iwulo wọn atipe wọn ma jẹ yiyọ kuro laipẹ, jọwọ lo ẹya kukuru ti ọkọọkan wọn (access/publish/proxy).

If you want more information about how to use the storage property, please refer to this comment.