afan
/
gitea
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
gitea源码
3 提交
2 分支
分支: master
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
from 'master'
${ noResults }
gitea/routers/api/packages/api.go

api.go 25KB
永久連結 歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package packages

  5. 

  6. import (

  7. 	"net/http"

  8. 

  9. 	auth_model "code.gitea.io/gitea/models/auth"

  10. 	"code.gitea.io/gitea/models/perm"

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 	"code.gitea.io/gitea/modules/web"

  14. 	"code.gitea.io/gitea/routers/api/packages/alpine"

  15. 	"code.gitea.io/gitea/routers/api/packages/arch"

  16. 	"code.gitea.io/gitea/routers/api/packages/cargo"

  17. 	"code.gitea.io/gitea/routers/api/packages/chef"

  18. 	"code.gitea.io/gitea/routers/api/packages/composer"

  19. 	"code.gitea.io/gitea/routers/api/packages/conan"

  20. 	"code.gitea.io/gitea/routers/api/packages/conda"

  21. 	"code.gitea.io/gitea/routers/api/packages/container"

  22. 	"code.gitea.io/gitea/routers/api/packages/cran"

  23. 	"code.gitea.io/gitea/routers/api/packages/debian"

  24. 	"code.gitea.io/gitea/routers/api/packages/generic"

  25. 	"code.gitea.io/gitea/routers/api/packages/goproxy"

  26. 	"code.gitea.io/gitea/routers/api/packages/helm"

  27. 	"code.gitea.io/gitea/routers/api/packages/maven"

  28. 	"code.gitea.io/gitea/routers/api/packages/npm"

  29. 	"code.gitea.io/gitea/routers/api/packages/nuget"

  30. 	"code.gitea.io/gitea/routers/api/packages/pub"

  31. 	"code.gitea.io/gitea/routers/api/packages/pypi"

  32. 	"code.gitea.io/gitea/routers/api/packages/rpm"

  33. 	"code.gitea.io/gitea/routers/api/packages/rubygems"

  34. 	"code.gitea.io/gitea/routers/api/packages/swift"

  35. 	"code.gitea.io/gitea/routers/api/packages/vagrant"

  36. 	"code.gitea.io/gitea/services/auth"

  37. 	"code.gitea.io/gitea/services/context"

  38. )

  39. 

  40. func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {

  41. 	return func(ctx *context.Context) {

  42. 		if ctx.Data["IsApiToken"] == true {

  43. 			scope, ok := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)

  44. 			if ok { // it's a personal access token but not oauth2 token

  45. 				scopeMatched := false

  46. 				var err error

  47. 				switch accessMode {

  48. 				case perm.AccessModeRead:

  49. 					scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeReadPackage)

  50. 					if err != nil {

  51. 						ctx.HTTPError(http.StatusInternalServerError, "HasScope", err.Error())

  52. 						return

  53. 					}

  54. 				case perm.AccessModeWrite:

  55. 					scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeWritePackage)

  56. 					if err != nil {

  57. 						ctx.HTTPError(http.StatusInternalServerError, "HasScope", err.Error())

  58. 						return

  59. 					}

  60. 				}

  61. 				if !scopeMatched {

  62. 					ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)

  63. 					ctx.HTTPError(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")

  64. 					return

  65. 				}

  66. 

  67. 				// check if scope only applies to public resources

  68. 				publicOnly, err := scope.PublicOnly()

  69. 				if err != nil {

  70. 					ctx.HTTPError(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())

  71. 					return

  72. 				}

  73. 

  74. 				if publicOnly {

  75. 					if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {

  76. 						ctx.HTTPError(http.StatusForbidden, "reqToken", "token scope is limited to public packages")

  77. 						return

  78. 					}

  79. 				}

  80. 			}

  81. 		}

  82. 

  83. 		if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {

  84. 			ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)

  85. 			ctx.HTTPError(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")

  86. 			return

  87. 		}

  88. 	}

  89. }

  90. 

  91. func verifyAuth(r *web.Router, authMethods []auth.Method) {

  92. 	if setting.Service.EnableReverseProxyAuth {

  93. 		authMethods = append(authMethods, &auth.ReverseProxy{})

  94. 	}

  95. 	authGroup := auth.NewGroup(authMethods...)

  96. 

