2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
###
# API endpoints for the RubyGem package registry
module API
class RubygemPackages < :: API :: Base
include :: API :: Helpers :: Authentication
helpers :: API :: Helpers :: PackagesHelpers
feature_category :package_registry
2022-07-16 23:28:13 +05:30
urgency :low
2021-03-11 19:13:27 +05:30
# The Marshal version can be found by "#{Marshal::MAJOR_VERSION}.#{Marshal::MINOR_VERSION}"
# Updating the version should require a GitLab API version change.
MARSHAL_VERSION = '4.8'
2021-04-17 20:07:23 +05:30
PACKAGE_FILENAME = 'package.gem'
2021-03-11 19:13:27 +05:30
FILE_NAME_REQUIREMENTS = {
file_name : API :: NO_SLASH_URL_PART_REGEX
} . freeze
content_type :binary , 'application/octet-stream'
authenticate_with do | accept |
accept . token_types ( :personal_access_token , :deploy_token , :job_token )
. sent_through ( :http_token )
end
2023-03-17 16:20:25 +05:30
helpers do
def project
user_project ( action : :read_package )
end
end
2021-03-11 19:13:27 +05:30
before do
require_packages_enabled!
2021-04-17 20:07:23 +05:30
authenticate_non_get!
2023-03-04 22:38:38 +05:30
end
after_validation do
2023-03-17 16:20:25 +05:30
not_found! unless Feature . enabled? ( :rubygem_packages , project )
2021-03-11 19:13:27 +05:30
end
params do
2023-03-04 22:38:38 +05:30
requires :id , types : [ Integer , String ] , desc : 'The ID or URL-encoded path of the project'
2021-03-11 19:13:27 +05:30
end
resource :projects , requirements : API :: NAMESPACE_OR_PROJECT_REQUIREMENTS do
namespace ':id/packages/rubygems' do
desc 'Download the spec index file' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 404 , message : 'Not Found' }
]
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
params do
2023-03-04 22:38:38 +05:30
requires :file_name , type : String , desc : 'Spec file name' , documentation : { type : 'file' }
2021-03-11 19:13:27 +05:30
end
get " :file_name " , requirements : FILE_NAME_REQUIREMENTS do
# To be implemented in https://gitlab.com/gitlab-org/gitlab/-/issues/299267
not_found!
end
desc 'Download the gemspec file' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 404 , message : 'Not Found' }
]
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
params do
2023-03-04 22:38:38 +05:30
requires :file_name , type : String , desc : 'Gemspec file name' , documentation : { type : 'file' }
2021-03-11 19:13:27 +05:30
end
get " quick/Marshal. #{ MARSHAL_VERSION } /:file_name " , requirements : FILE_NAME_REQUIREMENTS do
# To be implemented in https://gitlab.com/gitlab-org/gitlab/-/issues/299284
not_found!
end
desc 'Download the .gem package' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
success code : 200
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 403 , message : 'Forbidden' } ,
{ code : 404 , message : 'Not Found' }
]
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
params do
2023-03-04 22:38:38 +05:30
requires :file_name , type : String , desc : 'Package file name' , documentation : { type : 'file' }
2021-03-11 19:13:27 +05:30
end
get " gems/:file_name " , requirements : FILE_NAME_REQUIREMENTS do
2023-03-17 16:20:25 +05:30
authorize_read_package! ( project )
2021-04-17 20:07:23 +05:30
2022-03-02 08:16:31 +05:30
package_files = :: Packages :: PackageFile
2023-03-17 16:20:25 +05:30
. for_rubygem_with_file_name ( project , params [ :file_name ] )
2022-03-02 08:16:31 +05:30
2022-04-04 11:22:00 +05:30
package_file = package_files . installable . last!
