diff options
Diffstat (limited to 'pkgs/build-support')
4 files changed, 19 insertions, 4 deletions
diff --git a/pkgs/build-support/node/fetch-npm-deps/default.nix b/pkgs/build-support/node/fetch-npm-deps/default.nix index ac76758ba50e..67a4c337c0d2 100644 --- a/pkgs/build-support/node/fetch-npm-deps/default.nix +++ b/pkgs/build-support/node/fetch-npm-deps/default.nix @@ -165,7 +165,9 @@ dontInstall = true; - impureEnvVars = lib.fetchers.proxyImpureEnvVars; + # NIX_NPM_TOKENS environment variable should be a JSON mapping in the shape of: + # `{ "registry.example.com": "example-registry-bearer-token", ... }` + impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "NIX_NPM_TOKENS" ]; SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash) then "${cacert}/etc/ssl/certs/ca-bundle.crt" diff --git a/pkgs/build-support/node/fetch-npm-deps/src/main.rs b/pkgs/build-support/node/fetch-npm-deps/src/main.rs index 62e5752c74c0..9d86bd8091a7 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/main.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/main.rs @@ -108,7 +108,7 @@ fn fixup_lockfile( // Recursive helper to fixup v1 lockfile deps fn fixup_v1_deps( - dependencies: &mut serde_json::Map<String, Value>, + dependencies: &mut Map<String, Value>, cache: &Option<HashMap<String, String>>, fixed: &mut bool, ) { diff --git a/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs b/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs index e1b491cccea2..b37652ffdf82 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/parse/mod.rs @@ -139,9 +139,9 @@ impl Package { None => Specifics::Registry { integrity: pkg .integrity - .expect("non-git dependencies should have assosciated integrity") + .expect("non-git dependencies should have associated integrity") .into_best() - .expect("non-git dependencies should have non-empty assosciated integrity"), + .expect("non-git dependencies should have non-empty associated integrity"), }, }; diff --git a/pkgs/build-support/node/fetch-npm-deps/src/util.rs b/pkgs/build-support/node/fetch-npm-deps/src/util.rs index a165461fa71a..7a220f681c0d 100644 --- a/pkgs/build-support/node/fetch-npm-deps/src/util.rs +++ b/pkgs/build-support/node/fetch-npm-deps/src/util.rs @@ -3,6 +3,7 @@ use isahc::{ config::{CaCertificate, Configurable, RedirectPolicy, SslOption}, Body, Request, RequestExt, }; +use serde_json::{Map, Value}; use std::{env, path::Path}; use url::Url; @@ -22,6 +23,18 @@ pub fn get_url(url: &Url) -> Result<Body, isahc::Error> { } } + // Respect NIX_NPM_TOKENS environment variable, which should be a JSON mapping in the shape of: + // `{ "registry.example.com": "example-registry-bearer-token", ... }` + if let Some(host) = url.host_str() { + if let Ok(npm_tokens) = env::var("NIX_NPM_TOKENS") { + if let Ok(tokens) = serde_json::from_str::<Map<String, Value>>(&npm_tokens) { + if let Some(token) = tokens.get(host).and_then(|val| val.as_str()) { + request = request.header("Authorization", format!("Bearer {token}")); + } + } + } + } + Ok(request.body(())?.send()?.into_body()) } |