diff options
Diffstat (limited to 'lib/api/maven_packages.rb')
| -rw-r--r-- | lib/api/maven_packages.rb | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/lib/api/maven_packages.rb b/lib/api/maven_packages.rb index 4a5b2ead163..bd1d984719e 100644 --- a/lib/api/maven_packages.rb +++ b/lib/api/maven_packages.rb @@ -23,6 +23,15 @@ module API helpers ::API::Helpers::PackagesHelpers helpers do + def path_exists?(path) + # return true when FF disabled so that processing the request is not stopped + return true unless Feature.enabled?(:check_maven_path_first) + return false if path.blank? + + Packages::Maven::Metadatum.with_path(path) + .exists? + end + def extract_format(file_name) name, _, format = file_name.rpartition('.') @@ -77,6 +86,22 @@ module API request.head? && file.fog_credentials[:provider] == 'AWS' end + + def fetch_package(file_name:, project: nil, group: nil) + order_by_package_file = false + if Feature.enabled?(:maven_packages_group_level_improvements, default_enabled: :yaml) + order_by_package_file = file_name.include?(::Packages::Maven::Metadata.filename) && + !params[:path].include?(::Packages::Maven::FindOrCreatePackageService::SNAPSHOT_TERM) + end + + ::Packages::Maven::PackageFinder.new( + params[:path], + current_user, + project: project, + group: group, + order_by_package_file: order_by_package_file + ).execute! + end end desc 'Download the maven package file at instance level' do @@ -88,6 +113,9 @@ module API end route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true get 'packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do + # return a similar failure to authorize_read_package!(project) + forbidden! unless path_exists?(params[:path]) + file_name, format = extract_format(params[:file_name]) # To avoid name collision we require project path and project package be the same. @@ -97,8 +125,7 @@ module API authorize_read_package!(project) - package = ::Packages::Maven::PackageFinder - .new(params[:path], current_user, project: project).execute! + package = fetch_package(file_name: file_name, project: project) package_file = ::Packages::PackageFileFinder .new(package, file_name).execute! @@ -127,14 +154,16 @@ module API end route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true get ':id/-/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do + # return a similar failure to group = find_group(params[:id]) + not_found!('Group') unless path_exists?(params[:path]) + file_name, format = extract_format(params[:file_name]) group = find_group(params[:id]) not_found!('Group') unless can?(current_user, :read_group, group) - package = ::Packages::Maven::PackageFinder - .new(params[:path], current_user, group: group).execute! + package = fetch_package(file_name: file_name, group: group) authorize_read_package!(package.project) @@ -167,12 +196,14 @@ module API end route_setting :authentication, job_token_allowed: true, deploy_token_allowed: true get ':id/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do + # return a similar failure to user_project + not_found!('Project') unless path_exists?(params[:path]) + authorize_read_package!(user_project) file_name, format = extract_format(params[:file_name]) - package = ::Packages::Maven::PackageFinder - .new(params[:path], current_user, project: user_project).execute! + package = fetch_package(file_name: file_name, project: user_project) package_file = ::Packages::PackageFileFinder .new(package, file_name).execute! |