lib/api/rpm_project_packages.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# frozen_string_literal: true
module API
  class RpmProjectPackages < ::API::Base
    helpers ::API::Helpers::PackagesHelpers
    helpers ::API::Helpers::Packages::BasicAuthHelpers
    include ::API::Helpers::Authentication

    feature_category :package_registry

    before do
      require_packages_enabled!

      not_found! unless ::Feature.enabled?(:rpm_packages, authorized_user_project)

      authorize_read_package!(authorized_user_project)
    end

    authenticate_with do |accept|
      accept.token_types(:personal_access_token_with_username, :deploy_token_with_username, :job_token_with_username)
            .sent_through(:http_basic_auth)
    end

    params do
      requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project'
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      namespace ':id/packages/rpm' do
        desc 'Download repository metadata files'
        params do
          requires :file_name, type: String, desc: 'Repository metadata file name'
        end
        get 'repodata/*file_name', requirements: { file_name: API::NO_SLASH_URL_PART_REGEX } do
          authorize_read_package!(authorized_user_project)

          repository_file = Packages::Rpm::RepositoryFile.find_by_project_id_and_file_name!(
            authorized_user_project.id,
            "#{params['file_name']}.#{params['format']}"
          )

          present_carrierwave_file!(repository_file.file)
        end

        desc 'Download RPM package files'
        params do
          requires :package_file_id, type: Integer, desc: 'RPM package file id'
          requires :file_name, type: String, desc: 'RPM package file name'
        end
        get '*package_file_id/*file_name', requirements: { file_name: API::NO_SLASH_URL_PART_REGEX } do
          track_package_event(
            'pull_package',
            :rpm,
            category: self.class.name,
            project: authorized_user_project,
            namespace: authorized_user_project.namespace
          )
          not_found!
        end

        desc 'Upload a RPM package'
        post do
          authorize_create_package!(authorized_user_project)

          if authorized_user_project.actual_limits.exceeded?(:rpm_max_file_size, params[:file].size)
            bad_request!('File is too large')
          end

          track_package_event(
            'push_package',
            :rpm,
            user: current_user,
            category: self.class.name,
            project: authorized_user_project,
            namespace: authorized_user_project.namespace
          )

          not_found!
        end

        desc 'Authorize package upload from workhorse'
        post 'authorize' do
          not_found!
        end
      end
    end
  end
end