chore: package.json validation in zip

abose · abose · commit c03fb6fab489 · 2023-03-02T07:20:18.000-03:00
diff --git a/src/api/publishGithubRelease.js b/src/api/publishGithubRelease.js
@@ -1,6 +1,6 @@
 // Refer https://json-schema.org/understanding-json-schema/index.html
 import {HTTP_STATUS_CODES} from "@aicore/libcommonutils";
-import {getRepoDetails, getReleaseDetails, createIssue} from "../github.js";
+import {getRepoDetails, getReleaseDetails, createIssue, getOrgDetails} from "../github.js";
 import db from "../db.js";
 import {downloader} from "../utils/downloader.js";
 import {ZipUtils} from "../utils/zipUtils.js";
@@ -151,7 +151,7 @@ function _validateGitHubReleaseAssets(githubReleaseDetails, issueMessages) {
     return extensionZipAsset;
 }
 
-async function _validateExtensionPackageJson(githubReleaseTag, packageJSON, issueMessages) {
+async function _validateExtensionPackageJson(githubReleaseTag, packageJSON, repoDetails, issueMessages) {
     const queryObj = {};
     const newOwner = `github:${githubReleaseTag.owner}`;
     const releaseRef = `${githubReleaseTag.owner}/${githubReleaseTag.repo}/${githubReleaseTag.tag}`;
@@ -196,9 +196,33 @@ async function _validateExtensionPackageJson(githubReleaseTag, packageJSON, issu
             updatePublishErrors: true,
             error};
     }
+    let org = await getOrgDetails(githubReleaseTag.owner);
+    let ownershipVerifiedByGitHub = null;
+    if(org && org.is_verified && org.blog){
+        ownershipVerifiedByGitHub = [org.blog];
+    }
+    // now create the new registry package json
+    registryPKG = registryPKG || {
+        "versions": [],
+        "totalDownloads": 0,
+        "recent": {}
+    };
+    registryPKG.metadata= packageJSON;
+    registryPKG.owner= `github:${githubReleaseTag.owner}`;
+    registryPKG.gihubStars = repoDetails.stargazers_count;
+    registryPKG.ownerRepo = `https://github.com/${githubReleaseTag.owner}/${githubReleaseTag.repo}`;
+    registryPKG.ownershipVerifiedByGitHub = ownershipVerifiedByGitHub;
+    registryPKG.versions.push({
+        "version": packageJSON.version,
+        "published": new Date().toISOString(),
+        "brackets": packageJSON.engines.brackets,
+        "downloads": 0
+    });
+
+    console.log(registryPKG);
 }
 
-async function _downloadAndValidateExtensionZip(githubReleaseTag, extensionZipAsset, issueMessages) {
+async function _downloadAndValidateExtensionZip(githubReleaseTag, extensionZipAsset, repoDetails, issueMessages) {
     const targetPath = `${EXTENSION_DOWNLOAD_DIR}/${githubReleaseTag.owner}_${githubReleaseTag.repo}_${githubReleaseTag.tag}_${extensionZipAsset.name}`;
     await downloader.downloadFile(extensionZipAsset.browser_download_url, targetPath);
     let {packageJSON, error} = await ZipUtils.getExtensionPackageJSON(targetPath);
@@ -225,7 +249,7 @@ async function _downloadAndValidateExtensionZip(githubReleaseTag, extensionZipAs
             updatePublishErrors: true,
             error};
     }
-    await _validateExtensionPackageJson(githubReleaseTag, packageJSON, issueMessages);
+    await _validateExtensionPackageJson(githubReleaseTag, packageJSON, repoDetails, issueMessages);
     return targetPath;
 }
 
