afan
/
gitea
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
gitea源码
3 Commits
2 Branches
Branch: master
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'master'
${ noResults }
gitea/routers/api/packages/npm/npm.go

npm.go 12KB
Permalink Geschiedenis Ruw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package npm

  5. 

  6. import (

  7. 	"bytes"

  8. 	std_ctx "context"

  9. 	"errors"

  10. 	"fmt"

  11. 	"io"

  12. 	"net/http"

  13. 	"strings"

  14. 

  15. 	"code.gitea.io/gitea/models/db"

  16. 	packages_model "code.gitea.io/gitea/models/packages"

  17. 	access_model "code.gitea.io/gitea/models/perm/access"

  18. 	repo_model "code.gitea.io/gitea/models/repo"

  19. 	"code.gitea.io/gitea/models/unit"

  20. 	"code.gitea.io/gitea/modules/optional"

  21. 	packages_module "code.gitea.io/gitea/modules/packages"

  22. 	npm_module "code.gitea.io/gitea/modules/packages/npm"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	"code.gitea.io/gitea/modules/util"

  25. 	"code.gitea.io/gitea/routers/api/packages/helper"

  26. 	"code.gitea.io/gitea/services/context"

  27. 	packages_service "code.gitea.io/gitea/services/packages"

  28. 

  29. 	"github.com/hashicorp/go-version"

  30. )

  31. 

  32. // errInvalidTagName indicates an invalid tag name

  33. var errInvalidTagName = errors.New("The tag name is invalid")

  34. 

  35. func apiError(ctx *context.Context, status int, obj any) {

  36. 	message := helper.ProcessErrorForUser(ctx, status, obj)

  37. 	ctx.JSON(status, map[string]string{

  38. 		"error": message,

  39. 	})

  40. }

  41. 

  42. // packageNameFromParams gets the package name from the url parameters

  43. // Variations: /name/, /@scope/name/, /@scope%2Fname/

  44. func packageNameFromParams(ctx *context.Context) string {

  45. 	scope := ctx.PathParam("scope")

  46. 	id := ctx.PathParam("id")

  47. 	if scope != "" {

  48. 		return fmt.Sprintf("@%s/%s", scope, id)

  49. 	}

  50. 	return id

  51. }

  52. 

  53. // PackageMetadata returns the metadata for a single package

  54. func PackageMetadata(ctx *context.Context) {

  55. 	packageName := packageNameFromParams(ctx)

  56. 

  57. 	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeNpm, packageName)

  58. 	if err != nil {

  59. 		apiError(ctx, http.StatusInternalServerError, err)

  60. 		return

  61. 	}

  62. 	if len(pvs) == 0 {

  63. 		apiError(ctx, http.StatusNotFound, err)

  64. 		return

  65. 	}

  66. 

  67. 	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)

  68. 	if err != nil {

  69. 		apiError(ctx, http.StatusInternalServerError, err)

  70. 		return

  71. 	}

  72. 

  73. 	resp := createPackageMetadataResponse(

  74. 		setting.AppURL+"api/packages/"+ctx.Package.Owner.Name+"/npm",

  75. 		pds,

  76. 	)

  77. 

  78. 	ctx.JSON(http.StatusOK, resp)

  79. }

  80. 

  81. // DownloadPackageFile serves the content of a package

  82. func DownloadPackageFile(ctx *context.Context) {

  83. 	packageName := packageNameFromParams(ctx)

  84. 	packageVersion := ctx.PathParam("version")

  85. 	filename := ctx.PathParam("filename")

  86. 

  87. 	s, u, pf, err := packages_service.OpenFileForDownloadByPackageNameAndVersion(

  88. 		ctx,

  89. 		&packages_service.PackageInfo{

  90. 			Owner:       ctx.Package.Owner,

  91. 			PackageType: packages_model.TypeNpm,

  92. 			Name:        packageName,

  93. 			Version:     packageVersion,

  94. 		},

  95. 		&packages_service.PackageFileInfo{

  96. 			Filename: filename,

  97. 		},

  98. 		ctx.Req.Method,

  99. 	)

  100. 	if err != nil {

  101. 		if errors.Is(err, packages_model.ErrPackageNotExist) || errors.Is(err, packages_model.ErrPackageFileNotExist) {

  102. 			apiError(ctx, http.StatusNotFound, err)

  103. 			return

  104. 		}

  105. 		apiError(ctx, http.StatusInternalServerError, err)

  106. 		return

  107. 	}

  108. 

  109. 	helper.ServePackageFile(ctx, s, u, pf)

  110. }

  111. 

