feat: support block sync packages (#929)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added configurable block lists to prevent specific scopes and packages
from syncing.

* **Bug Fixes**
* Enhanced validation to detect blocked and invalid packages early, with
improved error messages and task finalization.
* Improved error logging for sync operations involving blocked packages
or unsupported versions.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: fengmk2

app/core/service/PackageSyncerService.ts

@@ -521,6 +521,20 @@ taskQueue: ${taskQueueLength}/${taskQueueHighWaterSize} 🚧🚧🚧🚧🚧`,
       return;
     }
 
+    if (await this.packageVersionFileService.isPackageBlockedToSync(scope, name)) {
+      task.error = `stop sync by block list, see ${UNPKG_WHITE_LIST_URL}`;
+      logs.push(`[${isoNow()}] ❌ ${task.error}, log: ${logUrl}`);
+      logs.push(`[${isoNow()}] ❌❌❌❌❌ ${fullname} ❌❌❌❌❌`);
+      await this.taskService.finishTask(task, TaskState.Fail, logs.join('\n'));
+      this.logger.info(
+        '[PackageSyncerService.executeTask:fail-package-blocked-to-sync] taskId: %s, targetName: %s, %s',
+        task.taskId,
+        task.targetName,
+        task.error,
+      );
+      return;
+    }
+
     let registryFetchResult: RegistryResponse<Buffer>;
     try {
       registryFetchResult = await this.npmRegistry.getFullManifestsBuffer(fullname, {
@@ -869,17 +883,23 @@ data sample: ${remoteData.subarray(0, 200).toString()}`;
       }
       const size = dist.size ?? dist.unpackedSize;
       if (size && size > this.config.cnpmcore.largePackageVersionSize) {
-        const isAllowLargePackageVersion = await this.packageVersionFileService.isAllowLargePackageVersion(
+        const isAllowLargePackageVersion = await this.packageVersionFileService.isLargePackageVersionAllowed(
           scope,
           name,
           version,
         );
         if (!isAllowLargePackageVersion) {
-          lastErrorMessage = `large package version size: ${size}, allow size: ${this.config.cnpmcore.largePackageVersionSize}, see ${UNPKG_WHITE_LIST_URL}`;
-          logs.push(`[${isoNow()}] ❌ [${syncIndex}] Synced version ${version} fail, ${lastErrorMessage}`);
-          await this.taskService.appendTaskLog(task, logs.join('\n'));
-          logs = [];
-          continue;
+          task.error = `Synced version ${version} fail, large package version size: ${size}, allow size: ${this.config.cnpmcore.largePackageVersionSize}, see ${UNPKG_WHITE_LIST_URL}`;
+          logs.push(`[${isoNow()}] ❌ ${task.error}, log: ${logUrl}`);
+          logs.push(`[${isoNow()}] ❌❌❌❌❌ ${fullname} ❌❌❌❌❌`);
+          await this.taskService.finishTask(task, TaskState.Fail, logs.join('\n'));
+          this.logger.info(
+            '[PackageSyncerService.executeTask:fail-large-package-version-size] taskId: %s, targetName: %s, %s',
+            task.taskId,
+            task.targetName,
+            task.error,
+          );
+          return;
         }
         logs.push(
           `[${isoNow()}] 🚧 [${syncIndex}] Synced version ${version} size: ${size} too large, it is allowed to sync by unpkg white list`,
@@ -1367,17 +1387,23 @@ ${diff.addedVersions.length} added, ${diff.removedVersions.length} removed, calc
 
