* send Cross-Origin-Resource-Policy header on all responses
* don't re-add Access-Control-Allow-Origin on json responses
this is re-adding a header we've already set earlier in the process
* update tests
* support setting pypiBaseUrl by environment variables
* Add support for pypiBaseUrl configuration
* Update Pypi services to include pypiBaseUrl parameter
* change package name example to a more well-known package
* Update custom-environment-variables.yml
* Update Pypi services to include pypiBaseUrl parameter
* fix openapi mismatch
* Update doc/server-secrets.md
---------
Co-authored-by: chris48s <chris48s@users.noreply.github.com>
* allow user to set dockerhub credentials
* add withJwtAuth function to AuthHelper
* use withJwtAuth in DockerHub badges
* add unit tests for JWT auth
* use auth when calling docker cloud
* refactor and assert fetch helpers call withJwtAuth
* store token for a max duration (defaults to 1 hour)
* tangent: update test example
* add gitea service based on gitlab
* update gitea to use mocks
* add gitea release test
* move tests to use public repo on codeberg and fixes
* add pagination, update tests to live, set gitea_url as required
* add auth test (wip)
* fix base auth test
* fix required optionalUrl, remove default, assume semver from firstpage
* update example to use stable repository
* [OpenCollective] update opencollective to api v2 (#9346)
* update opencollective to api v2
* fix tests
* fix: do not filter by accountType for opencollective/all
* remove 404
* remove required in schema
* cnt -> count
* keep by-tier code as-is
---------
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* allow calling OpenCollective api with an auth token
* add test for opencollective auth
* cache OpenCollective badges for longer
---------
Co-authored-by: xxchan <xxchan22f@gmail.com>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* delete loads of really important stuff that we definitely need
* v basic MVP smoosh docusaurus PoC into repo
* TODO
* delete more really important stuff
* TODO
* tidyup: use run-s
* don't redirect images used in frontend to raster proxy
* fix routing
* preserve the /endpoint link
* delete the blog (for now)
I would quite like to re-add this at some point
but its not really the top priority thing right now
* content edits
* appease the lint gods
* update danger rules
* remove placeholder
* cypress tests
* dockerhub --> ghcr
* Revert "dockerhub --> ghcr"
This reverts commit ef74cbb26b.
* downgrade lockfile format
* implement defs/BASE_URL
* fix e2e build
* actually fix cypress tests
* always run cypress tests on build
* this never worked
* add command for docusaurus:clear
* delete more code we don't need any more
* update ESLint/prettier config
* delete unsused exports
* documentation updates
* delete a fairly large chunk of our dependency tree
* allow base_url as build arg to Dockerfile
* fixup dockerfile
* work out base url at runtime if not set
doing this at image build time is not the right approach
* remove gatsby monorepo from closebot
* rename HomepageFeatures to homepage-features
* send X-GitHub-Api-Version when calling GitHub v3 API
* TODO: invesitgate
* read baseUrl from config.service.baseUri
* add workflow to check for new GH api releases on schedule
* format config/default.yml to match yaml.dump() format
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* update terminology
- "regular update" to "cached resource"
- "interval" to "ttl"
- move file and update imports
* set a default TTL, don't explicitly pass params if we want the default
* add tests
* update docs
* expose fetchLimitBytes/userAgent in got-config module
* export a function not a factory
* send better user-agent values
- add userAgentBase setting
- send short SHA in user agent on heroku
- set a version (tag or short SHA) in Dockefile and use
it to report server version in UA for docker users
* add a comment explaining fileSize
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* feat: support authentication on Libraries.io requests
* feat: wire up libraries.io config and api provider instantiation
* feat: create libraries.io and bower base classes
* refactor: tweak libraries/bower service classes and tests
* rename request fetcher function/arg
* throw exception when no tokens available
* cleanup old value
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* service: add obs service
* service: obs: replaced replaceAll with replace and global regex
* service: obs: added space between class members
* service: obs: support for multiple instances
* service: obs: removed user prefix from auth vars
obs_userName is now called obs_user and obs_userPass is called obs_pass
Co-authored-by: Caleb Cartwright <calebcartwright@users.noreply.github.com>
* service: obs: removed constructor hack in favour of serviceKey
* service: obs: apply suggestions from @calebcartwright
* service: obs: remove unneccesary http status mappings
Co-authored-by: Caleb Cartwright <calebcartwright@users.noreply.github.com>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* Added GitLab Tag service
* Added prettyMessage for when repo has no tags
* Added pretty message for repo not found
* core: esm-ify gitlab tag service
* feat: support gitlab auth
* feat: support custom gitlab url on tag badges
* tests: add auth test for gitlab
* docs: fix gitlab config key references
* feat: support gitlab tag sorting options
* docs: add custom gitlab instance example for tags badge
* use v in gitlab route
* fix: gitlab tag examples
Co-authored-by: Ideotec <guille@ideotec.es>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* Revert "send custom user agent when using got (#6256)"
This reverts commit fd7eddc7bb.
