From e2712661790665b4aa4223652ca8a182490a04ed Mon Sep 17 00:00:00 2001
From: Lily Foster <lily@lily.flowers>
Date: Mon, 11 Sep 2023 16:49:36 -0400
Subject: [PATCH] prefetch-npm-deps: add support for NIX_NPM_TOKENS env var

---
 pkgs/build-support/node/fetch-npm-deps/src/util.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkgs/build-support/node/fetch-npm-deps/src/util.rs b/pkgs/build-support/node/fetch-npm-deps/src/util.rs
index a165461fa71a..7a220f681c0d 100644
--- a/pkgs/build-support/node/fetch-npm-deps/src/util.rs
+++ b/pkgs/build-support/node/fetch-npm-deps/src/util.rs
@@ -3,6 +3,7 @@ use isahc::{
     config::{CaCertificate, Configurable, RedirectPolicy, SslOption},
     Body, Request, RequestExt,
 };
+use serde_json::{Map, Value};
 use std::{env, path::Path};
 use url::Url;
 
@@ -22,6 +23,18 @@ pub fn get_url(url: &Url) -> Result<Body, isahc::Error> {
         }
     }
 
+    // Respect NIX_NPM_TOKENS environment variable, which should be a JSON mapping in the shape of:
+    // `{ "registry.example.com": "example-registry-bearer-token", ... }`
+    if let Some(host) = url.host_str() {
+        if let Ok(npm_tokens) = env::var("NIX_NPM_TOKENS") {
+            if let Ok(tokens) = serde_json::from_str::<Map<String, Value>>(&npm_tokens) {
+                if let Some(token) = tokens.get(host).and_then(|val| val.as_str()) {
+                    request = request.header("Authorization", format!("Bearer {token}"));
+                }
+            }
+        }
+    }
+
     Ok(request.body(())?.send()?.into_body())
 }