  97. 	r.Use(func(ctx *context.Context) {

  98. 		var err error

  99. 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)

  100. 		if err != nil {

  101. 			log.Error("Failed to verify user: %v", err)

  102. 			ctx.HTTPError(http.StatusUnauthorized, "Failed to authenticate user")

  103. 			return

  104. 		}

  105. 		ctx.IsSigned = ctx.Doer != nil

  106. 	})

  107. }

  108. 

  109. // CommonRoutes provide endpoints for most package managers (except containers - see below)

  110. // These are mounted on `/api/packages` (not `/api/v1/packages`)

  111. func CommonRoutes() *web.Router {

  112. 	r := web.NewRouter()

  113. 

  114. 	r.Use(context.PackageContexter())

  115. 

  116. 	verifyAuth(r, []auth.Method{

  117. 		&auth.OAuth2{},

  118. 		&auth.Basic{},

  119. 		&nuget.Auth{},

  120. 		&conan.Auth{},

  121. 		&chef.Auth{},

  122. 	})

  123. 

  124. 	r.Group("/{username}", func() {

  125. 		r.Group("/alpine", func() {

  126. 			r.Get("/key", alpine.GetRepositoryKey)

  127. 			r.Group("/{branch}/{repository}", func() {

  128. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), alpine.UploadPackageFile)

  129. 				r.Group("/{architecture}", func() {

  130. 					r.Get("/APKINDEX.tar.gz", alpine.GetRepositoryFile)

  131. 					r.Group("/{filename}", func() {

  132. 						r.Get("", alpine.DownloadPackageFile)

  133. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), alpine.DeletePackageFile)

  134. 					})

  135. 				})

  136. 			})

  137. 		}, reqPackageAccess(perm.AccessModeRead))

  138. 		r.Group("/arch", func() {

  139. 			r.Methods("HEAD,GET", "/repository.key", arch.GetRepositoryKey)

  140. 			r.Methods("PUT", "" /* no repository */, reqPackageAccess(perm.AccessModeWrite), arch.UploadPackageFile)

  141. 			r.PathGroup("/*", func(g *web.RouterPathGroup) {

  142. 				g.MatchPath("PUT", "/<repository:*>", reqPackageAccess(perm.AccessModeWrite), arch.UploadPackageFile)

  143. 				g.MatchPath("HEAD,GET", "/<repository:*>/<architecture>/<filename>", arch.GetPackageOrRepositoryFile)

  144. 				g.MatchPath("DELETE", "/<repository:*>/<name>/<version>/<architecture>", reqPackageAccess(perm.AccessModeWrite), arch.DeletePackageVersion)

  145. 			})

  146. 		}, reqPackageAccess(perm.AccessModeRead))

  147. 		r.Group("/cargo", func() {

  148. 			r.Group("/api/v1/crates", func() {

  149. 				r.Get("", cargo.SearchPackages)

  150. 				r.Put("/new", reqPackageAccess(perm.AccessModeWrite), cargo.UploadPackage)

  151. 				r.Group("/{package}", func() {

  152. 					r.Group("/{version}", func() {

  153. 						r.Get("/download", cargo.DownloadPackageFile)

  154. 						r.Delete("/yank", reqPackageAccess(perm.AccessModeWrite), cargo.YankPackage)

  155. 						r.Put("/unyank", reqPackageAccess(perm.AccessModeWrite), cargo.UnyankPackage)

  156. 					})

  157. 					r.Get("/owners", cargo.ListOwners)

  158. 				})

  159. 			})

  160. 			r.Get("/config.json", cargo.RepositoryConfig)

  161. 			r.Get("/1/{package}", cargo.EnumeratePackageVersions)

  162. 			r.Get("/2/{package}", cargo.EnumeratePackageVersions)

  163. 			// Use dummy placeholders because these parts are not of interest

  164. 			r.Get("/3/{_}/{package}", cargo.EnumeratePackageVersions)

  165. 			r.Get("/{_}/{__}/{package}", cargo.EnumeratePackageVersions)

  166. 		}, reqPackageAccess(perm.AccessModeRead))

  167. 		r.Group("/chef", func() {

  168. 			r.Group("/api/v1", func() {

  169. 				r.Get("/universe", chef.PackagesUniverse)

  170. 				r.Get("/search", chef.EnumeratePackages)

  171. 				r.Group("/cookbooks", func() {

  172. 					r.Get("", chef.EnumeratePackages)

