Migrate guide for npm authToken

[nick-ChenZe]

Hi:
We used verdaccio 3.x for private npm packge manager solution(1000+ member) for a long time by self delopyment. We plan to migrate it to verdaccio 5.x docker based. And we faced a problem when we used new service, the authToken writed in .npmrc will invalid. After debugging verdaccio, we found it will write a user data include a uuid key in couchDB, which will used to decode the token? Not sure my understand is correct

Finally, this issue is to ask the guide for migrate couchDB data or any other data to keep npmToken not be invalid.

Thanks a lot.

[juanpicado]

, the authToken writed in .npmrc will invalid.

Unique thing that force invalid the tokens is the secret is different on the .verdaccio-db.json file (or where ever you have your database, couchdb etc..), if you want to keep tokens authToken field in your .npmrc file should be the same.

There is not changes on Verdaccio 5 regarding tokens generations, but will be on the next future major (verdaccio 6), but tha's the future, not important now.

we found it will write a user data include a uuid key in couchDB, which will used to decode the token?

yes.

I'd like to know more about your setup, feel free to drop me a message on discord chat.

[nick-ChenZe]

Thanks for your reply.

I found we use verdaccio v2.7.x served by PM2. And in that version, secret is written in verdaccio/storage/.sinopia-db.json. By copy and rename it as .verdaccio-db.json, problem resolved.

I genuinely appreciate your great work.😄

[juanpicado]

:) just curious 😊 Baidu uses verdaccio?

[nick-ChenZe]

Yeap, we use verdaccio to manage private packages!

[nick-ChenZe]

@juanpicado Hi，sorry to ask you again.

I faced another problem, we deploy verdaccio as multiple service. In the old version, we use something like NFS(sync file by watch file changed) to sync htpasswd, is there any way to migrate it to cloud instead read file local, like storage plugins.

Thanks

[nick-ChenZe]

Fixed by fork htpasswd plugin, we design every user token as a single cloud file. Base on this design, every user operation(read/write) can be independent，so lock strategy is unnecessay.

Thank you，No need to reply