       const size = dist.size ?? dist.unpackedSize;
       if (size && size > this.config.cnpmcore.largePackageVersionSize) {
-        const isAllowLargePackageVersion = await this.packageVersionFileService.isAllowLargePackageVersion(
+        const isAllowLargePackageVersion = await this.packageVersionFileService.isLargePackageVersionAllowed(
           scope,
           name,
           version,
         );
         if (!isAllowLargePackageVersion) {
-          lastErrorMessage = `large package version size: ${size}, allow size: ${this.config.cnpmcore.largePackageVersionSize}, see ${UNPKG_WHITE_LIST_URL}`;
-          logs.push(`[${isoNow()}] ❌ [${syncIndex}] Synced version ${version} fail, ${lastErrorMessage}`);
-          await this.taskService.appendTaskLog(task, logs.join('\n'));
-          logs = [];
-          continue;
+          task.error = `Synced version ${version} fail, large package version size: ${size}, allow size: ${this.config.cnpmcore.largePackageVersionSize}, see ${UNPKG_WHITE_LIST_URL}`;
+          logs.push(`[${isoNow()}] ❌ ${task.error}, log: ${logUrl}`);
+          logs.push(`[${isoNow()}] ❌❌❌❌❌ ${fullname} ❌❌❌❌❌`);
+          await this.taskService.finishTask(task, TaskState.Fail, logs.join('\n'));
+          this.logger.info(
+            '[PackageSyncerService.executeTask:fail-large-package-version-size] taskId: %s, targetName: %s, %s',
+            task.taskId,
+            task.targetName,
+            task.error,
+          );
+          return;
         }
         logs.push(
           `[${isoNow()}] 🚧 [${syncIndex}] Synced version ${version} size: ${size} too large, it is allowed to sync by unpkg white list`,

app/core/service/PackageVersionFileService.ts

@@ -60,6 +60,10 @@ export class PackageVersionFileService extends AbstractService {
   > = {};
   // allow large package scopes, e.g. ['@foo', '@bar']
   #unpkgWhiteListAllowLargeScopes: string[] = [];
+  // block sync scopes, e.g. ['@foo', '@bar']
+  #unpkgWhiteListBlockSyncScopes: string[] = [];
+  // block sync packages, e.g. ['@foo/foo', '@foo/bar']
+  #unpkgWhiteListBlockSyncPackages: string[] = [];
 
   async listPackageVersionFiles(pkgVersion: PackageVersion, directory: string) {
     await this.#ensurePackageVersionFilesSync(pkgVersion);
@@ -119,16 +123,20 @@ export class PackageVersionFileService extends AbstractService {
     this.#unpkgWhiteListAllowScopes = manifest.allowScopes ?? ([] as any);
     this.#unpkgWhiteListAllowLargePackages = manifest.allowLargePackages ?? ({} as any);
     this.#unpkgWhiteListAllowLargeScopes = manifest.allowLargeScopes ?? ([] as any);
+    this.#unpkgWhiteListBlockSyncScopes = manifest.blockSyncScopes ?? ([] as any);
+    this.#unpkgWhiteListBlockSyncPackages = manifest.blockSyncPackages ?? ([] as any);
     this.logger.info(
-      '[PackageVersionFileService.updateUnpkgWhiteList] version:%s, total %s packages, %s scopes, %s large packages',
+      '[PackageVersionFileService.updateUnpkgWhiteList] version:%s, total %s packages, %s scopes, %s large packages, %s block sync scopes, %s block sync packages',
       whiteListPackageVersion,
       Object.keys(this.#unpkgWhiteListAllowPackages).length,
       this.#unpkgWhiteListAllowScopes.length,
       Object.keys(this.#unpkgWhiteListAllowLargePackages).length,
+      this.#unpkgWhiteListBlockSyncScopes.length,
+      this.#unpkgWhiteListBlockSyncPackages.length,
     );
   }
 
-  async isAllowLargePackageVersion(pkgScope: string, pkgName: string, pkgVersion: string) {
+  async isLargePackageVersionAllowed(pkgScope: string, pkgName: string, pkgVersion: string) {
     if (!this.config.cnpmcore.enableSyncUnpkgFilesWhiteList) return false;
     await this.#updateUnpkgWhiteList();
 
@@ -143,6 +151,24 @@ export class PackageVersionFileService extends AbstractService {
     });
   }
 