  173. 					r.Post("", reqPackageAccess(perm.AccessModeWrite), chef.UploadPackage)

  174. 					r.Group("/{name}", func() {

  175. 						r.Get("", chef.PackageMetadata)

  176. 						r.Group("/versions/{version}", func() {

  177. 							r.Get("", chef.PackageVersionMetadata)

  178. 							r.Delete("", reqPackageAccess(perm.AccessModeWrite), chef.DeletePackageVersion)

  179. 							r.Get("/download", chef.DownloadPackage)

  180. 						})

  181. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), chef.DeletePackage)

  182. 					})

  183. 				})

  184. 			})

  185. 		}, reqPackageAccess(perm.AccessModeRead))

  186. 		r.Group("/composer", func() {

  187. 			r.Get("/packages.json", composer.ServiceIndex)

  188. 			r.Get("/search.json", composer.SearchPackages)

  189. 			r.Get("/list.json", composer.EnumeratePackages)

  190. 			r.Get("/p2/{vendorname}/{projectname}~dev.json", composer.PackageMetadata)

  191. 			r.Get("/p2/{vendorname}/{projectname}.json", composer.PackageMetadata)

  192. 			r.Get("/files/{package}/{version}/{filename}", composer.DownloadPackageFile)

  193. 			r.Put("", reqPackageAccess(perm.AccessModeWrite), composer.UploadPackage)

  194. 		}, reqPackageAccess(perm.AccessModeRead))

  195. 		r.Group("/conan", func() {

  196. 			r.Group("/v1", func() {

  197. 				r.Get("/ping", conan.Ping)

  198. 				r.Group("/users", func() {

  199. 					r.Get("/authenticate", conan.Authenticate)

  200. 					r.Get("/check_credentials", conan.CheckCredentials)

  201. 				})

  202. 				r.Group("/conans", func() {

  203. 					r.Get("/search", conan.SearchRecipes)

  204. 					r.Group("/{name}/{version}/{user}/{channel}", func() {

  205. 						r.Get("", conan.RecipeSnapshot)

  206. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV1)

  207. 						r.Get("/search", conan.SearchPackagesV1)

  208. 						r.Get("/digest", conan.RecipeDownloadURLs)

  209. 						r.Post("/upload_urls", reqPackageAccess(perm.AccessModeWrite), conan.RecipeUploadURLs)

  210. 						r.Get("/download_urls", conan.RecipeDownloadURLs)

  211. 						r.Group("/packages", func() {

  212. 							r.Post("/delete", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV1)

  213. 							r.Group("/{package_reference}", func() {

  214. 								r.Get("", conan.PackageSnapshot)

  215. 								r.Get("/digest", conan.PackageDownloadURLs)

  216. 								r.Post("/upload_urls", reqPackageAccess(perm.AccessModeWrite), conan.PackageUploadURLs)

  217. 								r.Get("/download_urls", conan.PackageDownloadURLs)

  218. 							})

  219. 						})

  220. 					}, conan.ExtractPathParameters)

  221. 				})

  222. 				r.Group("/files/{name}/{version}/{user}/{channel}/{recipe_revision}", func() {

  223. 					r.Group("/recipe/{filename}", func() {

  224. 						r.Get("", conan.DownloadRecipeFile)

  225. 						r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadRecipeFile)

  226. 					})

  227. 					r.Group("/package/{package_reference}/{package_revision}/{filename}", func() {

  228. 						r.Get("", conan.DownloadPackageFile)

  229. 						r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadPackageFile)

  230. 					})

  231. 				}, conan.ExtractPathParameters)

  232. 			})

  233. 			r.Group("/v2", func() {

  234. 				r.Get("/ping", conan.Ping)

  235. 				r.Group("/users", func() {

  236. 					r.Get("/authenticate", conan.Authenticate)

  237. 					r.Get("/check_credentials", conan.CheckCredentials)

  238. 				})

  239. 				r.Group("/conans", func() {

  240. 					r.Get("/search", conan.SearchRecipes)

  241. 					r.Group("/{name}/{version}/{user}/{channel}", func() {

  242. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV2)

  243. 						r.Get("/search", conan.SearchPackagesV2)

  244. 						r.Get("/latest", conan.LatestRecipeRevision)

  245. 						r.Group("/revisions", func() {

  246. 							r.Get("", conan.ListRecipeRevisions)

