chore: package.json validation in zip

abose · abose · commit 6a1896f5d5cd · 2023-03-02T07:20:18.000-03:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -71,6 +71,7 @@
     "fastify": "4.12.0",
     "follow-redirects": "^1.15.2",
     "node-fetch": "^3.3.0",
-    "node-stream-zip": "^1.15.0"
+    "node-stream-zip": "^1.15.0",
+    "semver": "^7.3.8"
   }
 }
diff --git a/src/api/publishGithubRelease.js b/src/api/publishGithubRelease.js
@@ -4,6 +4,7 @@ import {getRepoDetails, getReleaseDetails, createIssue} from "../github.js";
 import db from "../db.js";
 import {downloader} from "../utils/downloader.js";
 import {ZipUtils} from "../utils/zipUtils.js";
+import {valid, lte} from "semver";
 import {
     FIELD_RELEASE_ID, RELEASE_DETAILS_TABLE, EXTENSION_SIZE_LIMIT_MB, BASE_URL,
     EXTENSION_DOWNLOAD_DIR, PROCESSING_TIMEOUT_MS, EXTENSIONS_DETAILS_TABLE, FIELD_EXTENSION_ID
@@ -161,9 +162,36 @@ async function _validateExtensionPackageJson(githubReleaseTag, packageJSON, issu
         throw new Error("Error getting extensionPKG details from db: " + releaseRef);
     }
     registryPKG = registryPKG.documents.length === 1 ? registryPKG.documents[0] : null;
+    let error = "";
     if(registryPKG && registryPKG.owner !== newOwner) {
-        let error = `Extension of the same name "${packageJSON.name}" already exists (owned by https://github.com/${registryPKG.owner.split(":")[1]}).`;
-        issueMessages.push(error);
+        let errorMsg = `Extension of the same name "${packageJSON.name}" already exists (owned by https://github.com/${registryPKG.owner.split(":")[1]}). Please choose a different extension name.`;
+        error = error + errorMsg;
+        issueMessages.push(errorMsg);
+        throw {status: HTTP_STATUS_CODES.BAD_REQUEST,
+            updatePublishErrors: true,
+            error};
+    }
+    if(!valid(packageJSON.version)) {
+        let errorMsg = `Invalid package version "${packageJSON.version}" in zip.`;
+        error = error + `\n${errorMsg}`;
+        issueMessages.push(errorMsg);
+    }
+    if(registryPKG) {
+        for(let versionInfo of registryPKG.versions){
+            if(versionInfo.version === packageJSON.version){
+                let errorMsg = `Package version "${packageJSON.version}" already published on ${versionInfo.published}. Please update version number to above ${registryPKG.metadata.version}.`;
+                error = error + `\n${errorMsg}`;
+                issueMessages.push(errorMsg);
+                break;
+            }
+        }
+        if(lte(packageJSON.version, registryPKG.metadata.version)){
+            let errorMsg = `Package version should be greater than ${registryPKG.metadata.version}, but received "${packageJSON.version}".`;
+            error = error + `\n${errorMsg}`;
+            issueMessages.push(errorMsg);
+        }
+    }
+    if(error){
         throw {status: HTTP_STATUS_CODES.BAD_REQUEST,
             updatePublishErrors: true,
             error};
diff --git a/test/unit/api/publishGithubRelease.spec.js b/test/unit/api/publishGithubRelease.spec.js
@@ -7,6 +7,7 @@ import {ZipUtils} from "../../../src/utils/zipUtils.js";
 import {publishGithubRelease, getPublishGithubReleaseSchema} from "../../../src/api/publishGithubRelease.js";
 import {getSimpleGetReply, getSimpleGETRequest} from '../data/simple-request.js';
 import {VALID_PACKAGE_JSON} from "../data/packagejson.js";
+import registryJSON from "../data/registry.js";
 import Ajv from "ajv";
 import {initGitHubClient} from "../../../src/github.js";
 import {EXTENSION_SIZE_LIMIT_MB} from "../../../src/constants.js";

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,7 @@`
`71`	`71`	`"fastify": "4.12.0",`
`72`	`72`	`"follow-redirects": "^1.15.2",`
`73`	`73`	`"node-fetch": "^3.3.0",`
`74`		`- "node-stream-zip": "^1.15.0"`
	`74`	`+ "node-stream-zip": "^1.15.0",`
	`75`	`+ "semver": "^7.3.8"`
`75`	`76`	`}`
`76`	`77`	`}`