+  /**
+   * Check if the package is blocked to sync
+   * @param pkgScope - The scope of the package
+   * @param pkgName - The name of the package
+   * @returns True if the package is blocked to sync, false otherwise
+   */
+  async isPackageBlockedToSync(pkgScope: string, pkgName: string) {
+    if (!this.config.cnpmcore.enableSyncUnpkgFilesWhiteList) return false;
+    await this.#updateUnpkgWhiteList();
+
+    // check block scopes
+    if (this.#unpkgWhiteListBlockSyncScopes.includes(pkgScope)) return true;
+
+    // check block packages
+    const fullname = getFullname(pkgScope, pkgName);
+    return this.#unpkgWhiteListBlockSyncPackages.includes(fullname);
+  }
+
   async checkPackageVersionInUnpkgWhiteList(pkgScope: string, pkgName: string, pkgVersion: string) {
     if (!this.config.cnpmcore.enableSyncUnpkgFilesWhiteList) return;
     await this.#updateUnpkgWhiteList();

test/core/service/PackageSyncerService/executeTask.test.ts

@@ -2043,6 +2043,23 @@ describe('test/core/service/PackageSyncerService/executeTask.test.ts', () => {
       assert.ok(log.includes('❌ stop sync by block list: ["cnpmcore-test-sync-blocklist","foo"]'));
     });
 