  247. 							r.Group("/{recipe_revision}", func() {

  248. 								r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV2)

  249. 								r.Get("/search", conan.SearchPackagesV2)

  250. 								r.Group("/files", func() {

  251. 									r.Get("", conan.ListRecipeRevisionFiles)

  252. 									r.Group("/{filename}", func() {

  253. 										r.Get("", conan.DownloadRecipeFile)

  254. 										r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadRecipeFile)

  255. 									})

  256. 								})

  257. 								r.Group("/packages", func() {

  258. 									r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  259. 									r.Group("/{package_reference}", func() {

  260. 										r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  261. 										r.Get("/latest", conan.LatestPackageRevision)

  262. 										r.Group("/revisions", func() {

  263. 											r.Get("", conan.ListPackageRevisions)

  264. 											r.Group("/{package_revision}", func() {

  265. 												r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  266. 												r.Group("/files", func() {

  267. 													r.Get("", conan.ListPackageRevisionFiles)

  268. 													r.Group("/{filename}", func() {

  269. 														r.Get("", conan.DownloadPackageFile)

  270. 														r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadPackageFile)

  271. 													})

  272. 												})

  273. 											})

  274. 										})

  275. 									})

  276. 								})

  277. 							})

  278. 						})

  279. 					}, conan.ExtractPathParameters)

  280. 				})

  281. 			})

  282. 		}, reqPackageAccess(perm.AccessModeRead))

  283. 		r.PathGroup("/conda/*", func(g *web.RouterPathGroup) {

  284. 			g.MatchPath("GET", "/<architecture>/<filename>", conda.ListOrGetPackages)

  285. 			g.MatchPath("GET", "/<channel:*>/<architecture>/<filename>", conda.ListOrGetPackages)

  286. 			g.MatchPath("PUT", "/<channel:*>/<filename>", reqPackageAccess(perm.AccessModeWrite), conda.UploadPackageFile)

  287. 		}, reqPackageAccess(perm.AccessModeRead))

  288. 		r.Group("/cran", func() {

  289. 			r.Group("/src", func() {

  290. 				r.Group("/contrib", func() {

  291. 					r.Get("/PACKAGES", cran.EnumerateSourcePackages)

  292. 					r.Get("/PACKAGES{format}", cran.EnumerateSourcePackages)

  293. 					r.Get("/{filename}", cran.DownloadSourcePackageFile)

  294. 					r.Get("/Archive/{packagename}/{filename}", cran.DownloadSourcePackageFile)

  295. 				})

  296. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), cran.UploadSourcePackageFile)

  297. 			})

  298. 			r.Group("/bin", func() {

  299. 				r.Group("/{platform}/contrib/{rversion}", func() {

  300. 					r.Get("/PACKAGES", cran.EnumerateBinaryPackages)

  301. 					r.Get("/PACKAGES{format}", cran.EnumerateBinaryPackages)

  302. 					r.Get("/{filename}", cran.DownloadBinaryPackageFile)

  303. 				})

  304. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), cran.UploadBinaryPackageFile)

  305. 			})

  306. 		}, reqPackageAccess(perm.AccessModeRead))

  307. 		r.Group("/debian", func() {

  308. 			r.Get("/repository.key", debian.GetRepositoryKey)

  309. 			r.Group("/dists/{distribution}", func() {

  310. 				r.Get("/{filename}", debian.GetRepositoryFile)

  311. 				r.Get("/by-hash/{algorithm}/{hash}", debian.GetRepositoryFileByHash)

  312. 				r.Group("/{component}/{architecture}", func() {

  313. 					r.Get("/{filename}", debian.GetRepositoryFile)

  314. 					r.Get("/by-hash/{algorithm}/{hash}", debian.GetRepositoryFileByHash)

  315. 				})

  316. 			})

  317. 			r.Group("/pool/{distribution}/{component}", func() {

  318. 				r.Get("/{name}_{version}_{architecture}.deb", debian.DownloadPackageFile)

  319. 				r.Group("", func() {

  320. 					r.Put("/upload", debian.UploadPackageFile)

  321. 					r.Delete("/{name}/{version}/{architecture}", debian.DeletePackageFile)

  322. 				}, reqPackageAccess(perm.AccessModeWrite))

  323. 			})

  324. 		}, reqPackageAccess(perm.AccessModeRead))

  325. 		r.Group("/go", func() {

  326. 			r.Put("/upload", reqPackageAccess(perm.AccessModeWrite), goproxy.UploadPackage)

  327. 			r.Get("/sumdb/sum.golang.org/supported", http.NotFound)

  328. 

