debian-mirror-gitlab/lib/api/pypi_packages.rb

133 lines
4.9 KiB
Ruby
Raw Normal View History

2020-07-28 23:09:34 +05:30
# frozen_string_literal: true
# PyPI Package Manager Client API
#
# These API endpoints are not meant to be consumed directly by users. They are
# called by the PyPI package manager client when users run commands
# like `pip install` or `twine upload`.
module API
2021-01-03 14:25:43 +05:30
class PypiPackages < ::API::Base
2020-07-28 23:09:34 +05:30
helpers ::API::Helpers::PackagesManagerClientsHelpers
helpers ::API::Helpers::RelatedResourcesHelpers
helpers ::API::Helpers::Packages::BasicAuthHelpers
include ::API::Helpers::Packages::BasicAuthHelpers::Constants
2021-01-29 00:20:46 +05:30
feature_category :package_registry
2020-07-28 23:09:34 +05:30
default_format :json
rescue_from ArgumentError do |e|
render_api_error!(e.message, 400)
end
rescue_from ActiveRecord::RecordInvalid do |e|
render_api_error!(e.message, 400)
end
before do
require_packages_enabled!
end
params do
requires :id, type: Integer, desc: 'The ID of a project'
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
unauthorized_user_project!
end
namespace ':id/packages/pypi' do
desc 'The PyPi package download endpoint' do
detail 'This feature was introduced in GitLab 12.10'
end
params do
requires :file_identifier, type: String, desc: 'The PyPi package file identifier', file_path: true
requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
end
2020-11-24 15:15:51 +05:30
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
2020-07-28 23:09:34 +05:30
get 'files/:sha256/*file_identifier' do
project = unauthorized_user_project!
filename = "#{params[:file_identifier]}.#{params[:format]}"
2021-06-08 01:23:25 +05:30
package = Packages::Pypi::PackageFinder.new(current_user, project, { filename: filename, sha256: params[:sha256] }).execute
2020-07-28 23:09:34 +05:30
package_file = ::Packages::PackageFileFinder.new(package, filename, with_file_name_like: false).execute
2021-01-03 14:25:43 +05:30
track_package_event('pull_package', :pypi)
2020-07-28 23:09:34 +05:30
present_carrierwave_file!(package_file.file, supports_direct_download: true)
end
desc 'The PyPi Simple Endpoint' do
detail 'This feature was introduced in GitLab 12.10'
end
params do
requires :package_name, type: String, file_path: true, desc: 'The PyPi package name'
end
# An Api entry point but returns an HTML file instead of JSON.
# PyPi simple API returns the package descriptor as a simple HTML file.
2020-11-24 15:15:51 +05:30
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
2020-07-28 23:09:34 +05:30
get 'simple/*package_name', format: :txt do
authorize_read_package!(authorized_user_project)
2021-01-03 14:25:43 +05:30
track_package_event('list_package', :pypi)
2020-07-28 23:09:34 +05:30
2021-06-08 01:23:25 +05:30
packages = Packages::Pypi::PackagesFinder.new(current_user, authorized_user_project, { package_name: params[:package_name] }).execute!
2020-07-28 23:09:34 +05:30
presenter = ::Packages::Pypi::PackagePresenter.new(packages, authorized_user_project)
# Adjusts grape output format
# to be HTML
content_type "text/html; charset=utf-8"
env['api.format'] = :binary
body presenter.body
end
desc 'The PyPi Package upload endpoint' do
detail 'This feature was introduced in GitLab 12.10'
end
params do
requires :content, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
requires :requires_python, type: String
requires :name, type: String
requires :version, type: String
optional :md5_digest, type: String
optional :sha256_digest, type: String
end
2020-11-24 15:15:51 +05:30
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
2020-07-28 23:09:34 +05:30
post do
authorize_upload!(authorized_user_project)
2020-11-24 15:15:51 +05:30
bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
2020-07-28 23:09:34 +05:30
2021-01-03 14:25:43 +05:30
track_package_event('push_package', :pypi)
2020-07-28 23:09:34 +05:30
::Packages::Pypi::CreatePackageService
2021-02-22 17:27:13 +05:30
.new(authorized_user_project, current_user, declared_params.merge(build: current_authenticated_job))
2020-07-28 23:09:34 +05:30
.execute
created!
rescue ObjectStorage::RemoteStoreError => e
Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:name], project_id: authorized_user_project.id })
forbidden!
end
2020-11-24 15:15:51 +05:30
route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
2020-07-28 23:09:34 +05:30
post 'authorize' do
2020-11-24 15:15:51 +05:30
authorize_workhorse!(
subject: authorized_user_project,
has_length: false,
maximum_size: authorized_user_project.actual_limits.pypi_max_file_size
)
2020-07-28 23:09:34 +05:30
end
end
end
end
end