fix: `.npmrc` settings not being passed to install/add command (#26473)

We weren't passing the resolved npmrc settings to the install commands.
This lead us to always fall back to the default registry url instead of
using the one from npmrc.

Fixes https://github.com/denoland/deno/issues/26139
Fixes https://github.com/denoland/deno/issues/26033
Fixes https://github.com/denoland/deno/issues/25924
Fixes https://github.com/denoland/deno/issues/25822
Fixes https://github.com/denoland/deno/issues/26152

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>

1 files changed, 29 insertions, 1 deletions

diff --git a/cli/file_fetcher.rs b/cli/file_fetcher.rs
index e92aca542..95d778f0b 100644
--- a/cli/file_fetcher.rs
+++ b/cli/file_fetcher.rs
@@ -24,6 +24,7 @@ use deno_graph::source::LoaderChecksum;
 use deno_path_util::url_to_file_path;
 use deno_runtime::deno_permissions::PermissionsContainer;
 use deno_runtime::deno_web::BlobStore;
+use http::header;
 use log::debug;
 use std::borrow::Cow;
 use std::collections::HashMap;
@@ -181,6 +182,7 @@ pub enum FetchPermissionsOptionRef<'a> {
 pub struct FetchOptions<'a> {
   pub specifier: &'a ModuleSpecifier,
   pub permissions: FetchPermissionsOptionRef<'a>,
+  pub maybe_auth: Option<(header::HeaderName, header::HeaderValue)>,
   pub maybe_accept: Option<&'a str>,
   pub maybe_cache_setting: Option<&'a CacheSetting>,
 }
@@ -350,6 +352,7 @@ impl FileFetcher {
     maybe_accept: Option<&str>,
     cache_setting: &CacheSetting,
     maybe_checksum: Option<&LoaderChecksum>,
+    maybe_auth: Option<(header::HeaderName, header::HeaderValue)>,
   ) -> Result<FileOrRedirect, AnyError> {
     debug!(
       "FileFetcher::fetch_remote_no_follow - specifier: {}",
@@ -442,6 +445,7 @@ impl FileFetcher {
             .as_ref()
             .map(|(_, etag)| etag.clone()),
           maybe_auth_token: maybe_auth_token.clone(),
+          maybe_auth: maybe_auth.clone(),
           maybe_progress_guard: maybe_progress_guard.as_ref(),
         })
         .await?
@@ -538,7 +542,18 @@ impl FileFetcher {
     specifier: &ModuleSpecifier,
   ) -> Result<File, AnyError> {
     self
-      .fetch_inner(specifier, FetchPermissionsOptionRef::AllowAll)
+      .fetch_inner(specifier, None, FetchPermissionsOptionRef::AllowAll)
+      .await
+  }
+
+  #[inline(always)]
+  pub async fn fetch_bypass_permissions_with_maybe_auth(
+    &self,
+    specifier: &ModuleSpecifier,
+    maybe_auth: Option<(header::HeaderName, header::HeaderValue)>,
+  ) -> Result<File, AnyError> {
+    self
+      .fetch_inner(specifier, maybe_auth, FetchPermissionsOptionRef::AllowAll)
       .await
   }
 
@@ -552,6 +567,7 @@ impl FileFetcher {
     self
       .fetch_inner(
         specifier,
+        None,
         FetchPermissionsOptionRef::StaticContainer(permissions),
       )
       .await
@@ -560,12 +576,14 @@ impl FileFetcher {
   async fn fetch_inner(
     &self,
     specifier: &ModuleSpecifier,
+    maybe_auth: Option<(header::HeaderName, header::HeaderValue)>,
     permissions: FetchPermissionsOptionRef<'_>,
   ) -> Result<File, AnyError> {
     self
       .fetch_with_options(FetchOptions {
         specifier,
         permissions,
+        maybe_auth,
         maybe_accept: None,
         maybe_cache_setting: None,
       })
@@ -585,12 +603,14 @@ impl FileFetcher {
     max_redirect: usize,
   ) -> Result<File, AnyError> {
     let mut specifier = Cow::Borrowed(options.specifier);
+    let mut maybe_auth = options.maybe_auth.clone();
     for _ in 0..=max_redirect {
       match self
         .fetch_no_follow_with_options(FetchNoFollowOptions {
           fetch_options: FetchOptions {
             specifier: &specifier,
             permissions: options.permissions,
+            maybe_auth: maybe_auth.clone(),
             maybe_accept: options.maybe_accept,
             maybe_cache_setting: options.maybe_cache_setting,
           },
@@ -602,6 +622,10 @@ impl FileFetcher {
           return Ok(file);
         }
         FileOrRedirect::Redirect(redirect_specifier) => {
+          // If we were redirected to another origin, don't send the auth header anymore.
+          if redirect_specifier.origin() != specifier.origin() {
+            maybe_auth = None;
+          }
           specifier = Cow::Owned(redirect_specifier);
         }
       }
@@ -666,6 +690,7 @@ impl FileFetcher {
           options.maybe_accept,
           options.maybe_cache_setting.unwrap_or(&self.cache_setting),
           maybe_checksum,
+          options.maybe_auth,
         )
         .await
     }
@@ -756,6 +781,7 @@ mod tests {
         FetchOptions {
           specifier,
           permissions: FetchPermissionsOptionRef::AllowAll,
+          maybe_auth: None,
           maybe_accept: None,
           maybe_cache_setting: Some(&file_fetcher.cache_setting),
         },
@@ -1255,6 +1281,7 @@ mod tests {
         FetchOptions {
           specifier: &specifier,
           permissions: FetchPermissionsOptionRef::AllowAll,
+          maybe_auth: None,
           maybe_accept: None,
           maybe_cache_setting: Some(&file_fetcher.cache_setting),
         },
@@ -1268,6 +1295,7 @@ mod tests {
         FetchOptions {
           specifier: &specifier,
           permissions: FetchPermissionsOptionRef::AllowAll,
+          maybe_auth: None,
           maybe_accept: None,
           maybe_cache_setting: Some(&file_fetcher.cache_setting),
         },