  329. 			// https://go.dev/ref/mod#goproxy-protocol

  330. 			r.PathGroup("/*", func(g *web.RouterPathGroup) {

  331. 				g.MatchPath("GET", "/<name:*>/@<version:latest>", goproxy.PackageVersionMetadata)

  332. 				g.MatchPath("GET", "/<name:*>/@v/list", goproxy.EnumeratePackageVersions)

  333. 				g.MatchPath("GET", "/<name:*>/@v/<version>.zip", goproxy.DownloadPackageFile)

  334. 				g.MatchPath("GET", "/<name:*>/@v/<version>.info", goproxy.PackageVersionMetadata)

  335. 				g.MatchPath("GET", "/<name:*>/@v/<version>.mod", goproxy.PackageVersionGoModContent)

  336. 			})

  337. 		}, reqPackageAccess(perm.AccessModeRead))

  338. 		r.Group("/generic", func() {

  339. 			r.Group("/{packagename}/{packageversion}", func() {

  340. 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), generic.DeletePackage)

  341. 				r.Group("/{filename}", func() {

  342. 					r.Methods("HEAD,GET", "", generic.DownloadPackageFile)

  343. 					r.Group("", func() {

  344. 						r.Put("", generic.UploadPackage)

  345. 						r.Delete("", generic.DeletePackageFile)

  346. 					}, reqPackageAccess(perm.AccessModeWrite))

  347. 				})

  348. 			})

  349. 		}, reqPackageAccess(perm.AccessModeRead))

  350. 		r.Group("/helm", func() {

  351. 			r.Get("/index.yaml", helm.Index)

  352. 			r.Get("/{filename}", helm.DownloadPackageFile)

  353. 			r.Post("/api/charts", reqPackageAccess(perm.AccessModeWrite), helm.UploadPackage)

  354. 		}, reqPackageAccess(perm.AccessModeRead))

  355. 		r.Group("/maven", func() {

  356. 			r.Put("/*", reqPackageAccess(perm.AccessModeWrite), maven.UploadPackageFile)

  357. 			r.Get("/*", maven.DownloadPackageFile)

  358. 			r.Head("/*", maven.ProvidePackageFileHeader)

  359. 		}, reqPackageAccess(perm.AccessModeRead))

  360. 		r.Group("/nuget", func() {

  361. 			r.Group("", func() { // Needs to be unauthenticated for the NuGet client.

  362. 				r.Get("/", nuget.ServiceIndexV2)

  363. 				r.Get("/index.json", nuget.ServiceIndexV3)

  364. 				r.Get("/$metadata", nuget.FeedCapabilityResource)

  365. 			})

  366. 			r.Group("", func() {

  367. 				r.Get("/query", nuget.SearchServiceV3)

  368. 				r.Group("/registration/{id}", func() {

  369. 					r.Get("/index.json", nuget.RegistrationIndex)

  370. 					r.Get("/{version}", nuget.RegistrationLeafV3)

  371. 				})

  372. 				r.Group("/package/{id}", func() {

  373. 					r.Get("/index.json", nuget.EnumeratePackageVersionsV3)

  374. 					r.Get("/{version}/{filename}", nuget.DownloadPackageFile)

  375. 				})

  376. 				r.Group("", func() {

  377. 					r.Put("/", nuget.UploadPackage)

  378. 					r.Put("/symbolpackage", nuget.UploadSymbolPackage)

  379. 					r.Delete("/{id}/{version}", nuget.DeletePackage)

  380. 				}, reqPackageAccess(perm.AccessModeWrite))

  381. 				r.Get("/symbols/{filename}/{guid:[0-9a-fA-F]{32}[fF]{8}}/{filename2}", nuget.DownloadSymbolFile)

  382. 				r.Get("/Packages(Id='{id:[^']+}',Version='{version:[^']+}')", nuget.RegistrationLeafV2)

  383. 				r.Group("/Packages()", func() {

  384. 					r.Get("", nuget.SearchServiceV2)

  385. 					r.Get("/$count", nuget.SearchServiceV2Count)

  386. 				})

  387. 				r.Group("/FindPackagesById()", func() {

  388. 					r.Get("", nuget.EnumeratePackageVersionsV2)

