add tests for npm engine

app/controllers/api/v1/release_engines/npm/package_metadata_controller.rb

@@ -13,22 +13,27 @@ def show
       authorize! package,
         to: :show?
 
-      artifacts = authorized_scope(package.artifacts.npm_package_tgz.order_by_version)
+      artifacts = authorized_scope(package.artifacts.npm_package_tgz).order_by_version
         .where_assoc_exists(:manifest) # must exist
         .preload(:manifest,
           release: %i[product entitlements constraints],
         )
       authorize! artifacts,
         to: :index?
 
-      latest   = artifacts.first
-      metadata = artifacts.reduce(name: package.name, time: {}, 'dist-tags': { latest: latest.release.version }, versions: {}) do |metadata, artifact|
+      last_modified = artifacts.maximum(:"#{artifacts.table_name}.updated_at")
+      latest        = artifacts.first
+      metadata      = artifacts.reduce(
+        name: package.key,
+        time: { created: package.created_at, modified: last_modified },
+        'dist-tags': { latest: latest.version },
+        versions: {},
+      ) do |metadata, artifact|
         package_json = artifact.manifest.as_package_json
-        release      = artifact.release
 
-        metadata[:time][release.version]     = artifact.created_at.iso8601
-        metadata[:'dist-tags'][release.tag]  = release.version if release.tag?
-        metadata[:versions][release.version] = package_json.merge(
+        metadata[:time][artifact.version]     = artifact.created_at.iso8601(3)
+        metadata[:'dist-tags'][artifact.tag]  = artifact.version if artifact.tag?
+        metadata[:versions][artifact.version] = package_json.merge(
           dist: {
             tarball: vanity_v1_account_release_artifact_url(current_account, artifact, filename: artifact.filename, host: request.host),
           },
@@ -37,6 +42,10 @@ def show
         metadata
       end
 
+      # for etag support
+      return unless
+        stale?(metadata, last_modified:, cache_control: { max_age: 1.day, private: true })
+
       render json: metadata
     end
 

app/models/release_artifact.rb

@@ -101,10 +101,6 @@ class ReleaseArtifact < ApplicationRecord
       in: STATUSES,
     }
 
-  delegate :version, :semver, :channel,
-    :licensed?, :open?, :closed?,
-    to: :release
-
   scope :order_by_version, -> (order = :desc) {
     sql = case order
           in :desc
@@ -456,6 +452,11 @@ class ReleaseArtifact < ApplicationRecord
   scope :gems,             -> { for_engine(:rubygems).for_filetype(:gem) }
   scope :npm_package_tgz,  -> { for_engine(:npm).for_filetype(:tgz) }
 
+  delegate :version, :semver, :channel, :tag,
+    :tag?, :licensed?, :open?, :closed?,
+    allow_nil: true,
+    to: :release
+
   def key_for(path) = "artifacts/#{account_id}/#{release_id}/#{path}"
   def key           = key_for(filename)
 

app/workers/process_docker_image_worker.rb

@@ -38,8 +38,9 @@ def perform(artifact_id)
           raise ImageNotAcceptableError, 'manifest is too big' if
             entry.size > MAX_MANIFEST_SIZE
 
-          # the manifest is already in json format
-          json = entry.read
+          # parse/validate and minify the manifest
+          json = JSON.parse(entry.read)
+                     .to_json
 
           ReleaseManifest.create!(
             account_id: artifact.account_id,
@@ -77,6 +78,7 @@ def perform(artifact_id)
       resource: artifact,
     )
   rescue ImageNotAcceptableError,
+         ActiveRecord::RecordInvalid,
          Zlib::Error,
          Minitar::Error,
          IOError => e

app/workers/process_npm_package_worker.rb

@@ -41,8 +41,9 @@ def perform(artifact_id)
       raise PackageNotAcceptableError, 'manifest is too big' if
         entry.size > MAX_MANIFEST_SIZE
 
-      # the manifest is already in json format
-      json = entry.read
+      # parse/validate and minify the manifest
+      json = JSON.parse(entry.read)
+                 .to_json
 
       ReleaseManifest.create!(
         account_id: artifact.account_id,
@@ -64,6 +65,8 @@ def perform(artifact_id)
       resource: artifact,
     )
   rescue PackageNotAcceptableError,
+         ActiveRecord::RecordInvalid,
+         JSON::ParserError,
          Zlib::Error,
          Minitar::Error,
          IOError => e

app/workers/process_ruby_gem_worker.rb

@@ -50,6 +50,7 @@ def perform(artifact_id)
       resource: artifact,
     )
   rescue GemNotAcceptableError,
+         ActiveRecord::RecordInvalid,
          Gem::Package::FormatError => e
     Keygen.logger.warn { "[workers.process-ruby-gem-worker] Error: #{e.class.name} - #{e.message}" }
 

config/initializers/mime_types.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-Mime::Type.register 'application/vnd.npm.install-v1+json', :npm
 Mime::Type.register 'application/octet-stream', :binary
 Mime::Type.register 'application/vnd.api+json', :jsonapi, %W[
   application/vnd.keygen+json

config/routes.rb

@@ -93,15 +93,15 @@
 
   concern :npm do
     # see: https://github.com/npm/registry/blob/ae49abf1bac0ec1a3f3f1fceea1cca6fe2dc00e1/docs/responses/package-metadata.md
-    scope module: :npm, constraints: MimeTypeConstraint.new(:json, :npm, raise_on_no_match: true), defaults: { format: :json } do
+    scope module: :npm, constraints: MimeTypeConstraint.new(:json, raise_on_no_match: true), defaults: { format: :json } do
       get ':package', to: 'package_metadata#show', as: :npm_package_metadata, constraints: {
         # see: https://docs.npmjs.com/cli/v9/configuring-npm/package-json#name
         package: %r{(?:@([a-z0-9][a-z0-9-]*[a-z0-9])/)?([a-z0-9][a-z0-9._-]*[a-z0-9])}
       }
     end
 
     # ignore these npm requests entirely for now e.g. POST /-/npm/v1/security/advisories/bulk
-    scope module: :npm do
+    scope module: :npm, defaults: { format: :binary } do
       match '/-/npm/*wildcard', via: :all, to: -> env { [404, {}, []] }
     end
   end