Auth support for NVM_AUTH_HEADER env var

Makefile

@@ -40,10 +40,14 @@ list:
 # Note that preexisting NVM_* variables are unset to avoid interfering with tests, except when running the Travis tests (where NVM_DIR must be passed in and the env. is assumed to be pristine).
 .PHONY: $(SHELL_TARGETS)
 $(SHELL_TARGETS):
-	@shell='$@'; shell=$${shell##*-}; which "$$shell" >/dev/null || { printf '\033[0;31m%s\033[0m\n' "WARNING: Cannot test with shell '$$shell': not found." >&2; exit 0; } && \
+	@shell='$@'; shell=$${shell##*-}; \
+	which "$$shell" >/dev/null || { printf '\033[0;31m%s\033[0m\n' "WARNING: Cannot test with shell '$$shell': not found." >&2; exit 0; } && \
 	printf '\n\033[0;34m%s\033[0m\n' "Running tests in $$shell"; \
 	[ -z "$$TRAVIS_BUILD_DIR" ] && for v in $$(set | awk -F'=' '$$1 ~ "^NVM_" { print $$1 }'); do unset $$v; done && unset v; \
-	for suite in $(TEST_SUITE); do $(URCHIN) -f -s $$shell test/$$suite || exit; done
+	for suite in $(TEST_SUITE); do \
+		echo "Running test suite: $$suite"; \
+		$(URCHIN) -f -s $$shell test/$$suite || exit; \
+	done
 
 # All-tests target: invokes the specified test suites for ALL shells defined in $(SHELLS).
 .PHONY: test

README.md

@@ -39,6 +39,7 @@
   - [Restoring PATH](#restoring-path)
   - [Set default node version](#set-default-node-version)
   - [Use a mirror of node binaries](#use-a-mirror-of-node-binaries)
+    - [Pass Authorization header to mirror](#pass-authorization-header-to-mirror)
   - [.nvmrc](#nvmrc)
   - [Deeper Shell Integration](#deeper-shell-integration)
     - [Calling `nvm use` automatically in a directory with a `.nvmrc` file](#calling-nvm-use-automatically-in-a-directory-with-a-nvmrc-file)
@@ -530,6 +531,13 @@ NVM_IOJS_ORG_MIRROR=https://iojs.org/dist nvm install iojs-v1.0.3
 
 `nvm use` will not, by default, create a "current" symlink. Set `$NVM_SYMLINK_CURRENT` to "true" to enable this behavior, which is sometimes useful for IDEs. Note that using `nvm` in multiple shell tabs with this environment variable enabled can cause race conditions.
 
+#### Pass Authorization header to mirror
+To pass an Authorization header through to the mirror url, set `$NVM_AUTH_HEADER`
+
+```sh
+NVM_AUTH_HEADER="Bearer secret-token" nvm install node
+```
+
 ### .nvmrc
 
 You can create a `.nvmrc` file containing a node version number (or any other string that `nvm` understands; see `nvm --help` for details) in the project root directory (or any parent directory).

nvm.sh

@@ -116,12 +116,19 @@ nvm_get_latest() {
 }
 
 nvm_download() {
-  local CURL_COMPRESSED_FLAG
   if nvm_has "curl"; then
+    local CURL_COMPRESSED_FLAG=""
+    local CURL_HEADER_FLAG=""
+
+    if [ -n "${NVM_AUTH_HEADER:-}" ]; then
+      sanitized_header=$(nvm_sanitize_auth_header "${NVM_AUTH_HEADER}")
+      CURL_HEADER_FLAG="--header \"Authorization: ${sanitized_header}\""
+    fi
+
     if nvm_curl_use_compression; then
       CURL_COMPRESSED_FLAG="--compressed"
     fi
-    curl --fail ${CURL_COMPRESSED_FLAG:-} -q "$@"
+    eval "curl -q --fail ${CURL_COMPRESSED_FLAG:-} ${CURL_HEADER_FLAG:-} $*"
   elif nvm_has "wget"; then
     # Emulate curl with wget
     ARGS=$(nvm_echo "$@" | command sed -e 's/--progress-bar /--progress=bar /' \
@@ -133,11 +140,20 @@ nvm_download() {
                             -e 's/-sS /-nv /' \
                             -e 's/-o /-O /' \
                             -e 's/-C - /-c /')
+
+    if [ -n "${NVM_AUTH_HEADER:-}" ]; then
+      ARGS="${ARGS} --header \"${NVM_AUTH_HEADER}\""
+    fi
     # shellcheck disable=SC2086
     eval wget $ARGS
   fi
 }
 