  389. 					r.Get("/$count", nuget.EnumeratePackageVersionsV2Count)

  390. 				})

  391. 				r.Group("/Search()", func() {

  392. 					r.Get("", nuget.SearchServiceV2)

  393. 					r.Get("/$count", nuget.SearchServiceV2Count)

  394. 				})

  395. 			}, reqPackageAccess(perm.AccessModeRead))

  396. 		})

  397. 		r.Group("/npm", func() {

  398. 			r.Group("/@{scope}/{id}", func() {

  399. 				r.Get("", npm.PackageMetadata)

  400. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), npm.UploadPackage)

  401. 				r.Group("/-/{version}/{filename}", func() {

  402. 					r.Get("", npm.DownloadPackageFile)

  403. 					r.Delete("/-rev/{revision}", reqPackageAccess(perm.AccessModeWrite), npm.DeletePackageVersion)

  404. 				})

  405. 				r.Get("/-/{filename}", npm.DownloadPackageFileByName)

  406. 				r.Group("/-rev/{revision}", func() {

  407. 					r.Delete("", npm.DeletePackage)

  408. 					r.Put("", npm.DeletePreview)

  409. 				}, reqPackageAccess(perm.AccessModeWrite))

  410. 			})

  411. 			r.Group("/{id}", func() {

  412. 				r.Get("", npm.PackageMetadata)

  413. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), npm.UploadPackage)

  414. 				r.Group("/-/{version}/{filename}", func() {

  415. 					r.Get("", npm.DownloadPackageFile)

  416. 					r.Delete("/-rev/{revision}", reqPackageAccess(perm.AccessModeWrite), npm.DeletePackageVersion)

  417. 				})

  418. 				r.Get("/-/{filename}", npm.DownloadPackageFileByName)

  419. 				r.Group("/-rev/{revision}", func() {

  420. 					r.Delete("", npm.DeletePackage)

  421. 					r.Put("", npm.DeletePreview)

  422. 				}, reqPackageAccess(perm.AccessModeWrite))

  423. 			})

  424. 			r.Group("/-/package/@{scope}/{id}/dist-tags", func() {

  425. 				r.Get("", npm.ListPackageTags)

  426. 				r.Group("/{tag}", func() {

  427. 					r.Put("", npm.AddPackageTag)

  428. 					r.Delete("", npm.DeletePackageTag)

  429. 				}, reqPackageAccess(perm.AccessModeWrite))

  430. 			})

  431. 			r.Group("/-/package/{id}/dist-tags", func() {

  432. 				r.Get("", npm.ListPackageTags)

  433. 				r.Group("/{tag}", func() {

  434. 					r.Put("", npm.AddPackageTag)

  435. 					r.Delete("", npm.DeletePackageTag)

  436. 				}, reqPackageAccess(perm.AccessModeWrite))

  437. 			})

  438. 			r.Group("/-/v1/search", func() {

  439. 				r.Get("", npm.PackageSearch)

  440. 			})

  441. 		}, reqPackageAccess(perm.AccessModeRead))

  442. 		r.Group("/pub", func() {

  443. 			r.Group("/api/packages", func() {

  444. 				r.Group("/versions/new", func() {

  445. 					r.Get("", pub.RequestUpload)

  446. 					r.Post("/upload", pub.UploadPackageFile)

  447. 					r.Get("/finalize/{id}/{version}", pub.FinalizePackage)

  448. 				}, reqPackageAccess(perm.AccessModeWrite))

  449. 				r.Group("/{id}", func() {

  450. 					r.Get("", pub.EnumeratePackageVersions)

  451. 					r.Get("/files/{version}", pub.DownloadPackageFile)

  452. 					r.Get("/{version}", pub.PackageVersionMetadata)

  453. 				})

  454. 			})

  455. 		}, reqPackageAccess(perm.AccessModeRead))

  456. 

  457. 		r.Group("/pypi", func() {

  458. 			r.Post("/", reqPackageAccess(perm.AccessModeWrite), pypi.UploadPackageFile)

  459. 			r.Get("/files/{id}/{version}/{filename}", pypi.DownloadPackageFile)

  460. 			r.Get("/simple/{id}", pypi.PackageMetadata)

  461. 		}, reqPackageAccess(perm.AccessModeRead))

  462. 

