maven-proxy 1.0.2 → 1.0.3

package/README.md

@@ -433,6 +433,8 @@ org.gradle.jvmargs=-Djavax.net.ssl.trustStore=/Users/yize/projects/maven-proxy/d
 ./gradlew --refresh-dependencies dependencies
 ```
 
+Note: always set `trustStorePassword` together with `trustStore`. If you use `systemProp.javax.net.ssl.trustStore`, also set `systemProp.javax.net.ssl.trustStorePassword`.
+
 ### 9.2 npm: Proxy + SSL behavior
 
 For local troubleshooting only, you can disable strict SSL temporarily. Recommended long-term approach is to import Root CA and keep strict SSL enabled.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "maven-proxy",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Maven proxy with cache, HTTPS MITM for selected domains, and local repo publishing",
   "main": "src/index.js",
   "bin": {

package/src/cache/cache-path.js

@@ -12,6 +12,54 @@ function safeDecode(pathname) {
   }
 }
 
+function looksLikeMavenVersionSegment(segment) {
+  return /^\d[0-9A-Za-z._-]*$/.test(String(segment || ""));
+}
+
+function isLikelyMavenFilePath(parts, normalizedPath) {
+  if (normalizedPath.endsWith("/") || parts.length === 0) {
+    return false;
+  }
+
+  const last = String(parts[parts.length - 1] || "").toLowerCase();
+  if (!last) {
+    return false;
+  }
+
+  if (last.startsWith("maven-metadata.")) {
+    return true;
+  }
+
+  const knownSuffixes = [
+    ".pom",
+    ".jar",
+    ".aar",
+    ".war",
+    ".zip",
+    ".module",
+    ".xml",
+    ".sha1",
+    ".md5",
+    ".sha256",
+    ".sha512",
+    ".asc",
+    ".json",
+    ".toml",
+    ".klib",
+  ];
+
+  if (knownSuffixes.some((suffix) => last.endsWith(suffix))) {
+    return true;
+  }
+
+  const secondLast = String(parts[parts.length - 2] || "").toLowerCase();
+  if (looksLikeMavenVersionSegment(secondLast)) {
+    return true;
+  }
+
+  return false;
+}
+
 export function getCacheFilePath(cacheDir, urlObj, options = {}) {
   const ecosystem = sanitizeSegment(String(options.ecosystem || "generic").toLowerCase());
   const includeHost = options.includeHost ?? ecosystem !== "maven";
@@ -35,6 +83,10 @@ export function getCacheFilePath(cacheDir, urlObj, options = {}) {
     safeParts.unshift(sanitizeSegment(String(urlObj.hostname || "unknown").toLowerCase()));
   }
 
+  if (ecosystem === "maven" && !isLikelyMavenFilePath(parts, normalized)) {
+    safeParts.push("__dir__.json");
+  }
+
   const npmTarballPath = /\/-\/.+\.tgz$/i.test(lowerNormalized);
   if (ecosystem === "npm" && !npmTarballPath) {
     safeParts.push("__meta__.json");

package/src/cache/downloader.js

@@ -7,6 +7,31 @@ import { DownloadLogWriter } from "../common/download-log-writer.js";
 
 const REDIRECT_STATUS = new Set([301, 302, 303, 307, 308]);
 const MAX_REDIRECTS = 5;
+const LOCAL_FS_ERROR_CODES = new Set([
+  "EACCES",
+  "EPERM",
+  "ENOSPC",
+  "EROFS",
+  "ENOTDIR",
+  "EISDIR",
+  "EINVAL",
+  "EMFILE",
+  "ENFILE",
+  "EEXIST",
+]);
+
+function isLocalFsWriteError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+
+  if (LOCAL_FS_ERROR_CODES.has(error.code)) {
+    return true;
+  }
+
+  const message = String(error.message || "").toLowerCase();
+  return message.includes("enotdir") || message.includes("read-only file system");
+}
 
 function pickClient(protocol) {
   return protocol === "https:" ? https : http;
@@ -343,6 +368,19 @@ export class Downloader {
       await verifyFileSize(tempPath, metadata.contentLength);
       await fs.promises.rename(tempPath, finalPath);
     } catch (error) {
+      if (isLocalFsWriteError(error)) {
+        if (!error.statusCode) {
+          error.statusCode = 500;
+        }
+
+        this.logDownload("local cache write failed", urlObj, {
+          code: error.code || "UNKNOWN",
+          targetPath: finalPath,
+          tempPath,
+          message: error.message,
+        });
+      }
+
       await removeIfExists(tempPath);
       throw error;
     }

package/src/proxy/proxy-http-handler.js

@@ -5,6 +5,32 @@ import path from "node:path";
 import { getCacheFilePath } from "../cache/cache-path.js";
 import { detectPackageEcosystem } from "../common/ecosystem.js";
 
+const LOCAL_FS_ERROR_CODES = new Set([
+  "EACCES",
+  "EPERM",
+  "ENOSPC",
+  "EROFS",
+  "ENOTDIR",
+  "EISDIR",
+  "EINVAL",
+  "EMFILE",
+  "ENFILE",
+  "EEXIST",
+]);
+
+function isLocalFsWriteError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+
+  if (LOCAL_FS_ERROR_CODES.has(error.code)) {
+    return true;
+  }
+
+  const message = String(error.message || "").toLowerCase();
+  return message.includes("enotdir") || message.includes("read-only file system");
+}
+
 function pickClient(protocol) {
   return protocol === "https:" ? https : http;
 }
@@ -166,8 +192,25 @@ export function createHttpRequestHandler({ config, downloader, upstreamProxyMana
       res.setHeader("x-cache", "MISS");
       await serveFile(res, req, cachePath);
     } catch (error) {
+      if (isLocalFsWriteError(error)) {
+        if (!error.statusCode) {
+          error.statusCode = 500;
+        }
+
+        if (typeof downloader?.logDownload === "function") {
+          downloader.logDownload("local cache write failed", urlObj, {
+            code: error.code || "UNKNOWN",
+            cachePath,
+            message: error.message,
+          });
+        }
+
+        console.error(`[proxy] local cache write failed cachePath=${cachePath} code=${error.code || "UNKNOWN"} message=${error.message}`);
+      }
+
       const statusCode = error.statusCode || 502;
-      sendText(res, statusCode, `Download failed: ${error.message}`);
+      const label = statusCode === 500 ? "Local cache write failed" : "Download failed";
+      sendText(res, statusCode, `${label}: ${error.message}`);
     }
   };
 }