1 files changed, 72 insertions, 6 deletions

diff --git a/lib/api/pypi_packages.rb b/lib/api/pypi_packages.rb
index 73b2f658825..7c5f8bb4d99 100644
--- a/lib/api/pypi_packages.rb
+++ b/lib/api/pypi_packages.rb
@@ -28,6 +28,73 @@ module API
       require_packages_enabled!
     end
 
+    helpers do
+      params :package_download do
+        requires :file_identifier, type: String, desc: 'The PyPi package file identifier', file_path: true
+        requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
+      end
+
+      params :package_name do
+        requires :package_name, type: String, file_path: true, desc: 'The PyPi package name'
+      end
+    end
+
+    params do
+      requires :id, type: Integer, desc: 'The ID of a group'
+    end
+    resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+      after_validation do
+        unauthorized_user_group!
+      end
+
+      namespace ':id/-/packages/pypi' do
+        params do
+          use :package_download
+        end
+
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+        get 'files/:sha256/*file_identifier' do
+          group = unauthorized_user_group!
+
+          filename = "#{params[:file_identifier]}.#{params[:format]}"
+          package = Packages::Pypi::PackageFinder.new(current_user, group, { filename: filename, sha256: params[:sha256] }).execute
+          package_file = ::Packages::PackageFileFinder.new(package, filename, with_file_name_like: false).execute
+
+          track_package_event('pull_package', :pypi)
+
+          present_carrierwave_file!(package_file.file, supports_direct_download: true)
+        end
+
+        desc 'The PyPi Simple Endpoint' do
+          detail 'This feature was introduced in GitLab 12.10'
+        end
+
+        params do
+          use :package_name
+        end
+
+        # An Api entry point but returns an HTML file instead of JSON.
+        # PyPi simple API returns the package descriptor as a simple HTML file.
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
+        get 'simple/*package_name', format: :txt do
+          group = find_authorized_group!
+          authorize_read_package!(group)
+
+          track_package_event('list_package', :pypi)
+
+          packages = Packages::Pypi::PackagesFinder.new(current_user, group, { package_name: params[:package_name] }).execute!
+          presenter = ::Packages::Pypi::PackagePresenter.new(packages, group)
+
+          # Adjusts grape output format
+          # to be HTML
+          content_type "text/html; charset=utf-8"
+          env['api.format'] = :binary
+
+          body presenter.body
+        end
+      end
+    end
+
     params do
       requires :id, type: Integer, desc: 'The ID of a project'
     end
@@ -43,8 +110,7 @@ module API
         end
 
         params do
-          requires :file_identifier, type: String, desc: 'The PyPi package file identifier', file_path: true
-          requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
+          use :package_download
         end
 
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
@@ -55,7 +121,7 @@ module API
           package = Packages::Pypi::PackageFinder.new(current_user, project, { filename: filename, sha256: params[:sha256] }).execute
           package_file = ::Packages::PackageFileFinder.new(package, filename, with_file_name_like: false).execute
 
-          track_package_event('pull_package', :pypi)
+          track_package_event('pull_package', :pypi, project: project, namespace: project.namespace)
 
           present_carrierwave_file!(package_file.file, supports_direct_download: true)
         end
@@ -65,7 +131,7 @@ module API
         end
 
         params do
-          requires :package_name, type: String, file_path: true, desc: 'The PyPi package name'
+          use :package_name
         end
 
         # An Api entry point but returns an HTML file instead of JSON.
@@ -74,7 +140,7 @@ module API
         get 'simple/*package_name', format: :txt do
           authorize_read_package!(authorized_user_project)
 
-          track_package_event('list_package', :pypi)
+          track_package_event('list_package', :pypi, project: authorized_user_project, namespace: authorized_user_project.namespace)
 
           packages = Packages::Pypi::PackagesFinder.new(current_user, authorized_user_project, { package_name: params[:package_name] }).execute!
           presenter = ::Packages::Pypi::PackagePresenter.new(packages, authorized_user_project)
@@ -105,7 +171,7 @@ module API
           authorize_upload!(authorized_user_project)
           bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
 
-          track_package_event('push_package', :pypi)
+          track_package_event('push_package', :pypi, project: authorized_user_project, user: current_user, namespace: authorized_user_project.namespace)
 
           ::Packages::Pypi::CreatePackageService
             .new(authorized_user_project, current_user, declared_params.merge(build: current_authenticated_job))