Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while selecting a proxy to download the package #3648

Open
RybakVolodymyr opened this issue Feb 24, 2023 Discussed in #3600 · 0 comments
Open

Error while selecting a proxy to download the package #3648

RybakVolodymyr opened this issue Feb 24, 2023 Discussed in #3600 · 0 comments
Labels
issue_needs_triage

Comments

@RybakVolodymyr
Copy link

Previously was described here #3600

Environment

  • verdaccio version: 5.20.1
  • node version: 14.15.5
  • package manager: 6.14.11
  • os: ubuntu 20.04 (docker: Linux 5.14 Alpine Linux)
  • platform: docker (also tested with npm, no difference)

Describe the bug
Hi,
I have a problem with Verdaccio configured with several proxies for same package name regex. (see configuration below)

While requesting packages Verdaccio makes a request using information about the last uplink specified in the configuration file despite the fact that the link to the package is already known in this part of the code.

I guess the main problem was found, could you tell me if it's right ?

All come from here #1644

In this commit
self.uplinks[uplinkId].isUplinkValid(file.url)
was changed with
hasProxyTo(name, uplinkId, self.config.packages)

As I can see (https://github.com/verdaccio/verdaccio/blob/4.x/src/lib/up-storage.ts#L408)
isUplinkValid has a really needed check of host matching, unlike hasProxyTo
As a result of the change, my requests obtain last uplink in following for loop (the last item in uplink list in configuration file) despite file.url already contains another nexus hostname
So, we mixed up url from one uplink and auth credentials from another

for (const uplinkId in self.uplinks) {
  if (hasProxyTo(name, uplinkId, self.config.packages)) {
    uplink = self.uplinks[uplinkId];
  }
}

Link to for loop in source code: https://github.com/verdaccio/verdaccio/blob/5.x/src/lib/storage.ts#L270

To Reproduce
To reproduce this you need to have several nexuses with different credentials provided as a proxy for a similar package name regex (as shown below in my configuration)

Expected behavior
Verdaccio chooses the right unlink configuration for downloading a package

Logs, package manager log
(Had to mask all the URLs, since they are internal company repositories)
Verdaccio log example:

info --- making request: 'GET https://[nexus_one]/asynckit/-/asynckit-0.4.0.tgz'

REQUEST {
  url: 'https://[nexus_one]/asynckit/-/asynckit-0.4.0.tgz',
  method: 'GET',
  headers: {
    Accept: 'application/json;',
    'Accept-Encoding': 'gzip',
    'User-Agent': undefined,
    authorization: 'Bearer [NEXUS_TOKEN_FOUR_VALUE]',
    via: '1.1 5db1d1a13b56 (Verdaccio)'
  },
  encoding: null,
  gzip: true,
  timeout: 30000,
  strictSSL: true,
  agentOptions: { keepAlive: true, maxSockets: 40, maxFreeSockets: 10 },
  callback: undefined
}
REQUEST make request https://[nexus_one]/asynckit/-/asynckit-0.4.0.tgz
REQUEST onRequestResponse https://[nexus_one]/asynckit/-/asynckit-0.4.0.tgz 401 {
  date: 'Thu, 09 Feb 2023 17:11:48 GMT',
  server: '...',
  'x-content-type-options': 'nosniff',
  'www-authenticate': 'BASIC realm="Sonatype Nexus Repository Manager"',
  'content-length': '0'
}

Npm log example:

npm http fetch GET 500 http://localhost:4873/delayed-stream/-/delayed-stream-1.0.0.tgz 75464ms attempt #3
npm http fetch GET 200 http://localhost:4873/has 1409ms
npm http fetch GET 200 http://localhost:4873/has-symbols 1461ms
npm http fetch GET 500 http://localhost:4873/har-schema/-/har-schema-2.0.0.tgz 72529ms attempt #3
npm http fetch GET 500 http://localhost:4873/ee-first/-/ee-first-1.1.1.tgz 71503ms attempt #3
npm http fetch GET 500 http://localhost:4873/mime/-/mime-1.6.0.tgz 70987ms attempt #3
npm http fetch GET 500 http://localhost:4873/media-typer/-/media-typer-0.3.0.tgz 70801ms attempt #3
npm http fetch GET 200 http://localhost:4873/unpipe/-/unpipe-1.0.0.tgz 82572ms attempt #3
npm http fetch GET 200 http://localhost:4873/unpipe/-/unpipe-1.0.0.tgz 82136ms attempt #3
npm http fetch GET 500 http://localhost:4873/function-bind/-/function-bind-1.1.1.tgz 70655ms attempt #3
npm http fetch GET 500 http://localhost:4873/asynckit/-/asynckit-0.4.0.tgz 71940ms attempt #3
npm timing stage:rollbackFailedOptional Completed in 1ms
npm timing stage:runTopLevelLifecycles Completed in 356719ms
npm verb stack Error: 500 Internal Server Error - GET http://localhost:4873/asynckit/-/asynckit-0.4.0.tgz
npm verb stack     at /.../.../lib/node_modules/npm/node_modules/npm-registry-fetch/check-response.js:117:15
npm verb stack     at runMicrotasks (<anonymous>)
npm verb stack     at processTicksAndRejections (internal/process/task_queues.js:93:5)
npm verb statusCode 500
npm verb pkgid asynckit@^0.4.0
npm verb node v14.15.5
npm verb npm  v6.14.11
npm ERR! code E500
npm ERR! 500 Internal Server Error - GET http://localhost:4873/asynckit/-/asynckit-0.4.0.tgz
npm verb exit [ 1, true ]
npm timing npm Completed in 357265ms

Configuration File (cat ~/.config/verdaccio/config.yaml)

storage: /verdaccio/storage/data
plugins: /verdaccio/plugins
uplinks:
  nexus_one:
    url: https://[nexus_one]/
    auth:
      type: bearer
      token_env: NEXUS_TOKEN_ONE
  nexus_two:
    url: https://[nexus_two]/
    auth:
      type: bearer
      token_env: NEXUS_TOKEN_TWO
  nexus_two_another_path:
    url: https://[nexus_two_another_path]/
    auth:
      type: bearer
      token_env: NEXUS_TOKEN_TWO
  nexus_three:
    url: https://[nexus_three]/
    auth:
      type: bearer
      token_env: NEXUS_TOKEN_THREE
  nexus_four:
    url: https://[nexus_four]/
    auth:
      type: bearer
      token_env: NEXUS_TOKEN_FOUR
packages:
  '**':
    access: $all
    publish: $authenticated
    proxy:
      - nexus_one
      - nexus_two
      - nexus_two_another_path
      - nexus_three
      - nexus_four
server:
  keepAliveTimeout: 0
logs: { type: stdout, format: pretty-timestamped, level: trace }

Docker compose configuration:

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio:5.20.1
    container_name: 'verdaccio'
    networks:
      - node-network
    environment:
      - VERDACCIO_PORT=4873
      - NEXUS_TOKEN_ONE=${NEXUS_TOKEN_ONE}
      - NEXUS_TOKEN_TWO=${NEXUS_TOKEN_TWO}
      - NEXUS_TOKEN_THREE=${NEXUS_TOKEN_THREE}
      - NEXUS_TOKEN_FOUR=${NEXUS_TOKEN_FOUR}
      - NODE_DEBUG=request verdaccio
      - DEBUG=express:* verdaccio
    ports:
      - '4873:4873'
    volumes:
      - './verdaccio/storage:/verdaccio/storage'
      - './verdaccio/config:/verdaccio/conf'
      - './verdaccio/plugins:/verdaccio/plugins'
networks:
  node-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.16.57.0/24

Environment information
Docker:

Environment Info:
  System:
    OS: Linux 5.14 Alpine Linux
    CPU: (8) x64 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz
  Binaries:
    npm: 8.19.3 - /usr/local/bin/npm
  npmGlobalPackages:
    verdaccio: 5.20.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue_needs_triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juanpicado @RybakVolodymyr