2021-04-17 20:07:23 +05:30
2023-03-17 16:20:25 +05:30
track_package_event ( 'pull_package' , :rubygems , project : project , namespace : project . namespace )
2021-04-17 20:07:23 +05:30
2022-10-11 01:57:18 +05:30
present_package_file! ( package_file )
2021-03-11 19:13:27 +05:30
end
namespace 'api/v1' do
desc 'Authorize a gem upload from workhorse' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
success code : 200
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 403 , message : 'Forbidden' }
]
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
post 'gems/authorize' do
2021-04-17 20:07:23 +05:30
authorize_workhorse! (
2023-03-17 16:20:25 +05:30
subject : project ,
2021-04-17 20:07:23 +05:30
has_length : false ,
2023-03-17 16:20:25 +05:30
maximum_size : project . actual_limits . rubygems_max_file_size
2021-04-17 20:07:23 +05:30
)
2021-03-11 19:13:27 +05:30
end
desc 'Upload a gem' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
success code : 201
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 403 , message : 'Forbidden' } ,
{ code : 404 , message : 'Not Found' }
]
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
2021-04-17 20:07:23 +05:30
params do
2023-01-13 00:05:48 +05:30
requires :file , type : :: API :: Validations :: Types :: WorkhorseFile , desc : 'The package file to be published (generated by Multipart middleware)' , documentation : { type : 'file' }
2021-04-17 20:07:23 +05:30
end
2021-03-11 19:13:27 +05:30
post 'gems' do
2023-03-17 16:20:25 +05:30
authorize_upload! ( project )
bad_request! ( 'File is too large' ) if project . actual_limits . exceeded? ( :rubygems_max_file_size , params [ :file ] . size )
2021-04-17 20:07:23 +05:30
2023-05-27 22:25:52 +05:30
track_package_event ( 'push_package' , :rubygems , project : project , namespace : project . namespace )
2021-04-17 20:07:23 +05:30
2021-04-29 21:17:54 +05:30
package_file = nil
2021-10-27 15:23:28 +05:30
ApplicationRecord . transaction do
2021-04-17 20:07:23 +05:30
package = :: Packages :: CreateTemporaryPackageService . new (
2023-03-17 16:20:25 +05:30
project , current_user , declared_params . merge ( build : current_authenticated_job )
2021-04-17 20:07:23 +05:30
) . execute ( :rubygems , name : :: Packages :: Rubygems :: TEMPORARY_PACKAGE_NAME )
file_params = {
2022-08-27 11:52:29 +05:30
file : params [ :file ] ,
2021-04-17 20:07:23 +05:30
file_name : PACKAGE_FILENAME
}
2021-04-29 21:17:54 +05:30
package_file = :: Packages :: CreatePackageFileService . new (
2021-04-17 20:07:23 +05:30
package , file_params . merge ( build : current_authenticated_job )
) . execute
end
2021-04-29 21:17:54 +05:30
if package_file
:: Packages :: Rubygems :: ExtractionWorker . perform_async ( package_file . id ) # rubocop:disable CodeReuse/Worker
created!
else
bad_request! ( 'Package creation failed' )
end
2021-04-17 20:07:23 +05:30
rescue ObjectStorage :: RemoteStoreError = > e
2023-03-17 16:20:25 +05:30
Gitlab :: ErrorTracking . track_exception ( e , extra : { file_name : params [ :file_name ] , project_id : project . id } )
2021-04-17 20:07:23 +05:30
forbidden!
2021-03-11 19:13:27 +05:30
end
desc 'Fetch a list of dependencies' do
detail 'This feature was introduced in GitLab 13.9'
2023-03-04 22:38:38 +05:30
success code : 200
failure [
{ code : 401 , message : 'Unauthorized' } ,
{ code : 403 , message : 'Forbidden' } ,
{ code : 404 , message : 'Not Found' }
]
is_array true
tags %w[ rubygem_packages ]
2021-03-11 19:13:27 +05:30
end
params do
2021-04-17 20:07:23 +05:30
optional :gems , type : Array [ String ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'Comma delimited gem names'
2021-03-11 19:13:27 +05:30
end
get 'dependencies' do
2023-03-17 16:20:25 +05:30
authorize_read_package! ( project )
2021-04-17 20:07:23 +05:30
if params [ :gems ] . blank?
status :ok
else
results = params [ :gems ] . map do | gem_name |
2023-03-17 16:20:25 +05:30
service_result = Packages :: Rubygems :: DependencyResolverService . new ( project , current_user , gem_name : gem_name ) . execute
2021-04-17 20:07:23 +05:30
render_api_error! ( service_result . message , service_result . http_status ) if service_result . error?
service_result . payload
end
content_type 'application/octet-stream'
Marshal . dump ( results . flatten )
end
2021-03-11 19:13:27 +05:30
end
end
end
end
end
end