Mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2024-09-01 14:56:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
6ac2815059
gitea/routers/api/packages/arch/arch.go
dancheg97 749a106d06 updated remove function description
2023-06-25 17:45:16 +03:00

236 lines
6.0 KiB
Go
Raw Blame History

// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package arch
import (
"encoding/hex"
"io"
"net/http"
"strings"
"time"
"code.gitea.io/gitea/modules/context"
arch_module "code.gitea.io/gitea/modules/packages/arch"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers/api/packages/helper"
arch_service "code.gitea.io/gitea/services/packages/arch"
)
// Push new package to arch package registry.
func Push(ctx *context.Context) {
var (
owner = ctx.Params("username")
filename = ctx.Req.Header.Get("filename")
email = ctx.Req.Header.Get("email")
sign = ctx.Req.Header.Get("sign")
distro = ctx.Req.Header.Get("distro")
)
// Decoding package signature.
sigdata, err := hex.DecodeString(sign)
if err != nil {
apiError(ctx, http.StatusBadRequest, err)
return
}
// Read package to memory for signature validation.
pkgdata, err := io.ReadAll(ctx.Req.Body)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
defer ctx.Req.Body.Close()
// Get user and organization owning arch package.
user, org, err := arch_service.IdentifyOwner(ctx, owner, email)
if err != nil {
apiError(ctx, http.StatusUnauthorized, err)
return
}
// Validate package signature with any of user's GnuPG keys.
err = arch_service.ValidateSignature(ctx, pkgdata, sigdata, user)
if err != nil {
apiError(ctx, http.StatusUnauthorized, err)
return
}
// Parse metadata contained in arch package archive.
md, err := arch_module.EjectMetadata(filename, setting.Domain, pkgdata)
if err != nil {
apiError(ctx, http.StatusBadRequest, err)
return
}
// Save file related to arch package.
pkgid, err := arch_service.SaveFile(ctx, &arch_service.SaveFileParams{
Organization: org,
User: user,
Metadata: md,
Filename: filename,
Data: pkgdata,
Distro: distro,
})
if err != nil {
apiError(ctx, http.StatusBadRequest, err)
return
}
// Save file related to arch package signature.
_, err = arch_service.SaveFile(ctx, &arch_service.SaveFileParams{
Organization: org,
User: user,
Metadata: md,
Data: sigdata,
Filename: filename + ".sig",
Distro: distro,
})
if err != nil {
apiError(ctx, http.StatusBadRequest, err)
return
}
// Automatically connect repository for provided package if name matched.
err = arch_service.RepositoryAutoconnect(ctx, owner, md.Name, pkgid)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
// Update pacman databases with new package.
err = arch_service.UpdatePacmanDatabases(ctx, md, distro, owner)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
ctx.Status(http.StatusOK)
}
// Get file from arch package registry.
func Get(ctx *context.Context) {
var (
file = ctx.Params("file")
owner = ctx.Params("username")
distro = ctx.Params("distro")
arch = ctx.Params("arch")
)
// Packages are stored in different way from pacman databases, and loaded
// with LoadPackageFile function.
if strings.HasSuffix(file, "tar.zst") || strings.HasSuffix(file, "zst.sig") {
pkgdata, err := arch_service.LoadPackageFile(ctx, distro, file)
if err != nil {
apiError(ctx, http.StatusNotFound, err)
return
}
_, err = ctx.Resp.Write(pkgdata)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
ctx.Resp.WriteHeader(http.StatusOK)
return
}
// Pacman databases are stored directly in gitea file storage and could be
// loaded with name as a key.
if strings.HasSuffix(file, ".db.tar.gz") || strings.HasSuffix(file, ".db") {
data, err := arch_service.LoadPacmanDatabase(ctx, owner, distro, arch, file)
if err != nil {
apiError(ctx, http.StatusNotFound, err)
return
}
_, err = ctx.Resp.Write(data)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
ctx.Resp.WriteHeader(http.StatusOK)
return
}
ctx.Resp.WriteHeader(http.StatusNotFound)
}
// Remove specific package version, related files and pacman database entry.
func Remove(ctx *context.Context) {
var (
owner = ctx.Params("username")
email = ctx.Req.Header.Get("email")
distro = ctx.Req.Header.Get("distro")
target = ctx.Req.Header.Get("target")
stime = ctx.Req.Header.Get("time")
version = ctx.Req.Header.Get("version")
arch = strings.Split(ctx.Req.Header.Get("arch"), " ")
)
// Parse sent time and check if it is within last minute.
t, err := time.Parse(time.RFC3339, stime)
if err != nil {
apiError(ctx, http.StatusBadRequest, err)
return
}
if time.Since(t) > time.Minute {
apiError(ctx, http.StatusUnauthorized, "outdated message")
return
}
// Get user owning the package.
user, org, err := arch_service.IdentifyOwner(ctx, owner, email)
if err != nil {
apiError(ctx, http.StatusUnauthorized, err)
return
}
// Read signature data from request body.
sigdata, err := io.ReadAll(ctx.Req.Body)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
defer ctx.Req.Body.Close()
// Validate package signature with any of user's GnuPG keys.
mesdata := []byte(stime + owner + target)
err = arch_service.ValidateSignature(ctx, mesdata, sigdata, user)
if err != nil {
apiError(ctx, http.StatusUnauthorized, err)
return
}
// Remove package files and pacman database entry.
err = arch_service.RemovePackage(ctx, &arch_service.RemoveParameters{
User: user,
Organization: org,
Owner: owner,
Name: target,
Version: version,
})
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
// Remove pacman database entries related to package.
err = arch_service.RemoveDbEntry(ctx, arch, owner, distro, target, version)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
ctx.Resp.WriteHeader(http.StatusOK)
}
func apiError(ctx *context.Context, status int, obj interface{}) {
helper.LogAndProcessError(ctx, status, obj, func(message string) {
ctx.PlainText(status, message)
})
}
Reference in New Issue View Git Blame Copy Permalink