fix: custom registry with path after base url

sources/httpUtils.ts

@@ -20,20 +20,19 @@ async function fetch(input: string | URL, init?: RequestInit) {
   const username: string | undefined = input.username || process.env.COREPACK_NPM_USERNAME;
   const password: string | undefined = input.password || process.env.COREPACK_NPM_PASSWORD;
 
-  if (username || password) {
+  if (process.env.COREPACK_NPM_TOKEN) {
     headers =  {
       ...headers,
-      authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
+      authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
     };
-
-    input.username = input.password = ``;
   }
-
-  if (input.origin === (process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) && process.env.COREPACK_NPM_TOKEN) {
+  else if (username && password) {
     headers =  {
       ...headers,
-      authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
+      authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
     };
+
+    input.username = input.password = ``;
   }
 
   let response;

sources/npmRegistryUtils.ts

@@ -20,15 +20,7 @@ export async function fetchAsJson(packageName: string, version?: string) {
     throw new UsageError(`Network access disabled by the environment; can't reach npm repository ${npmRegistryUrl}`);
 
   const headers = {...DEFAULT_HEADERS};
-
-  if (`COREPACK_NPM_TOKEN` in process.env) {
-    headers.authorization = `Bearer ${process.env.COREPACK_NPM_TOKEN}`;
-  } else if (`COREPACK_NPM_USERNAME` in process.env
-          && `COREPACK_NPM_PASSWORD` in process.env) {
-    const encodedCreds = Buffer.from(`${process.env.COREPACK_NPM_USERNAME}:${process.env.COREPACK_NPM_PASSWORD}`, `utf8`).toString(`base64`);
-    headers.authorization = `Basic ${encodedCreds}`;
-  }
-
+
   return httpUtils.fetchAsJson(`${npmRegistryUrl}/${packageName}${version ? `/${version}` : ``}`, {headers});
 }
 

tests/httpUtils.test.ts

@@ -0,0 +1,29 @@
+import {jest, describe, beforeEach, it, expect}                 from '@jest/globals';
+import process                                                  from 'node:process';
+import {fetchAsJson as httpFetchAsJson}                         from '../sources/httpUtils';
+
+describe(`httpUtils`, () => {
+  beforeEach(() => {
+    jest.resetAllMocks();
+
+    globalThis.fetch = jest.fn(() => Promise.resolve( {
+      ok: true,
+      json: () => Promise.resolve({})
+    }));
+  });
+
+  it(`adds authorization header if COREPACK_NPM_TOKEN is set with custom COREPACK_NPM_REGISTRY`, async () => {
+    // `process.env` is reset after each tests in setupTests.js.
+    process.env.COREPACK_NPM_TOKEN = `foo`;
+    process.env.COREPACK_NPM_REGISTRY = `https://registry.example.org/with-path/npm`
+
+    await httpFetchAsJson(`${process.env.COREPACK_NPM_REGISTRY}/package-name`);
+
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${process.env.COREPACK_NPM_REGISTRY}/package-name`), {
+      headers: {
+        authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
+      }});
+  });
+
+});

tests/npmRegistryUtils.test.ts

@@ -5,11 +5,17 @@ import process                                                  from 'node:proce
 import {fetchAsJson as httpFetchAsJson}                         from '../sources/httpUtils';
 import {DEFAULT_HEADERS, DEFAULT_NPM_REGISTRY_URL, fetchAsJson} from '../sources/npmRegistryUtils';
 
-jest.mock(`../sources/httpUtils`);
+// jest.mock(`../sources/httpUtils`);
 
 describe(`npm registry utils fetchAsJson`, () => {
   beforeEach(() => {
     jest.resetAllMocks();
+
+    globalThis.fetch = jest.fn(() => Promise.resolve( {
+      ok: true,
+      json: () => Promise.resolve({})
+    }));
+
   });
 
   it(`throw usage error if COREPACK_ENABLE_NETWORK env is set to 0`, async () => {
@@ -22,17 +28,17 @@ describe(`npm registry utils fetchAsJson`, () => {
   it(`loads from DEFAULT_NPM_REGISTRY_URL by default`, async () => {
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${DEFAULT_NPM_REGISTRY_URL}/package-name`, {headers: DEFAULT_HEADERS});
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${DEFAULT_NPM_REGISTRY_URL}/package-name`), {headers: DEFAULT_HEADERS});
   });
 
   it(`loads from custom COREPACK_NPM_REGISTRY if set`, async () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_REGISTRY = `https://registry.example.org`;
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${process.env.COREPACK_NPM_REGISTRY}/package-name`, {headers: DEFAULT_HEADERS});
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${process.env.COREPACK_NPM_REGISTRY}/package-name`), {headers: DEFAULT_HEADERS});
   });
 
   it(`adds authorization header with bearer token if COREPACK_NPM_TOKEN is set`, async () => {
@@ -41,23 +47,23 @@ describe(`npm registry utils fetchAsJson`, () => {
 
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${DEFAULT_NPM_REGISTRY_URL}/package-name`, {headers: {
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${DEFAULT_NPM_REGISTRY_URL}/package-name`), {headers: {
       ...DEFAULT_HEADERS,
       authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
     }});
   });
 
-  it(`only adds authorization header with bearer token if COREPACK_NPM_TOKEN and COREPACK_NPM_USERNAME are set`, async () => {
+  it(`prioritize COREPACK_NPM_TOKEN over COREPACK_NPM_USERNAME and COREPACK_NPM_PASSWORD`, async () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_TOKEN = `foo`;
     process.env.COREPACK_NPM_USERNAME = `bar`;
     process.env.COREPACK_NPM_PASSWORD = `foobar`;
 
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${DEFAULT_NPM_REGISTRY_URL}/package-name`, {headers: {
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${DEFAULT_NPM_REGISTRY_URL}/package-name`), {headers: {
       ...DEFAULT_HEADERS,
       authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
     }});
@@ -73,8 +79,8 @@ describe(`npm registry utils fetchAsJson`, () => {
 
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${DEFAULT_NPM_REGISTRY_URL}/package-name`, {headers: {
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${DEFAULT_NPM_REGISTRY_URL}/package-name`), {headers: {
       ...DEFAULT_HEADERS,
       authorization: `Basic ${encodedCreds}`,
     }});
@@ -86,7 +92,7 @@ describe(`npm registry utils fetchAsJson`, () => {
 
     await fetchAsJson(`package-name`);
 
-    expect(httpFetchAsJson).toBeCalled();
-    expect(httpFetchAsJson).lastCalledWith(`${DEFAULT_NPM_REGISTRY_URL}/package-name`, {headers: DEFAULT_HEADERS});
+    expect(globalThis.fetch).toBeCalled();
+    expect(globalThis.fetch).lastCalledWith(new URL(`${DEFAULT_NPM_REGISTRY_URL}/package-name`), {headers: DEFAULT_HEADERS});
   });
 });