mirror of
https://github.com/gitlabhq/gitlabhq.git
synced 2025-07-23 00:45:28 +00:00
180 lines
6.8 KiB
Ruby
180 lines
6.8 KiB
Ruby
# frozen_string_literal: true
|
|
module API
|
|
class NpmProjectPackages < ::API::Base
|
|
ERROR_REASON_TO_HTTP_STATUS_MAPPTING = {
|
|
::Packages::Npm::CreatePackageService::ERROR_REASON_INVALID_PARAMETER => 400,
|
|
::Packages::Npm::CreatePackageService::ERROR_REASON_PACKAGE_EXISTS => 403,
|
|
::Packages::Npm::CreatePackageService::ERROR_REASON_PACKAGE_LEASE_TAKEN => 400,
|
|
::Packages::Npm::CreatePackageService::ERROR_REASON_PACKAGE_PROTECTED => 403,
|
|
::Packages::Npm::CreatePackageService::ERROR_REASON_UNAUTHORIZED => 403
|
|
}.freeze
|
|
|
|
helpers ::API::Helpers::Packages::Npm
|
|
helpers ::API::Helpers::Packages::DependencyProxyHelpers
|
|
|
|
feature_category :package_registry
|
|
urgency :low
|
|
|
|
rescue_from ActiveRecord::RecordInvalid do |e|
|
|
render_structured_api_error!({ message: e.message, error: e.message }, 400)
|
|
end
|
|
|
|
helpers do
|
|
include Gitlab::Utils::StrongMemoize
|
|
|
|
def error_reason_to_http_status(reason)
|
|
ERROR_REASON_TO_HTTP_STATUS_MAPPTING.fetch(reason, 400)
|
|
end
|
|
|
|
def metadata_cache
|
|
::Packages::Npm::MetadataCache
|
|
.find_by_package_name_and_project_id(params[:package_name], project.id)
|
|
end
|
|
strong_memoize_attr :metadata_cache
|
|
|
|
def project
|
|
user_project(action: :read_package)
|
|
end
|
|
|
|
def project_id_or_nil
|
|
params[:id]
|
|
end
|
|
end
|
|
|
|
params do
|
|
requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
|
|
end
|
|
namespace 'projects/:id/packages/npm' do
|
|
include ::API::Concerns::Packages::NpmEndpoints
|
|
|
|
desc 'Download the NPM tarball' do
|
|
detail 'This feature was introduced in GitLab 11.8'
|
|
success code: 200
|
|
failure [
|
|
{ code: 403, message: 'Forbidden' },
|
|
{ code: 404, message: 'Not Found' }
|
|
]
|
|
tags %w[npm_packages]
|
|
end
|
|
params do
|
|
requires :package_name, type: String, desc: 'Package name'
|
|
requires :file_name, type: String, desc: 'Package file name'
|
|
end
|
|
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
|
|
route_setting :authorization, job_token_policies: :read_packages,
|
|
allow_public_access_for_enabled_project_features: :package_registry
|
|
get '*package_name/-/*file_name', format: false do
|
|
authorize_read_package!(project)
|
|
|
|
package = ::Packages::Npm::Package
|
|
.for_projects(project)
|
|
.by_name_and_file_name(params[:package_name], params[:file_name])
|
|
|
|
not_found!('Package') unless package
|
|
|
|
package_file = ::Packages::PackageFileFinder
|
|
.new(package, params[:file_name]).execute!
|
|
|
|
track_package_event('pull_package', :npm, category: 'API::NpmPackages', project: project, namespace: project.namespace)
|
|
|
|
present_package_file!(package_file)
|
|
end
|
|
|
|
desc 'Create or deprecate NPM package' do
|
|
detail 'Create was introduced in GitLab 11.8 & deprecate suppport was added in 16.0'
|
|
success code: 200
|
|
failure [
|
|
{ code: 400, message: 'Bad Request' },
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 403, message: 'Forbidden' },
|
|
{ code: 404, message: 'Not Found' }
|
|
]
|
|
tags %w[npm_packages]
|
|
end
|
|
params do
|
|
requires :package_name, type: String, desc: 'Package name'
|
|
requires :versions, type: Hash, desc: 'Package version info'
|
|
end
|
|
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true
|
|
route_setting :authorization, job_token_policies: :admin_packages
|
|
put ':package_name', requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
|
|
if headers['Npm-Command'] == 'deprecate'
|
|
authorize_destroy_package!(project)
|
|
|
|
response = ::Packages::Npm::EnqueueDeprecatePackageWorkerService.new(project, nil, declared(params).to_hash).execute
|
|
|
|
if response.error? && response.reason == :no_versions_to_deprecate
|
|
bad_request_missing_attribute!('package versions to deprecate')
|
|
end
|
|
else
|
|
authorize_create_package!(project)
|
|
|
|
service_response = ::Packages::Npm::CreatePackageService
|
|
.new(project, current_user, params.merge(build: current_authenticated_job)).execute
|
|
|
|
if service_response.error?
|
|
render_structured_api_error!({ message: service_response.message, error: service_response.message }, error_reason_to_http_status(service_response.reason))
|
|
end
|
|
|
|
track_package_event('push_package', :npm, category: 'API::NpmPackages', project: project, namespace: project.namespace)
|
|
service_response[:package]
|
|
end
|
|
end
|
|
|
|
# Caution: This is a globbing wildcard for GET requests
|
|
# Do not put other GET routes below this one
|
|
desc 'NPM registry metadata endpoint' do
|
|
detail 'This feature was introduced in GitLab 11.8'
|
|
success [
|
|
{ code: 200, model: ::API::Entities::NpmPackage, message: 'Ok' },
|
|
{ code: 302, message: 'Found (redirect)' }
|
|
]
|
|
failure [
|
|
{ code: 400, message: 'Bad Request' },
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 403, message: 'Forbidden' },
|
|
{ code: 404, message: 'Not Found' }
|
|
]
|
|
tags %w[npm_packages]
|
|
end
|
|
params do
|
|
use :package_name
|
|
end
|
|
route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true,
|
|
authenticate_non_public: true
|
|
route_setting :authorization, job_token_policies: :read_packages,
|
|
allow_public_access_for_enabled_project_features: :package_registry
|
|
get '*package_name', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do
|
|
package_name = declared_params[:package_name]
|
|
packages = ::Packages::Npm::PackageFinder.new(project: project_or_nil, params: { package_name: package_name }).execute
|
|
|
|
# In order to redirect a request, packages should not exist (without taking the user into account).
|
|
redirect_request = project_or_nil.blank? || packages.empty?
|
|
|
|
redirect_registry_request(
|
|
forward_to_registry: redirect_request,
|
|
package_type: :npm,
|
|
target: project_or_nil,
|
|
package_name: package_name
|
|
) do
|
|
authorize_read_package!(project)
|
|
|
|
not_found!('Packages') if packages.empty?
|
|
|
|
if metadata_cache&.file&.exists?
|
|
metadata_cache.touch_last_downloaded_at
|
|
present_carrierwave_file!(metadata_cache.file)
|
|
|
|
break
|
|
end
|
|
|
|
enqueue_sync_metadata_cache_worker(project, package_name)
|
|
|
|
metadata = generate_metadata_service(packages).execute.payload
|
|
present metadata, with: ::API::Entities::NpmPackage
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|