MIT LICENSE for npm publish gist (#684)

From cloverstd <[email protected]>
Fr 16.02.2024 17:10

You can use the code of this gist under the MIT LICENSE.

.reuse/dep5

@@ -25,9 +25,13 @@ Disclaimer: The code in this project may include calls to APIs ("API Calls") of
  parties the right to use of access any SAP External Product, through API Calls.
 
 Files: **
-Copyright: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors
+Copyright: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors
 License: Apache-2.0
 
 Files: pkg/mimeutils/*
 Copyright: Copyright 2010 The Go Authors. All rights reserved.
 License: BSD-3-Clause
+
+Files: pkg/contexts/ocm/blobhandler/handlers/generic/npm/publish.go
+Copyright: Copyright 2021 - cloverstd
+License: MIT

LICENSES/MIT.txt

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

pkg/contexts/ocm/blobhandler/handlers/generic/npm/blobhandler.go

@@ -1,7 +1,3 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
-
 package npm
 
 import (
@@ -152,3 +148,47 @@ func (b *artifactHandler) StoreBlob(blob cpi.BlobAccess, _ string, _ string, _ c
 	log.Debug("successfully uploaded")
 	return npm.New(b.spec.Url, pkg.Name, pkg.Version), nil
 }
+
+// Check if package already exists in npm registry. If it does, checks if it's the same.
+func packageExists(repoUrl string, pkg Package, token string) (bool, error) {
+	client := http.Client{}
+	req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, repoUrl+"/"+url.PathEscape(pkg.Name)+"/"+url.PathEscape(pkg.Version), nil)
+	if err != nil {
+		return false, err
+	}
+	req.Header.Set("authorization", "Bearer "+token)
+	resp, err := client.Do(req)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode == http.StatusNotFound {
+		// artifact doesn't exist, it's safe to upload
+		return false, nil
+	}
+
+	// artifact exists, let's check if it's the same
+	all, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return false, fmt.Errorf("http (%d) - %s", resp.StatusCode, string(all))
+	}
+	var data map[string]interface{}
+	err = json.Unmarshal(all, &data)
+	if err != nil {
+		return false, err
+	}
+	dist := data["dist"].(map[string]interface{})
+	if pkg.Dist.Integrity == dist["integrity"] {
+		// sha-512 sum is the same, we can skip the upload
+		return true, nil
+	}
+	if pkg.Dist.Shasum == dist["shasum"] {
+		// sha-1 sum is the same, we can skip the upload
+		return true, nil
+	}
+
+	return false, fmt.Errorf("artifact already exists but has different shasum or integrity")
+}

pkg/contexts/ocm/blobhandler/handlers/generic/npm/publish.go

@@ -1,6 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors.
-//
-// SPDX-License-Identifier: Apache-2.0
+// inspired by @cloverstd - https://gist.github.com/cloverstd/7355e95424d59256123a1093f76f78a6
 
 package npm
 
@@ -172,47 +170,3 @@ func prepare(data []byte) (*Package, error) {
 	pkg.Dist.Integrity = createSha512(data)
 	return &pkg, nil
 }
-
-// Check if package already exists in npm registry. If it does, checks if it's the same.
-func packageExists(repoUrl string, pkg Package, token string) (bool, error) {
-	client := http.Client{}
-	req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, repoUrl+"/"+url.PathEscape(pkg.Name)+"/"+url.PathEscape(pkg.Version), nil)
-	if err != nil {
-		return false, err
-	}
-	req.Header.Set("authorization", "Bearer "+token)
-	resp, err := client.Do(req)
-	if err != nil {
-		return false, err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode == http.StatusNotFound {
-		// artifact doesn't exist, it's safe to upload
-		return false, nil
-	}
-
-	// artifact exists, let's check if it's the same
-	all, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return false, err
-	}
-	if resp.StatusCode != http.StatusOK {
-		return false, fmt.Errorf("http (%d) - %s", resp.StatusCode, string(all))
-	}
-	var data map[string]interface{}
-	err = json.Unmarshal(all, &data)
-	if err != nil {
-		return false, err
-	}
-	dist := data["dist"].(map[string]interface{})
-	if pkg.Dist.Integrity == dist["integrity"] {
-		// sha-512 sum is the same, we can skip the upload
-		return true, nil
-	}
-	if pkg.Dist.Shasum == dist["shasum"] {
-		// sha-1 sum is the same, we can skip the upload
-		return true, nil
-	}
-
-	return false, fmt.Errorf("artifact already exists but has different shasum or integrity")
-}