  112. // DownloadPackageFileByName finds the version and serves the contents of a package

  113. func DownloadPackageFileByName(ctx *context.Context) {

  114. 	filename := ctx.PathParam("filename")

  115. 

  116. 	pvs, _, err := packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{

  117. 		OwnerID: ctx.Package.Owner.ID,

  118. 		Type:    packages_model.TypeNpm,

  119. 		Name: packages_model.SearchValue{

  120. 			ExactMatch: true,

  121. 			Value:      packageNameFromParams(ctx),

  122. 		},

  123. 		HasFileWithName: filename,

  124. 		IsInternal:      optional.Some(false),

  125. 	})

  126. 	if err != nil {

  127. 		apiError(ctx, http.StatusInternalServerError, err)

  128. 		return

  129. 	}

  130. 	if len(pvs) != 1 {

  131. 		apiError(ctx, http.StatusNotFound, nil)

  132. 		return

  133. 	}

  134. 

  135. 	s, u, pf, err := packages_service.OpenFileForDownloadByPackageVersion(

  136. 		ctx,

  137. 		pvs[0],

  138. 		&packages_service.PackageFileInfo{

  139. 			Filename: filename,

  140. 		},

  141. 		ctx.Req.Method,

  142. 	)

  143. 	if err != nil {

  144. 		if errors.Is(err, packages_model.ErrPackageFileNotExist) {

  145. 			apiError(ctx, http.StatusNotFound, err)

  146. 			return

  147. 		}

  148. 		apiError(ctx, http.StatusInternalServerError, err)

  149. 		return

  150. 	}

  151. 

  152. 	helper.ServePackageFile(ctx, s, u, pf)

  153. }

  154. 

  155. // UploadPackage creates a new package

  156. func UploadPackage(ctx *context.Context) {

  157. 	npmPackage, err := npm_module.ParsePackage(ctx.Req.Body)

  158. 	if err != nil {

  159. 		if errors.Is(err, util.ErrInvalidArgument) {

  160. 			apiError(ctx, http.StatusBadRequest, err)

  161. 		} else {

  162. 			apiError(ctx, http.StatusInternalServerError, err)

  163. 		}

  164. 		return

  165. 	}

  166. 

  167. 	repo, err := repo_model.GetRepositoryByURLRelax(ctx, npmPackage.Metadata.Repository.URL)

  168. 	if err == nil {

  169. 		canWrite := repo.OwnerID == ctx.Doer.ID

  170. 

  171. 		if !canWrite {

  172. 			perms, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)

  173. 			if err != nil {

  174. 				apiError(ctx, http.StatusInternalServerError, err)

  175. 				return

  176. 			}

  177. 

  178. 			canWrite = perms.CanWrite(unit.TypePackages)

  179. 		}

  180. 

  181. 		if !canWrite {

  182. 			apiError(ctx, http.StatusForbidden, "no permission to upload this package")

  183. 			return

  184. 		}

  185. 	}

  186. 

  187. 	buf, err := packages_module.CreateHashedBufferFromReader(bytes.NewReader(npmPackage.Data))

  188. 	if err != nil {

  189. 		apiError(ctx, http.StatusInternalServerError, err)

  190. 		return

  191. 	}

  192. 	defer buf.Close()

  193. 

  194. 	pv, _, err := packages_service.CreatePackageAndAddFile(

  195. 		ctx,

  196. 		&packages_service.PackageCreationInfo{

  197. 			PackageInfo: packages_service.PackageInfo{

  198. 				Owner:       ctx.Package.Owner,

  199. 				PackageType: packages_model.TypeNpm,

  200. 				Name:        npmPackage.Name,

  201. 				Version:     npmPackage.Version,

  202. 			},

  203. 			SemverCompatible: true,

  204. 			Creator:          ctx.Doer,

  205. 			Metadata:         npmPackage.Metadata,

  206. 		},

  207. 		&packages_service.PackageFileCreationInfo{

  208. 			PackageFileInfo: packages_service.PackageFileInfo{

  209. 				Filename: npmPackage.Filename,

  210. 			},

  211. 			Creator: ctx.Doer,

  212. 			Data:    buf,

  213. 			IsLead:  true,

  214. 		},

  215. 	)

  216. 	if err != nil {

  217. 		switch err {

  218. 		case packages_model.ErrDuplicatePackageVersion:

  219. 			apiError(ctx, http.StatusConflict, err)

  220. 		case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:

  221. 			apiError(ctx, http.StatusForbidden, err)

  222. 		default:

  223. 			apiError(ctx, http.StatusInternalServerError, err)

  224. 		}

  225. 		return

  226. 	}

  227. 

