1 files changed, 57 insertions, 0 deletions

diff --git a/lib/api/helpers/packages/basic_auth_helpers.rb b/lib/api/helpers/packages/basic_auth_helpers.rb
new file mode 100644
index 00000000000..835b5f4614c
--- /dev/null
+++ b/lib/api/helpers/packages/basic_auth_helpers.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module Packages
+      module BasicAuthHelpers
+        module Constants
+          AUTHENTICATE_REALM_HEADER = 'Www-Authenticate: Basic realm'
+          AUTHENTICATE_REALM_NAME = 'GitLab Packages Registry'
+        end
+
+        include Constants
+
+        def find_personal_access_token
+          find_personal_access_token_from_http_basic_auth
+        end
+
+        def unauthorized_user_project
+          @unauthorized_user_project ||= find_project(params[:id])
+        end
+
+        def unauthorized_user_project!
+          unauthorized_user_project || not_found!
+        end
+
+        def authorized_user_project
+          @authorized_user_project ||= authorized_project_find!
+        end
+
+        def authorized_project_find!
+          project = unauthorized_user_project
+
+          unless project && can?(current_user, :read_project, project)
+            return unauthorized_or! { not_found! }
+          end
+
+          project
+        end
+
+        def authorize!(action, subject = :global, reason = nil)
+          return if can?(current_user, action, subject)
+
+          unauthorized_or! { forbidden!(reason) }
+        end
+
+        def unauthorized_or!
+          current_user ? yield : unauthorized_with_header!
+        end
+
+        def unauthorized_with_header!
+          header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
+          unauthorized!
+        end
+      end
+    end
+  end
+end