diff options
Diffstat (limited to 'lib/api/concerns/packages/npm_endpoints.rb')
| -rw-r--r-- | lib/api/concerns/packages/npm_endpoints.rb | 92 |
1 files changed, 91 insertions, 1 deletions
diff --git a/lib/api/concerns/packages/npm_endpoints.rb b/lib/api/concerns/packages/npm_endpoints.rb index 4cc680068b6..f26b3a1d8c2 100644 --- a/lib/api/concerns/packages/npm_endpoints.rb +++ b/lib/api/concerns/packages/npm_endpoints.rb @@ -26,13 +26,39 @@ module API authenticate_non_get! end + helpers do + def redirect_or_present_audit_report + redirect_registry_request( + forward_to_registry: true, + package_type: :npm, + path: options[:path][0], + body: Gitlab::Json.dump(request.POST), + target: project_or_nil, + method: route.request_method + ) do + authorize_read_package!(project) + + status :ok + present [] + end + end + end + params do requires :package_name, type: String, desc: 'Package name' end namespace '-/package/*package_name' do desc 'Get all tags for a given an NPM package' do detail 'This feature was introduced in GitLab 12.7' - success ::API::Entities::NpmPackageTag + success [ + { code: 200, model: ::API::Entities::NpmPackageTag } + ] + failure [ + { code: 400, message: 'Bad Request' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + tags %w[npm_packages] end get 'dist-tags', format: false, requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do package_name = params[:package_name] @@ -56,6 +82,14 @@ module API namespace 'dist-tags/:tag', requirements: ::API::Helpers::Packages::Npm::NPM_ENDPOINT_REQUIREMENTS do desc 'Create or Update the given tag for the given NPM package and version' do detail 'This feature was introduced in GitLab 12.7' + success code: 204 + failure [ + { code: 400, message: 'Bad Request' }, + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + tags %w[npm_packages] end put format: false do package_name = params[:package_name] @@ -79,6 +113,14 @@ module API desc 'Deletes the given tag' do detail 'This feature was introduced in GitLab 12.7' + success code: 204 + failure [ + { code: 400, message: 'Bad Request' }, + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + tags %w[npm_packages] end delete format: false do package_name = params[:package_name] @@ -104,6 +146,16 @@ module API desc 'NPM registry metadata endpoint' do detail 'This feature was introduced in GitLab 11.8' + success [ + { code: 200, model: ::API::Entities::NpmPackage, message: 'Ok' }, + { code: 302, message: 'Found (redirect)' } + ] + failure [ + { code: 400, message: 'Bad Request' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + tags %w[npm_packages] end params do requires :package_name, type: String, desc: 'Package name' @@ -130,6 +182,44 @@ module API with: ::API::Entities::NpmPackage end end + + desc 'NPM registry bulk advisory endpoint' do + detail 'This feature was introduced in GitLab 15.6' + success [ + { code: 200, message: 'Ok' }, + { code: 307, message: 'Temporary Redirect' } + ] + failure [ + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + is_array true + tags %w[npm_packages] + end + route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true + post '-/npm/v1/security/advisories/bulk' do + redirect_or_present_audit_report + end + + desc 'NPM registry quick audit endpoint' do + detail 'This feature was introduced in GitLab 15.6' + success [ + { code: 200, message: 'Ok' }, + { code: 307, message: 'Temporary Redirect' } + ] + failure [ + { code: 401, message: 'Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not Found' } + ] + is_array true + tags %w[npm_packages] + end + route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true + post '-/npm/v1/security/audits/quick' do + redirect_or_present_audit_report + end end end end |