Do not generate links for private NPM modules in blob view

2017-12-18 22:55:51 -06:00 · 2017-12-18 22:55:51 -06:00 · b03789395c
commit b03789395c
parent 130b03c264
5 changed files with 74 additions and 4 deletions
--- a/app/models/blob_viewer/dependency_manager.rb
+++ b/app/models/blob_viewer/dependency_manager.rb
@ -27,10 +27,17 @@ module BlobViewer

    private

-    def package_name_from_json(key)
-      prepare!
+    def json_data
+      @json_data ||= begin
+        prepare!
+        JSON.parse(blob.data)
+      rescue
+        {}
+      end
+    end

-      JSON.parse(blob.data)[key] rescue nil
+    def package_name_from_json(key)
+      json_data[key]
    end

    def package_name_from_method_call(name)
--- a/app/models/blob_viewer/package_json.rb
+++ b/app/models/blob_viewer/package_json.rb
@ -16,8 +16,20 @@ module BlobViewer
      @package_name ||= package_name_from_json('name')
    end

+    def package_type
+      private? ? 'private package' : super
+    end
+
    def package_url
+      return nil if private?
+
      "https://www.npmjs.com/package/#{package_name}"
    end
+
+    private
+
+    def private?
+      !!json_data['private']
+    end
  end
 end
--- a/app/views/projects/blob/viewers/_dependency_manager.html.haml
+++ b/app/views/projects/blob/viewers/_dependency_manager.html.haml
@ -6,6 +6,6 @@
  - if viewer.package_name
    and defines a #{viewer.package_type} named
    %strong<
-      = link_to viewer.package_name, viewer.package_url, target: '_blank', rel: 'noopener noreferrer'
+      = link_to_if viewer.package_url.present?, viewer.package_name, viewer.package_url, target: '_blank', rel: 'noopener noreferrer'

 = link_to 'Learn more', viewer.manager_url, target: '_blank', rel: 'noopener noreferrer'
--- a/changelogs/unreleased/36020-private-npm-modules.yml
+++ b/changelogs/unreleased/36020-private-npm-modules.yml
@ -0,0 +1,5 @@
+---
+title: Do not generate links for private NPM modules in blob view
+merge_request: 16002
+author: Mario de la Ossa
+type: added
--- a/spec/models/blob_viewer/package_json_spec.rb
+++ b/spec/models/blob_viewer/package_json_spec.rb
@ -22,4 +22,50 @@ describe BlobViewer::PackageJson do
      expect(subject.package_name).to eq('module-name')
    end
  end
+
+  describe '#package_url' do
+    it 'returns the package URL' do
+      expect(subject).to receive(:prepare!)
+
+      expect(subject.package_url).to eq("https://www.npmjs.com/package/#{subject.package_name}")
+    end
+  end
+
+  describe '#package_type' do
+    it 'returns "package"' do
+      expect(subject).to receive(:prepare!)
+
+      expect(subject.package_type).to eq('package')
+    end
+  end
+
+  context 'when package.json has "private": true' do
+    let(:data) do
+      <<-SPEC.strip_heredoc
+      {
+        "name": "module-name",
+        "version": "10.3.1",
+        "private": true
+      }
+      SPEC
+    end
+    let(:blob) { fake_blob(path: 'package.json', data: data) }
+    subject { described_class.new(blob) }
+
+    describe '#package_url' do
+      it 'returns nil' do
+        expect(subject).to receive(:prepare!)
+
+        expect(subject.package_url).to be_nil
+      end
+    end
+
+    describe '#package_type' do
+      it 'returns "private package"' do
+        expect(subject).to receive(:prepare!)
+
+        expect(subject.package_type).to eq('private package')
+      end
+    end
+  end
 end