  463. 		r.Methods("HEAD,GET", "/rpm.repo", reqPackageAccess(perm.AccessModeRead), rpm.GetRepositoryConfig)

  464. 		r.PathGroup("/rpm/*", func(g *web.RouterPathGroup) {

  465. 			g.MatchPath("HEAD,GET", "/repository.key", rpm.GetRepositoryKey)

  466. 			g.MatchPath("HEAD,GET", "/<group:*>.repo", rpm.GetRepositoryConfig)

  467. 			g.MatchPath("HEAD", "/<group:*>/repodata/<filename>", rpm.CheckRepositoryFileExistence)

  468. 			g.MatchPath("GET", "/<group:*>/repodata/<filename>", rpm.GetRepositoryFile)

  469. 			g.MatchPath("PUT", "/<group:*>/upload", reqPackageAccess(perm.AccessModeWrite), rpm.UploadPackageFile)

  470. 			// this URL pattern is only used internally in the RPM index, it is generated by us, the filename part is not really used (can be anything)

  471. 			g.MatchPath("HEAD,GET", "/<group:*>/package/<name>/<version>/<architecture>", rpm.DownloadPackageFile)

  472. 			g.MatchPath("HEAD,GET", "/<group:*>/package/<name>/<version>/<architecture>/<filename>", rpm.DownloadPackageFile)

  473. 			g.MatchPath("DELETE", "/<group:*>/package/<name>/<version>/<architecture>", reqPackageAccess(perm.AccessModeWrite), rpm.DeletePackageFile)

  474. 		}, reqPackageAccess(perm.AccessModeRead))

  475. 

  476. 		r.Group("/rubygems", func() {

  477. 			r.Get("/specs.4.8.gz", rubygems.EnumeratePackages)

  478. 			r.Get("/latest_specs.4.8.gz", rubygems.EnumeratePackagesLatest)

  479. 			r.Get("/prerelease_specs.4.8.gz", rubygems.EnumeratePackagesPreRelease)

  480. 			r.Get("/quick/Marshal.4.8/{filename}", rubygems.ServePackageSpecification)

  481. 			r.Get("/gems/{filename}", rubygems.DownloadPackageFile)

  482. 			r.Get("/info/{packagename}", rubygems.GetPackageInfo)

  483. 			r.Get("/versions", rubygems.GetAllPackagesVersions)

  484. 			r.Group("/api/v1/gems", func() {

  485. 				r.Post("/", rubygems.UploadPackageFile)

  486. 				r.Delete("/yank", rubygems.DeletePackage)

  487. 			}, reqPackageAccess(perm.AccessModeWrite))

  488. 		}, reqPackageAccess(perm.AccessModeRead))

  489. 

  490. 		r.Group("/swift", func() {

  491. 			r.Group("", func() { // Needs to be unauthenticated.

  492. 				r.Post("", swift.CheckAuthenticate)

  493. 				r.Post("/login", swift.CheckAuthenticate)

  494. 			})

  495. 			r.Group("", func() {

  496. 				r.Group("/{scope}/{name}", func() {

  497. 					r.Group("", func() {

  498. 						r.Get("", swift.EnumeratePackageVersions)

  499. 						r.Get(".json", swift.EnumeratePackageVersions)

  500. 					}, swift.CheckAcceptMediaType(swift.AcceptJSON))

  501. 					r.PathGroup("/*", func(g *web.RouterPathGroup) {

  502. 						g.MatchPath("GET", "/<version>.json", swift.CheckAcceptMediaType(swift.AcceptJSON), swift.PackageVersionMetadata)

  503. 						g.MatchPath("GET", "/<version>.zip", swift.CheckAcceptMediaType(swift.AcceptZip), swift.DownloadPackageFile)

  504. 						g.MatchPath("GET", "/<version>/Package.swift", swift.CheckAcceptMediaType(swift.AcceptSwift), swift.DownloadManifest)

  505. 						g.MatchPath("GET", "/<version>", swift.CheckAcceptMediaType(swift.AcceptJSON), swift.PackageVersionMetadata)

  506. 						g.MatchPath("PUT", "/<version>", reqPackageAccess(perm.AccessModeWrite), swift.CheckAcceptMediaType(swift.AcceptJSON), swift.UploadPackageFile)

  507. 					})

  508. 				})

  509. 				r.Get("/identifiers", swift.CheckAcceptMediaType(swift.AcceptJSON), swift.LookupPackageIdentifiers)