@@ -316,7 +340,7 @@ export async function publishGithubRelease(request, reply) {
                 error: `Draft or PreRelease builds cannot be published.`};
         }
         const extensionZipAsset = _validateGitHubReleaseAssets(newGithubReleaseDetails, issueMessages);
-        extensionZipPath = await _downloadAndValidateExtensionZip(githubReleaseTag, extensionZipAsset, issueMessages);
+        extensionZipPath = await _downloadAndValidateExtensionZip(githubReleaseTag, extensionZipAsset, repoDetails, issueMessages);
         // we should also in the future do a virus scan, but will rely on av in users machine for the time being
         // https://developers.virustotal.com/reference/files-scan by Google Cloud is available for non-commercial apps.
         const response = {
diff --git a/src/utils/downloader.js b/src/utils/downloader.js
@@ -18,6 +18,7 @@ function downloadFile(url, downloadFilePath) {
         }
         const file = fs.createWriteStream(downloadFilePath);
         follow.https.get(url, function(response) {
+            console.log("response code", response.code);
             response.pipe(file);
             file.on('finish', function() {
                 console.log("Download complete ", url, downloadFilePath);
diff --git a/test/unit/api/publishGithubRelease.spec.js b/test/unit/api/publishGithubRelease.spec.js
@@ -25,6 +25,7 @@ describe('unit Tests for publishGithubRelease api', function () {
         mockedFunctions.githubMock.reset();
         mockedFunctions.githubMock.getRepoDetails("org", "repo");
         mockedFunctions.githubMock.getReleaseDetails("org", "repo", "gitTag");
+        mockedFunctions.githubMock.getOrgDetails("org");
         downloader.downloadFile = async function () {
             return "/path/to/file.zip";
         };
diff --git a/test/unit/data/packagejson.js b/test/unit/data/packagejson.js
@@ -60,5 +60,8 @@ export const REGISTRY_PACKAGE_JSON = {
         "20180909": 103,
         "20180910": 85,
         "20180911": 10
-    }
+    },
+    "gihubStars": 482,
+    "ownerRepo": "https://github.com/louiealmeda/brackets-angular-moduler",
+    "ownershipVerifiedByGitHub":["https://emmet.io"]
 };
diff --git a/test/unit/setupMocks.js b/test/unit/setupMocks.js
@@ -7,9 +7,16 @@ let expect = chai.expect;
 
 let setupDone = false;
 
-let getRepoDetailsResponses = {},
+let getOrgDetailsResponses = {},
+    getRepoDetailsResponses = {},
     getReleaseDetailsResponses = {};
 async function githubRequestFnMock(url, options) {
+    if(url.startsWith("GET /orgs/")){ // getOrgDetails api
+        if(getOrgDetailsResponses[`${options.owner}`]) {
+            return getOrgDetailsResponses[`${options.owner}`];
+        }
+        throw {status: 404};
+    }
     if(url.startsWith("GET /repos/") && !url.includes("/releases/tags/")){ // getRepoDetails api
         if(getRepoDetailsResponses[`${options.owner}/${options.repo}`]) {
             return getRepoDetailsResponses[`${options.owner}/${options.repo}`];
@@ -123,6 +130,19 @@ export function getRepoDetails(org, repo) {
     };
 }
 
+export function getOrgDetails(org) {
+    mockedFunctions.githubRequestFnMock = githubRequestFnMock;
+    getOrgDetailsResponses[`${org}`] = {
+        data: {
+            name: org,
+            company: org,
+            blog: `https://org`,
+            is_verified: true,
+            html_url: 'https://github.com/org'
+        }
+    };
+}
+
 export function getReleaseDetails(owner, repo, tag, assetName = 'extension.zip', size = 1024) {
     mockedFunctions.githubRequestFnMock = githubRequestFnMock;
     getReleaseDetailsResponses[`${owner}/${repo}/${tag}`] = {
@@ -149,6 +169,7 @@ let mockedFunctions = {
     s3MockedKeyValues: {},
     githubRequestFnMock, // you should almost always use githubMock instead of githubRequestFnMock
     githubMock: {
+        getOrgDetails,
         getRepoDetails,
         getReleaseDetails,
         reset: function () {

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ function downloadFile(url, downloadFilePath) {`
`18`	`18`	`}`
`19`	`19`	`const file = fs.createWriteStream(downloadFilePath);`
`20`	`20`	`follow.https.get(url, function(response) {`
	`21`	`+ console.log("response code", response.code);`
`21`	`22`	`response.pipe(file);`
`22`	`23`	`file.on('finish', function() {`
`23`	`24`	`console.log("Download complete ", url, downloadFilePath);`