diff options
Diffstat (limited to 'lib/api/nuget_project_packages.rb')
-rw-r--r-- | lib/api/nuget_project_packages.rb | 68 |
1 files changed, 29 insertions, 39 deletions
diff --git a/lib/api/nuget_project_packages.rb b/lib/api/nuget_project_packages.rb index b2516cc91f8..2146f4d4b78 100644 --- a/lib/api/nuget_project_packages.rb +++ b/lib/api/nuget_project_packages.rb @@ -5,10 +5,13 @@ # These API endpoints are not meant to be consumed directly by users. They are # called by the NuGet package manager client when users run commands # like `nuget install` or `nuget push`. +# +# This is the project level API. module API class NugetProjectPackages < ::API::Base - helpers ::API::Helpers::PackagesManagerClientsHelpers + helpers ::API::Helpers::PackagesHelpers helpers ::API::Helpers::Packages::BasicAuthHelpers + include ::API::Helpers::Authentication feature_category :package_registry @@ -16,25 +19,29 @@ module API default_format :json + authenticate_with do |accept| + accept.token_types(:personal_access_token, :deploy_token, :job_token) + .sent_through(:http_basic_auth) + end + rescue_from ArgumentError do |e| render_api_error!(e.message, 400) end - before do + after_validation do require_packages_enabled! end + helpers do + def project_or_group + authorized_user_project + end + end + params do requires :id, type: String, desc: 'The ID of a project', regexp: ::API::Concerns::Packages::NugetEndpoints::POSITIVE_INTEGER_REGEX end - - route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true - resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do - before do - authorized_user_project - end - namespace ':id/packages/nuget' do include ::API::Concerns::Packages::NugetEndpoints @@ -46,28 +53,20 @@ module API params do requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)' end - - route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true - put do - authorize_upload!(authorized_user_project) - bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:nuget_max_file_size, params[:package].size) + authorize_upload!(project_or_group) + bad_request!('File is too large') if project_or_group.actual_limits.exceeded?(:nuget_max_file_size, params[:package].size) file_params = params.merge( file: params[:package], file_name: PACKAGE_FILENAME ) - package = ::Packages::Nuget::CreatePackageService.new( - authorized_user_project, - current_user, - declared_params.merge(build: current_authenticated_job) - ).execute + package = ::Packages::Nuget::CreatePackageService.new(project_or_group, current_user, declared_params.merge(build: current_authenticated_job)) + .execute - package_file = ::Packages::CreatePackageFileService.new( - package, - file_params.merge(build: current_authenticated_job) - ).execute + package_file = ::Packages::CreatePackageFileService.new(package, file_params.merge(build: current_authenticated_job)) + .execute track_package_event('push_package', :nuget, category: 'API::NugetPackages') @@ -75,18 +74,15 @@ module API created! rescue ObjectStorage::RemoteStoreError => e - Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:file_name], project_id: authorized_user_project.id }) + Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:file_name], project_id: project_or_group.id }) forbidden! end - - route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true - put 'authorize' do authorize_workhorse!( - subject: authorized_user_project, + subject: project_or_group, has_length: false, - maximum_size: authorized_user_project.actual_limits.nuget_max_file_size + maximum_size: project_or_group.actual_limits.nuget_max_file_size ) end @@ -95,18 +91,15 @@ module API requires :package_name, type: String, desc: 'The NuGet package name', regexp: API::NO_SLASH_URL_PART_REGEX end namespace '/download/*package_name' do - before do - authorize_read_package!(authorized_user_project) + after_validation do + authorize_read_package!(project_or_group) end desc 'The NuGet Content Service - index request' do detail 'This feature was introduced in GitLab 12.8' end - - route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true - get 'index', format: :json do - present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages), + present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages(params[:package_name])), with: ::API::Entities::Nuget::PackagesVersions end @@ -117,12 +110,9 @@ module API requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX end - - route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true - get '*package_version/*package_filename', format: :nupkg do filename = "#{params[:package_filename]}.#{params[:format]}" - package_file = ::Packages::PackageFileFinder.new(find_package, filename, with_file_name_like: true) + package_file = ::Packages::PackageFileFinder.new(find_package(params[:package_name], params[:package_version]), filename, with_file_name_like: true) .execute not_found!('Package') unless package_file |