debian-mirror-gitlab/lib/api/nuget_project_packages.rb

# frozen_string_literal: true

# NuGet Package Manager Client API
#
# These API endpoints are not meant to be consumed directly by users. They are
# called by the NuGet package manager client when users run commands
# like `nuget install` or `nuget push`.
#
# This is the project level API.
module API
  class NugetProjectPackages < ::API::Base
    helpers ::API::Helpers::PackagesHelpers
    helpers ::API::Helpers::Packages::BasicAuthHelpers
    include ::API::Helpers::Authentication

    feature_category :package_registry

    PACKAGE_FILENAME = 'package.nupkg'

    default_format :json

    authenticate_with do |accept|
      accept.token_types(:personal_access_token_with_username, :deploy_token_with_username, :job_token_with_username)
            .sent_through(:http_basic_auth)
    end

    rescue_from ArgumentError do |e|
      render_api_error!(e.message, 400)
    end

    after_validation do
      require_packages_enabled!
    end

    helpers do
      def project_or_group
        authorized_user_project
      end
    end

    params do
      requires :id, type: String, desc: 'The ID of a project', regexp: ::API::Concerns::Packages::NugetEndpoints::POSITIVE_INTEGER_REGEX
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      namespace ':id/packages/nuget' do
        include ::API::Concerns::Packages::NugetEndpoints

        # https://docs.microsoft.com/en-us/nuget/api/package-publish-resource
        desc 'The NuGet Package Publish endpoint' do
          detail 'This feature was introduced in GitLab 12.6'
        end

        params do
          requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
        end
        put do
          authorize_upload!(project_or_group)
          bad_request!('File is too large') if project_or_group.actual_limits.exceeded?(:nuget_max_file_size, params[:package].size)

          file_params = params.merge(
            file: params[:package],
            file_name: PACKAGE_FILENAME
          )

          package = ::Packages::CreateTemporaryPackageService.new(
            project_or_group, current_user, declared_params.merge(build: current_authenticated_job)
          ).execute(:nuget, name: ::Packages::Nuget::TEMPORARY_PACKAGE_NAME)

          package_file = ::Packages::CreatePackageFileService.new(package, file_params.merge(build: current_authenticated_job))
                                                             .execute

          track_package_event('push_package', :nuget, category: 'API::NugetPackages')

          ::Packages::Nuget::ExtractionWorker.perform_async(package_file.id) # rubocop:disable CodeReuse/Worker

          created!
        rescue ObjectStorage::RemoteStoreError => e
          Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:file_name], project_id: project_or_group.id })

          forbidden!
        end
        put 'authorize' do
          authorize_workhorse!(
            subject: project_or_group,
            has_length: false,
            maximum_size: project_or_group.actual_limits.nuget_max_file_size
          )
        end

        # https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource
        params do
          requires :package_name, type: String, desc: 'The NuGet package name', regexp: API::NO_SLASH_URL_PART_REGEX
        end
        namespace '/download/*package_name' do
          after_validation do
            authorize_read_package!(project_or_group)
          end

          desc 'The NuGet Content Service - index request' do
            detail 'This feature was introduced in GitLab 12.8'
          end
          get 'index', format: :json do
            present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages(params[:package_name])),
                    with: ::API::Entities::Nuget::PackagesVersions
          end

          desc 'The NuGet Content Service - content request' do
            detail 'This feature was introduced in GitLab 12.8'
          end
          params do
            requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX
            requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX
          end
          get '*package_version/*package_filename', format: :nupkg do
            filename = "#{params[:package_filename]}.#{params[:format]}"
            package_file = ::Packages::PackageFileFinder.new(find_package(params[:package_name], params[:package_version]), filename, with_file_name_like: true)
                                                        .execute

            not_found!('Package') unless package_file

            track_package_event('pull_package', :nuget, category: 'API::NugetPackages')

            # nuget and dotnet don't support 302 Moved status codes, supports_direct_download has to be set to false
            present_carrierwave_file!(package_file.file, supports_direct_download: false)
          end
        end
      end
    end
  end
end
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`# frozen_string_literal: true`

			`# NuGet Package Manager Client API`
			`#`
			`# These API endpoints are not meant to be consumed directly by users. They are`
			`# called by the NuGet package manager client when users run commands`
			# like `nuget install` or `nuget push`.
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`#`
			`# This is the project level API.`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`module API`
			`class NugetProjectPackages < ::API::Base`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`helpers ::API::Helpers::PackagesHelpers`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`helpers ::API::Helpers::Packages::BasicAuthHelpers`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`include ::API::Helpers::Authentication`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`feature_category :package_registry`