* Revert "Migrate request to got (part 1 of many) (#6160)"
This reverts commit 2359eb278b.
* install got as a prod dependency, allow npm 7
* install new packages
* migrate request to got
* update dynamic json test
This is a behavioural difference between request and got
request will send the request, then we'll get a
`400 Bad Request` back and re-throw at as invalid
got will pick up that the URL is invalid and throw
`RequestError: URI malformed` before attempting to send it
which we'll re-throw as inaccessible
* fix OPM service
* fix wordpress querystring
Got doesn't natively support assmebling a querystring
from nested objects because it uses node's URLSearchParams
internally. Use qs and pass qs a string.
Wordpress is the only service that needs this,
so we could build the string manually in this case
if we don't want to take qs as a prod dependency.
It is mostly hard-coded values anyway.
* fix wercker
got overwrites any ?foo=bar in the URL string if
searchParams is also passed whereas request appends
see https://github.com/sindresorhus/got#url
* fix keybase
* add tests for got wrapper
* bootstrap global agent in server start
* [Bitbucket Server] Adding Auth Tokens and Resolving Pull Request api issue. Added the bitbucket_server_username & bitbucket_server_password variables to the /core/server/server.js file. Also changed the user variable in the /services/bitbucket/bitbucket/bitbucket-pull-request.service.js the api documentation (https://docs.atlassian.com/bitbucket-server/rest/5.16.0/bitbucket-rest.html#idm8287391664) defines the parameter as requiring the project name that the repository is contained in not the user name.
* [Bitbucket Server] Adding Auth Tokens and Resolving Pull Request api issue. Added the bitbucket_server_username & bitbucket_server_password variables to the /core/server/server.js file. Also changed the user variable in the /services/bitbucket/bitbucket/bitbucket-pull-request.service.js the api documentation (https://docs.atlassian.com/bitbucket-server/rest/5.16.0/bitbucket-rest.html#idm8287391664) defines the parameter as requiring the project name that the repository is contained in not the user name.
* Update bitbucket-pull-request.service.js
Updating the label as Bitbucket and Bitbucket Server have different parameters in the Api call. Changing to compound name per @calebcartwright recomendation.
* Update server.js
Removing code that was refactored and caught in my Pull Request
* Reversing commit back on bitbucket-pull-request.service.js to its previous state.
Co-authored-by: danielle <185722+danielle@users.noreply.github.com>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
* Test server running with metrics enabled
* Verify custom metric was send
* Extra code removed
* Tests moved to core/server/server.spec.js
* tickAsync value based on push interval
* Trigger Build
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
There is an internal `makeBadge()` function which is called from a few places in the server and from the public `makeBadge()` function which is a light wrapper. (Eventually we want to dogfood the public API: that's the work of #4950, and this helps with it by aligning the interfaces.)
Related to that is #3370, which is about aligning the `serviceData` schema (i.e. the result of `handle()`) with the public `makeBadge()` function.
A legacy quirk of the _private_ `makeBadge()` function is accepting a `text: ['label', 'message']` array instead of separate `{ label, message }` props like the rest of the codebase. `coalesceBadge()` has to translate from `{ label, message }` to `text: ['label', message']`. This removes that bit of indirection.
It also rewrites most of the tests of `coalesceBadge()` to use `.includes()`, providing IMO a slight improvement in readability.
This is the code part of #3027, following [this article](https://www.viget.com/articles/heroku-cloudflare-the-right-way/) and using [this middleware](https://github.com/clive-io/cloudflare-middleware).
I pulled in the `addHandlerAtIndex()` function @chris48s wrote for #5574.
The middleware isn't perfect for scoutcamp, since it relies on `req.ip` which is something set by Express. However, the other solutions I found were either explicitly deprecated ([cloudflare-ip](https://www.npmjs.com/package/cloudflare-ip)) or relied on dynamically fetching the list of Cloudflare hosts ([cloudflare-ips](https://www.npmjs.com/package/cloudflare-ips)), which seems unnecessary as this list has not changed in several years.
I've left this off to start, so we can test it in production using an env var before we make it the production default.
* Migrate [Discord] implementation to use bot token
* Rework authorization field creation
* Revert "Rework authorization field creation"
This reverts commit caf65bde5d.
* Add LGTM exclusion for hardcoded credentials
