Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish new package throw error when uplink set to https://registry.npmmirror.com(cnpm registry) #3601

Closed
xhavit opened this issue Feb 10, 2023 · 4 comments · Fixed by #3647
Closed

Publish new package throw error when uplink set to https://registry.npmmirror.com(cnpm registry) #3601

xhavit opened this issue Feb 10, 2023 · 4 comments · Fixed by #3647

Comments

@xhavit
Copy link

xhavit commented Feb 10, 2023

The registry https://registry.npmmirror.com will return a 413 status code for a GET request containing a request body, which will cause an error when publishing a new package, resulting in a failure to publish.

On the other hand, a GET request should not contain a request body.
@juanpicado
Copy link
Member

juanpicado commented Feb 10, 2023
edited

Hi, Please be detailed and specific, add examples so I can understand exactly what's the issue in few minutes.

@xhavit
Copy link
Author

xhavit commented Feb 10, 2023
edited

OK! Thanks so much! @juanpicado

Your Environment

  • verdaccio version: v5.20.1
  • node version [v16.19.0]:
  • package manager: [npm@8.19.3]
  • os: [CentOS Linux 7]
  • platform: [npm]

Describe the bug

The registry https://registry.npmmirror.com will return a 413 status code for a GET request containing a request body, which will cause an error when publishing a new package, resulting in a failure to publish.

On the other hand, a GET request should not contain a request body.

To Reproduce

1. Update config file

uplinks:
  npmjs:
    url: https://registry.npmjs.org
  cnpmjs:
    url: https://registry.npmmirror.com
packages:
  "**":
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: cnpmjs

2. Publish a new package named tech-verdaccio-test

npm publish

3. Result

The command line will get stuck, and after a while there will be a packet timeout error.

npm notice
npm notice 📦  tech-verdaccio-test@1.0.13
npm notice === Tarball Contents ===
npm notice 1B    index.js
npm notice 2.1kB log.yml
npm notice 216B  package.json
npm notice === Tarball Details ===
npm notice name:          tech-verdaccio-test
npm notice version:       1.0.13
npm notice filename:      tech-verdaccio-test-1.0.13.tgz
npm notice package size:  1.1 kB
npm notice unpacked size: 2.3 kB
npm notice shasum:        97e85b2e839d73d8e77e0aac03ecce298f0794ef
npm notice integrity:     sha512-G3h70gHtHDDSt[...]XW3PUFGNz3v2Q==
npm notice total files:   3
npm notice
npm notice Publishing to http://192.168.1.197:4873/
npm ERR! code E503
npm ERR! 503 Service Unavailable - PUT http://192.168.1.197:4873/tech-verdaccio-test - one of the uplinks is down, refuse to publish

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/fulei/.npm/_logs/2023-02-09T16_26_16_338Z-debug-0.log

Expected behavior

Publish success

Screenshots, server logs, package manager log

tail -f ~/.pm2/logs/verdaccio-out.log
http --- 192.168.8.37 requested 'PUT /tech-verdaccio-test'
info --- auth/allow_action: access granted to: undefined
info --- nobody is allowed publish for tech-verdaccio-test
http --- 200, user: nobody(192.168.8.37), req: 'PUT /tech-verdaccio-test', bytes: 2301/0
info --- making request: 'GET https://registry.npmmirror.com/tech-verdaccio-test'
http --- 413, req: 'GET https://registry.npmmirror.com/tech-verdaccio-test' (streaming)
http --- 413, req: 'GET https://registry.npmmirror.com/tech-verdaccio-test', bytes: 4/0

Configuration File (cat ~/.config/verdaccio/config.yaml)

Refer to To Reproduce

Environment information

Environment Info:
  System:
    OS: Linux 3.10 CentOS Linux 7 (Core)
    CPU: (8) x64 Intel(R) Xeon(R) CPU           E5606  @ 2.13GHz
  Binaries:
    npm: 8.19.3 - ~/.nvm/versions/node/v16.19.0/bin/npm
  npmGlobalPackages:
    verdaccio: 5.20.1

Contribute to Verdaccio

  • I'm willing to fix this bug if I have time 🥇

How to fix

./src/lib/up-storage.ts line 444

/**
 * Fetch an asset.
 * @param {*} options
 * @param {*} cb
 * @return {Request}
 */
private request(options: any, cb?: Callback): Stream.Readable {
  // other codes

  let requestOptions = {
    url: uri,
    method: method,
    headers: headers,
    // This line causes the GET request to contain the request body
    // This line should be fixed as:
    // body: method === 'GET' ? undefined : json,
    body: json,
    proxy: this.proxy,
    encoding: null,
    gzip: true,
    timeout: this.timeout,
    strictSSL: this.strict_ssl,
    agentOptions: this.agent_options,
  };

  // other codes
}

@melodyVoid
Copy link
Contributor

I got the same issue.

melodyVoid added a commit to melodyVoid/verdaccio that referenced this issue Feb 21, 2023
@melodyVoid
fix: avoid setting body for GET requests
07cdf46 
When making a GET request to certain uplinks, such as https://registry.npmmirror.com, setting the body field can result in a 413 error. Previously, the code was setting the body field for all requests, including GET requests.

This commit fixes the issue by checking the request method and avoiding setting the body field for GET requests. This ensures that GET requests are not affected by the issue and can be made without error.

Fixes verdaccio#3601
@melodyVoid melodyVoid mentioned this issue Feb 21, 2023
Merged
melodyVoid pushed a commit to melodyVoid/verdaccio that referenced this issue Feb 23, 2023
@botao-tal
fix(core): fix bug about isObject function, it should return false wh…
8bce011 
…en input is a boolean

This bug will case
[request](https://github.com/verdaccio/verdaccio/blob/bae430fe24c9bb63dcf7b7b9e5f9f0dbf3f42669/src/lib/up-storage.ts#L157)
has a body when options.json is `true`.

fix verdaccio#3601
@melodyVoid melodyVoid mentioned this issue Feb 23, 2023
Merged
melodyVoid pushed a commit to melodyVoid/verdaccio that referenced this issue Feb 23, 2023
@botao-tal
test(up-storage): add unit test about uplink is npmmirror
2395bd6 
Cause thers is a bug in `isObject` function from `@verdaccio/core`, when `options.json` is `true`
GET request body will be string 'true', some uplinks might return 413 status code such as
https://registry.npmmirror.com

fix verdaccio#3601
juanpicado added a commit that referenced this issue Feb 24, 2023
@melodyVoid @juanpicado @botao-tal
fix: avoid setting body for GET requests (#3643)
e4573c7 
* fix: avoid setting body for GET requests

When making a GET request to certain uplinks, such as https://registry.npmmirror.com, setting the body field can result in a 413 error. Previously, the code was setting the body field for all requests, including GET requests.

This commit fixes the issue by checking the request method and avoiding setting the body field for GET requests. This ensures that GET requests are not affected by the issue and can be made without error.

Fixes #3601

* add missing deps for run test locally

* test(up-storage): add unit test about uplink is npmmirror

Cause thers is a bug in `isObject` function from `@verdaccio/core`, when `options.json` is `true`
GET request body will be string 'true', some uplinks might return 413 status code such as
https://registry.npmmirror.com

fix #3601

* chore(deps): update @verdaccio/core

---------

Co-authored-by: Juan Picado <juanpicado19@gmail.com>
Co-authored-by: botao <botao@tal.com>
@juanpicado
Copy link
Member

https://github.com/verdaccio/verdaccio/releases/tag/v5.21.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(core): fix bug about isObject function melodyVoid/verdaccio
3 participants
@juanpicado @xhavit @melodyVoid