			`PACKAGE_FILENAME = 'package.nupkg'`

			`default_format :json`

New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`authenticate_with do \|accept\|`
New upstream version 13.9.3+ds1 2021-03-11 19:13:27 +05:30			`accept.token_types(:personal_access_token_with_username, :deploy_token_with_username, :job_token_with_username)`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`.sent_through(:http_basic_auth)`
			`end`

New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`rescue_from ArgumentError do \|e\|`
			`render_api_error!(e.message, 400)`
			`end`

New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`after_validation do`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`require_packages_enabled!`
			`end`

New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`helpers do`
			`def project_or_group`
			`authorized_user_project`
			`end`
			`end`

New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`params do`
			`requires :id, type: String, desc: 'The ID of a project', regexp: ::API::Concerns::Packages::NugetEndpoints::POSITIVE_INTEGER_REGEX`
			`end`
			`resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do`
			`namespace ':id/packages/nuget' do`
			`include ::API::Concerns::Packages::NugetEndpoints`

			`# https://docs.microsoft.com/en-us/nuget/api/package-publish-resource`
			`desc 'The NuGet Package Publish endpoint' do`
			`detail 'This feature was introduced in GitLab 12.6'`
			`end`

			`params do`
			`requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'`
			`end`
			`put do`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`authorize_upload!(project_or_group)`
			`bad_request!('File is too large') if project_or_group.actual_limits.exceeded?(:nuget_max_file_size, params[:package].size)`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`file_params = params.merge(`
			`file: params[:package],`
			`file_name: PACKAGE_FILENAME`
			`)`

New upstream version 13.10.3+ds1 2021-04-17 20:07:23 +05:30			`package = ::Packages::CreateTemporaryPackageService.new(`
			`project_or_group, current_user, declared_params.merge(build: current_authenticated_job)`
			`).execute(:nuget, name: ::Packages::Nuget::TEMPORARY_PACKAGE_NAME)`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`package_file = ::Packages::CreatePackageFileService.new(package, file_params.merge(build: current_authenticated_job))`
			`.execute`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`track_package_event('push_package', :nuget, category: 'API::NugetPackages')`

			`::Packages::Nuget::ExtractionWorker.perform_async(package_file.id) # rubocop:disable CodeReuse/Worker`

			`created!`
			`rescue ObjectStorage::RemoteStoreError => e`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:file_name], project_id: project_or_group.id })`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`forbidden!`
			`end`
			`put 'authorize' do`
			`authorize_workhorse!(`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`subject: project_or_group,`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`has_length: false,`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`maximum_size: project_or_group.actual_limits.nuget_max_file_size`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`)`
			`end`

			`# https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource`
			`params do`
			`requires :package_name, type: String, desc: 'The NuGet package name', regexp: API::NO_SLASH_URL_PART_REGEX`
			`end`
			`namespace '/download/*package_name' do`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`after_validation do`
			`authorize_read_package!(project_or_group)`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`end`

			`desc 'The NuGet Content Service - index request' do`
			`detail 'This feature was introduced in GitLab 12.8'`
			`end`
			`get 'index', format: :json do`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages(params[:package_name])),`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`with: ::API::Entities::Nuget::PackagesVersions`
			`end`

			`desc 'The NuGet Content Service - content request' do`
			`detail 'This feature was introduced in GitLab 12.8'`
			`end`
			`params do`
			`requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX`
			`requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX`
			`end`
			`get 'package_version/package_filename', format: :nupkg do`
			`filename = "#{params[:package_filename]}.#{params[:format]}"`
New upstream version 13.8.5+ds1 2021-03-08 18:12:59 +05:30			`package_file = ::Packages::PackageFileFinder.new(find_package(params[:package_name], params[:package_version]), filename, with_file_name_like: true)`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`.execute`

			`not_found!('Package') unless package_file`

			`track_package_event('pull_package', :nuget, category: 'API::NugetPackages')`

			`# nuget and dotnet don't support 302 Moved status codes, supports_direct_download has to be set to false`
			`present_carrierwave_file!(package_file.file, supports_direct_download: false)`
			`end`
			`end`
			`end`
			`end`
			`end`
			`end`