+nvm_sanitize_auth_header() {
+    # Remove potentially dangerous characters
+    nvm_echo "$1" | command sed 's/[^a-zA-Z0-9:;_. -]//g'
+}
+
 nvm_has_system_node() {
   [ "$(nvm deactivate >/dev/null 2>&1 && command -v node)" != '' ]
 }
@@ -4358,7 +4374,7 @@ nvm() {
         nvm_sanitize_path nvm_has_colors nvm_process_parameters \
         nvm_node_version_has_solaris_binary nvm_iojs_version_has_solaris_binary \
         nvm_curl_libz_support nvm_command_info nvm_is_zsh nvm_stdout_is_terminal \
-        nvm_npmrc_bad_news_bears \
+        nvm_npmrc_bad_news_bears nvm_sanitize_auth_header \
         nvm_get_colors nvm_set_colors nvm_print_color_code nvm_wrap_with_color_code nvm_format_help_message_colors \
         nvm_echo_with_colors nvm_err_with_colors \
         nvm_get_artifact_compression nvm_install_binary_extract nvm_extract_tarball \

test/fast/Running 'nvm unload' should unset all function and variables

@@ -9,7 +9,7 @@ cleanup () { rm -f "${BEFORE}" "${AFTER}"; }
 die () { echo "$@" ; cleanup ; exit 1; }
 
 typeset -f | awk '/ \(\) $/ && !/^main / {print $1}' > "${BEFORE}"
-env | grep -v PATH= | grep -v IFS= | grep -v NVM_ | sort >> "${BEFORE}"
+env | grep -v PATH= | grep -v IFS= | grep -v NVM_ | grep -v TRAVIS_ | sort >> "${BEFORE}"
 
 set +e # TODO: fix
 \. ../../nvm.sh
@@ -20,11 +20,11 @@ type nvm > /dev/null 2>&1 || die "nvm not loaded"
 nvm unload
 
 typeset -f | awk '/ \(\) $/ && !/^main / {print $1}' > "${AFTER}"
-env | grep -v PATH= | grep -v IFS= | sort >> "${AFTER}"
+env | grep -v PATH= | grep -v IFS= | grep -v TRAVIS_ | sort >> "${AFTER}"
 
 ! type nvm > /dev/null 2>&1 || die "nvm not unloaded"
 
 DIFF="$(diff "${BEFORE}" "${AFTER}" ||:)"
-[ -z "${DIFF}" ] || die "function pollution found: ${DIFF}"
+[ -z "${DIFF}" ] || die "function pollution found: >${DIFF}<"
 
 cleanup

test/fast/Unit tests/nvm_download

@@ -1,7 +1,8 @@
 #!/bin/sh
 
 cleanup () {
-  unset -f die cleanup
+  unset -f die cleanup NVM_AUTH_HEADER
+  docker stop httpbin && docker rm httpbin
 }
 die () { echo "$@" ; cleanup ; exit 1; }
 
@@ -15,4 +16,13 @@ nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/install.sh" >/de
 # nvm_download should fail to download wrong_install.sh
 ! nvm_download "https://raw.githubusercontent.com/nvm-sh/nvm/HEAD/wrong_install.sh" >/dev/null || die "nvm_download should fail to download no existing file"
 
+# nvm_download should pass when calling with auth header
+docker pull kennethreitz/httpbin && docker run --shell=bash -d --name httpbin -p 80:80 kennethreitz/httpbin
+sleep 1 # wait for httpbin to start
+NVM_AUTH_HEADER="Bearer test-token" nvm_download "http://127.0.0.1/bearer" > /dev/null || die 'nvm_download with auth header should send correctly'
+
+# nvm_download should fail when calling without auth header
+nvm_download "http://127.0.0.1/bearer" > /dev/null && die 'nvm_download with no auth header should not send the header and should fail'
+docker stop httpbin && docker rm httpbin
+
 cleanup