  228. 	for _, tag := range npmPackage.DistTags {

  229. 		if err := setPackageTag(ctx, tag, pv, false); err != nil {

  230. 			if err == errInvalidTagName {

  231. 				apiError(ctx, http.StatusBadRequest, err)

  232. 				return

  233. 			}

  234. 			apiError(ctx, http.StatusInternalServerError, err)

  235. 			return

  236. 		}

  237. 	}

  238. 

  239. 	if repo != nil {

  240. 		if err := packages_model.SetRepositoryLink(ctx, pv.PackageID, repo.ID); err != nil {

  241. 			apiError(ctx, http.StatusInternalServerError, err)

  242. 			return

  243. 		}

  244. 	}

  245. 

  246. 	ctx.Status(http.StatusCreated)

  247. }

  248. 

  249. // DeletePreview does nothing

  250. // The client tells the server what package version it knows about after deleting a version.

  251. func DeletePreview(ctx *context.Context) {

  252. 	ctx.Status(http.StatusOK)

  253. }

  254. 

  255. // DeletePackageVersion deletes the package version

  256. func DeletePackageVersion(ctx *context.Context) {

  257. 	packageName := packageNameFromParams(ctx)

  258. 	packageVersion := ctx.PathParam("version")

  259. 

  260. 	err := packages_service.RemovePackageVersionByNameAndVersion(

  261. 		ctx,

  262. 		ctx.Doer,

  263. 		&packages_service.PackageInfo{

  264. 			Owner:       ctx.Package.Owner,

  265. 			PackageType: packages_model.TypeNpm,

  266. 			Name:        packageName,

  267. 			Version:     packageVersion,

  268. 		},

  269. 	)

  270. 	if err != nil {

  271. 		if errors.Is(err, packages_model.ErrPackageNotExist) {

  272. 			apiError(ctx, http.StatusNotFound, err)

  273. 			return

  274. 		}

  275. 		apiError(ctx, http.StatusInternalServerError, err)

  276. 		return

  277. 	}

  278. 

  279. 	ctx.Status(http.StatusOK)

  280. }

  281. 

  282. // DeletePackage deletes the package and all versions

  283. func DeletePackage(ctx *context.Context) {

  284. 	packageName := packageNameFromParams(ctx)

  285. 

  286. 	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeNpm, packageName)

  287. 	if err != nil {

  288. 		apiError(ctx, http.StatusInternalServerError, err)

  289. 		return

  290. 	}

  291. 

  292. 	if len(pvs) == 0 {

  293. 		apiError(ctx, http.StatusNotFound, err)

  294. 		return

  295. 	}

  296. 

  297. 	for _, pv := range pvs {

  298. 		if err := packages_service.RemovePackageVersion(ctx, ctx.Doer, pv); err != nil {

  299. 			apiError(ctx, http.StatusInternalServerError, err)

  300. 			return

  301. 		}

  302. 	}

  303. 

  304. 	ctx.Status(http.StatusOK)

  305. }

  306. 

  307. // ListPackageTags returns all tags for a package

  308. func ListPackageTags(ctx *context.Context) {

  309. 	packageName := packageNameFromParams(ctx)

  310. 

  311. 	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeNpm, packageName)

  312. 	if err != nil {

  313. 		apiError(ctx, http.StatusInternalServerError, err)

  314. 		return

  315. 	}

  316. 

  317. 	tags := make(map[string]string)

  318. 	for _, pv := range pvs {

  319. 		pvps, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypeVersion, pv.ID, npm_module.TagProperty)

  320. 		if err != nil {

  321. 			apiError(ctx, http.StatusInternalServerError, err)

  322. 			return

  323. 		}

  324. 		for _, pvp := range pvps {

  325. 			tags[pvp.Value] = pv.Version

  326. 		}

  327. 	}

  328. 

  329. 	ctx.JSON(http.StatusOK, tags)

  330. }

  331. 

  332. // AddPackageTag adds a tag to the package

  333. func AddPackageTag(ctx *context.Context) {

  334. 	packageName := packageNameFromParams(ctx)

  335. 

  336. 	body, err := io.ReadAll(ctx.Req.Body)

  337. 	if err != nil {

  338. 		apiError(ctx, http.StatusInternalServerError, err)

  339. 		return

  340. 	}

  341. 	version := strings.Trim(string(body), "\"") // is as "version" in the body

  342. 