  510. 			}, reqPackageAccess(perm.AccessModeRead))

  511. 		})

  512. 		r.Group("/vagrant", func() {

  513. 			r.Group("/authenticate", func() {

  514. 				r.Get("", vagrant.CheckAuthenticate)

  515. 			})

  516. 			r.Group("/{name}", func() {

  517. 				r.Head("", vagrant.CheckBoxAvailable)

  518. 				r.Get("", vagrant.EnumeratePackageVersions)

  519. 				r.Group("/{version}/{provider}", func() {

  520. 					r.Get("", vagrant.DownloadPackageFile)

  521. 					r.Put("", reqPackageAccess(perm.AccessModeWrite), vagrant.UploadPackageFile)

  522. 				})

  523. 			})

  524. 		}, reqPackageAccess(perm.AccessModeRead))

  525. 	}, context.UserAssignmentWeb(), context.PackageAssignment())

  526. 

  527. 	return r

  528. }

  529. 

  530. // ContainerRoutes provides endpoints that implement the OCI API to serve containers

  531. // These have to be mounted on `/v2/...` to comply with the OCI spec:

  532. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md

  533. func ContainerRoutes() *web.Router {

  534. 	r := web.NewRouter()

  535. 

  536. 	r.Use(context.PackageContexter())

  537. 

  538. 	verifyAuth(r, []auth.Method{

  539. 		&auth.Basic{},

  540. 		&container.Auth{},

  541. 	})

  542. 

  543. 	// TODO: Content Discovery / References (not implemented yet)

  544. 

  545. 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)

  546. 	r.Group("/token", func() {

  547. 		r.Get("", container.Authenticate)

  548. 		r.Post("", container.AuthenticateNotImplemented)

  549. 	})

  550. 	r.Get("/_catalog", container.ReqContainerAccess, container.GetRepositoryList)

  551. 	r.Group("/{username}", func() {

  552. 		r.PathGroup("/*", func(g *web.RouterPathGroup) {

  553. 			g.MatchPath("POST", "/<image:*>/blobs/uploads", reqPackageAccess(perm.AccessModeWrite), container.VerifyImageName, container.PostBlobsUploads)

  554. 			g.MatchPath("GET", "/<image:*>/tags/list", container.VerifyImageName, container.GetTagsList)

  555. 

  556. 			patternBlobsUploadsUUID := g.PatternRegexp(`/<image:*>/blobs/uploads/<uuid:[-.=\w]+>`, reqPackageAccess(perm.AccessModeWrite), container.VerifyImageName)

  557. 			g.MatchPattern("GET", patternBlobsUploadsUUID, container.GetBlobsUpload)

  558. 			g.MatchPattern("PATCH", patternBlobsUploadsUUID, container.PatchBlobsUpload)

  559. 			g.MatchPattern("PUT", patternBlobsUploadsUUID, container.PutBlobsUpload)

  560. 			g.MatchPattern("DELETE", patternBlobsUploadsUUID, container.DeleteBlobsUpload)

  561. 

  562. 			g.MatchPath("HEAD", `/<image:*>/blobs/<digest>`, container.VerifyImageName, container.HeadBlob)

  563. 			g.MatchPath("GET", `/<image:*>/blobs/<digest>`, container.VerifyImageName, container.GetBlob)

  564. 			g.MatchPath("DELETE", `/<image:*>/blobs/<digest>`, container.VerifyImageName, reqPackageAccess(perm.AccessModeWrite), container.DeleteBlob)

  565. 

  566. 			g.MatchPath("HEAD", `/<image:*>/manifests/<reference>`, container.VerifyImageName, container.HeadManifest)

  567. 			g.MatchPath("GET", `/<image:*>/manifests/<reference>`, container.VerifyImageName, container.GetManifest)

  568. 			g.MatchPath("PUT", `/<image:*>/manifests/<reference>`, container.VerifyImageName, reqPackageAccess(perm.AccessModeWrite), container.PutManifest)

  569. 			g.MatchPath("DELETE", `/<image:*>/manifests/<reference>`, container.VerifyImageName, reqPackageAccess(perm.AccessModeWrite), container.DeleteManifest)

  570. 		})

  571. 	}, container.ReqContainerAccess, context.UserAssignmentWeb(), context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))

  572. 

  573. 	return r

  574. }