+    it('should stop sync by block list, see https://github.com/cnpm/unpkg-white-list', async () => {
+      const name = 'cnpmcore-test-sync-blocklist';
+      mock(app.config.cnpmcore, 'enableSyncUnpkgFilesWhiteList', true);
+      mock(PackageVersionFileService.prototype, 'isPackageBlockedToSync', async () => true);
+      await packageSyncerService.createTask(name);
+      const task = await packageSyncerService.findExecuteTask();
+      assert.ok(task);
+      assert.equal(task.targetName, name);
+      await packageSyncerService.executeTask(task);
+      const stream = await packageSyncerService.findTaskLog(task);
+      assert.ok(stream);
+      const log = await TestUtil.readStreamToLog(stream);
+      // console.log(log);
+      assert.ok(log.includes(`❌❌❌❌❌ ${name} ❌❌❌❌❌`));
+      assert.ok(log.includes('❌ stop sync by block list, see https://github.com/cnpm/unpkg-white-list'));
+    });
+
     it('should sync upper case "D" success', async () => {
       app.mockHttpclient('https://registry.npmjs.org/D', 'GET', {
         data: '{"_id":"D","_rev":"9-83b2794fe968ab4d4dc5c72475afe1ed","name":"D","dist-tags":{"latest":"1.0.0"},"versions":{"0.0.1":{"name":"D","version":"0.0.1","description":"","main":"index.js","scripts":{"test":"echo \\"Error: no test specified\\" && exit 1"},"author":{"name":"zhengzk"},"license":"MIT","_id":"[email protected]","_shasum":"292f54dbd43f36e4853f6a09e77617c23c46228b","_from":".","_npmVersion":"2.15.1","_nodeVersion":"4.4.3","_npmUser":{"name":"zhengzk","email":"[email protected]"},"dist":{"shasum":"292f54dbd43f36e4853f6a09e77617c23c46228b","tarball":"https://registry.npmjs.org/D/-/D-0.0.1.tgz","integrity":"sha512-8LsXYQFO1mko5MQ7qh72xjbCtB6PiNFC+q97eEZ85vrGL5HwMb27CuhWJKbcN6LrL8/zEwQYolHSV/jMyZ4zYg==","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEUCICqSbDSXvMFKDfikUr0uttJJGWnrYFHfbOab67m0qOtZAiEAimvItLP13BkE5ex448H7eRtfAzOfQ1lCqNd1ygihn7A="}]},"maintainers":[{"name":"zhengzk","email":"[email protected]"}],"_npmOperationalInternal":{"host":"packages-16-east.internal.npmjs.com","tmp":"tmp/D-0.0.1.tgz_1464672428722_0.6098439614288509"},"deprecated":"Package no longer supported. Contact [email protected] for more info.","directories":{}},"1.0.0":{"name":"D","version":"1.0.0","description":"This package is no longer supported and has been deprecated. To avoid malicious use, npm is hanging on to the package name.","main":"index.js","scripts":{"test":"echo \\"Error: no test specified\\" && exit 1"},"repository":{"type":"git","url":"git+https://github.com/npm/deprecate-holder.git"},"author":"","license":"ISC","bugs":{"url":"https://github.com/npm/deprecate-holder/issues"},"homepage":"https://github.com/npm/deprecate-holder#readme","_id":"[email protected]","_npmVersion":"5.3.0","_nodeVersion":"8.2.1","_npmUser":{"name":"lisayu","email":"[email protected]"},"dist":{"integrity":"sha512-nQvrCBu7K2pSSEtIM0EEF03FVjcczCXInMt3moLNFbjlWx6bZrX72uT6/1uAXDbnzGUAx9gTyDiQ+vrFi663oA==","shasum":"c348a4e034f72847be51206fc530fc089e9cc2a9","tarball":"https://registry.npmjs.org/D/-/D-1.0.0.tgz","signatures":[{"keyid":"SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA","sig":"MEQCICZ8ljQHo15g72enGrhsxRggI5u1HmTzqaSwDdKK7pWMAiBophHVaH8mkvZjw45S2C65XmgOEqaKxKqv59mniAjosw=="}]},"maintainers":[{"email":"[email protected]","name":"lisayu"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/D-1.0.0.tgz_1502418423486_0.45665086852386594"},"deprecated":"Package no longer supported. Contact [email protected] for more info.","directories":{}}},"readme":"# Deprecated Package\\n\\nThis package is no longer supported and has been deprecated. To avoid malicious use, npm is hanging on to the package name.\\n\\nPlease contact [email protected] if you have questions about this package. \\n","maintainers":[{"email":"[email protected]","name":"npm"}],"time":{"modified":"2022-06-13T02:13:35.883Z","created":"2016-05-31T05:27:12.203Z","0.0.1":"2016-05-31T05:27:12.203Z","1.0.0":"2017-08-11T02:27:03.593Z"},"license":"ISC","readmeFilename":"README.md","description":"This package is no longer supported and has been deprecated. To avoid malicious use, npm is hanging on to the package name.","homepage":"https://github.com/npm/deprecate-holder#readme","repository":{"type":"git","url":"git+https://github.com/npm/deprecate-holder.git"},"bugs":{"url":"https://github.com/npm/deprecate-holder/issues"},"users":{"subbarao":true}}',
@@ -2272,7 +2289,7 @@ describe('test/core/service/PackageSyncerService/executeTask.test.ts', () => {
       });
       mock(app.config.cnpmcore, 'enableSyncUnpkgFilesWhiteList', true);
       mock(app.config.cnpmcore, 'largePackageVersionSize', 100 * 1024 * 1024);
-      mock(PackageVersionFileService.prototype, 'isAllowLargePackageVersion', async () => true);
+      mock(PackageVersionFileService.prototype, 'isLargePackageVersionAllowed', async () => true);
       const name = 'cnpmcore-test-sync-deprecated';
       await packageSyncerService.createTask(name);
       const task = await packageSyncerService.findExecuteTask();

test/core/service/PackageSyncerService/executeTaskWithPackument.test.ts

@@ -2248,7 +2248,7 @@ describe('test/core/service/PackageSyncerService/executeTaskWithPackument.test.t
       });
       mock(app.config.cnpmcore, 'enableSyncUnpkgFilesWhiteList', true);
       mock(app.config.cnpmcore, 'largePackageVersionSize', 100 * 1024 * 1024);
-      mock(PackageVersionFileService.prototype, 'isAllowLargePackageVersion', async () => true);
+      mock(PackageVersionFileService.prototype, 'isLargePackageVersionAllowed', async () => true);
       const name = 'cnpmcore-test-sync-deprecated';
       await packageSyncerService.createTask(name);
       const task = await packageSyncerService.findExecuteTask();