  343. 	pv, err := packages_model.GetVersionByNameAndVersion(ctx, ctx.Package.Owner.ID, packages_model.TypeNpm, packageName, version)

  344. 	if err != nil {

  345. 		if errors.Is(err, packages_model.ErrPackageNotExist) {

  346. 			apiError(ctx, http.StatusNotFound, err)

  347. 			return

  348. 		}

  349. 		apiError(ctx, http.StatusInternalServerError, err)

  350. 		return

  351. 	}

  352. 

  353. 	if err := setPackageTag(ctx, ctx.PathParam("tag"), pv, false); err != nil {

  354. 		if err == errInvalidTagName {

  355. 			apiError(ctx, http.StatusBadRequest, err)

  356. 			return

  357. 		}

  358. 		apiError(ctx, http.StatusInternalServerError, err)

  359. 		return

  360. 	}

  361. }

  362. 

  363. // DeletePackageTag deletes a package tag

  364. func DeletePackageTag(ctx *context.Context) {

  365. 	packageName := packageNameFromParams(ctx)

  366. 

  367. 	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeNpm, packageName)

  368. 	if err != nil {

  369. 		apiError(ctx, http.StatusInternalServerError, err)

  370. 		return

  371. 	}

  372. 

  373. 	if len(pvs) != 0 {

  374. 		if err := setPackageTag(ctx, ctx.PathParam("tag"), pvs[0], true); err != nil {

  375. 			if err == errInvalidTagName {

  376. 				apiError(ctx, http.StatusBadRequest, err)

  377. 				return

  378. 			}

  379. 			apiError(ctx, http.StatusInternalServerError, err)

  380. 			return

  381. 		}

  382. 	}

  383. }

  384. 

  385. func setPackageTag(ctx std_ctx.Context, tag string, pv *packages_model.PackageVersion, deleteOnly bool) error {

  386. 	if tag == "" {

  387. 		return errInvalidTagName

  388. 	}

  389. 	_, err := version.NewVersion(tag)

  390. 	if err == nil {

  391. 		return errInvalidTagName

  392. 	}

  393. 

  394. 	return db.WithTx(ctx, func(ctx std_ctx.Context) error {

  395. 		pvs, _, err := packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{

  396. 			PackageID: pv.PackageID,

  397. 			Properties: map[string]string{

  398. 				npm_module.TagProperty: tag,

  399. 			},

  400. 			IsInternal: optional.Some(false),

  401. 		})

  402. 		if err != nil {

  403. 			return err

  404. 		}

  405. 

  406. 		if len(pvs) == 1 {

  407. 			pvps, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypeVersion, pvs[0].ID, npm_module.TagProperty)

  408. 			if err != nil {

  409. 				return err

  410. 			}

  411. 

  412. 			for _, pvp := range pvps {

  413. 				if pvp.Value == tag {

  414. 					if err := packages_model.DeletePropertyByID(ctx, pvp.ID); err != nil {

  415. 						return err

  416. 					}

  417. 					break

  418. 				}

  419. 			}

  420. 		}

  421. 

  422. 		if !deleteOnly {

  423. 			_, err = packages_model.InsertProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, npm_module.TagProperty, tag)

  424. 			if err != nil {

  425. 				return err

  426. 			}

  427. 		}

  428. 		return nil

  429. 	})

  430. }

  431. 

  432. func PackageSearch(ctx *context.Context) {

  433. 	pvs, total, err := packages_model.SearchLatestVersions(ctx, &packages_model.PackageSearchOptions{

  434. 		OwnerID:    ctx.Package.Owner.ID,

  435. 		Type:       packages_model.TypeNpm,

  436. 		IsInternal: optional.Some(false),

  437. 		Name: packages_model.SearchValue{

  438. 			ExactMatch: false,

  439. 			Value:      ctx.FormTrim("text"),

  440. 		},

  441. 		Paginator: db.NewAbsoluteListOptions(

  442. 			ctx.FormInt("from"),

  443. 			ctx.FormInt("size"),

  444. 		),

  445. 	})

  446. 	if err != nil {

  447. 		apiError(ctx, http.StatusInternalServerError, err)

  448. 		return

  449. 	}

  450. 

  451. 	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)

  452. 	if err != nil {

  453. 		apiError(ctx, http.StatusInternalServerError, err)

  454. 		return

  455. 	}

  456. 

  457. 	resp := createPackageSearchResponse(

  458. 		pds,

  459. 		total,

  460. 	)

  461. 

  462. 	ctx.JSON(http.StatusOK, resp)

  463. }