0
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-01-10 00:09:36 +01:00

Refactor maven package registry (#33049) (#33057)

Backport #33049
This commit is contained in:
wxiaoguang 2024-12-31 15:22:09 +08:00 committed by GitHub
parent 3df11c07a8
commit 68736ec292
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 138 additions and 60 deletions

View File

@ -248,6 +248,18 @@ func GetPackageByID(ctx context.Context, packageID int64) (*Package, error) {
return p, nil
}
// UpdatePackageNameByID updates the package's name, it is only for internal usage, for example: rename some legacy packages
func UpdatePackageNameByID(ctx context.Context, ownerID int64, packageType Type, packageID int64, name string) error {
var cond builder.Cond = builder.Eq{
"package.id": packageID,
"package.owner_id": ownerID,
"package.type": packageType,
"package.is_internal": false,
}
_, err := db.GetEngine(ctx).Where(cond).Update(&Package{Name: name, LowerName: strings.ToLower(name)})
return err
}
// GetPackageByName gets a package by name
func GetPackageByName(ctx context.Context, ownerID int64, packageType Type, name string) (*Package, error) {
var cond builder.Cond = builder.Eq{

View File

@ -465,8 +465,6 @@ func CommonRoutes() *web.Router {
r.Post("/api/charts", reqPackageAccess(perm.AccessModeWrite), helm.UploadPackage)
}, reqPackageAccess(perm.AccessModeRead))
r.Group("/maven", func() {
// FIXME: this path design is not right.
// It should be `/.../{groupId}/{artifactId}/{version}`, but not `/.../{groupId}-{artifactId}/{version}`
r.Put("/*", reqPackageAccess(perm.AccessModeWrite), maven.UploadPackageFile)
r.Get("/*", maven.DownloadPackageFile)
r.Head("/*", maven.ProvidePackageFileHeader)

View File

@ -13,7 +13,7 @@ import (
"errors"
"io"
"net/http"
"path/filepath"
"path"
"regexp"
"sort"
"strconv"
@ -25,6 +25,7 @@ import (
"code.gitea.io/gitea/modules/log"
packages_module "code.gitea.io/gitea/modules/packages"
maven_module "code.gitea.io/gitea/modules/packages/maven"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/routers/api/packages/helper"
"code.gitea.io/gitea/services/context"
packages_service "code.gitea.io/gitea/services/packages"
@ -44,7 +45,7 @@ const (
var (
errInvalidParameters = errors.New("request parameters are invalid")
illegalCharacters = regexp.MustCompile(`[\\/:"<>|?\*]`)
illegalCharacters = regexp.MustCompile(`[\\/:"<>|?*]`)
)
func apiError(ctx *context.Context, status int, obj any) {
@ -85,8 +86,10 @@ func handlePackageFile(ctx *context.Context, serveContent bool) {
func serveMavenMetadata(ctx *context.Context, params parameters) {
// /com/foo/project/maven-metadata.xml[.md5/.sha1/.sha256/.sha512]
packageName := params.GroupID + "-" + params.ArtifactID
pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, packageName)
pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, params.toInternalPackageName())
if errors.Is(err, util.ErrNotExist) {
pvs, err = packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, params.toInternalPackageNameLegacy())
}
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
@ -116,10 +119,10 @@ func serveMavenMetadata(ctx *context.Context, params parameters) {
latest := pds[len(pds)-1]
// http.TimeFormat required a UTC time, refer to https://pkg.go.dev/net/http#TimeFormat
lastModifed := latest.Version.CreatedUnix.AsTime().UTC().Format(http.TimeFormat)
ctx.Resp.Header().Set("Last-Modified", lastModifed)
lastModified := latest.Version.CreatedUnix.AsTime().UTC().Format(http.TimeFormat)
ctx.Resp.Header().Set("Last-Modified", lastModified)
ext := strings.ToLower(filepath.Ext(params.Filename))
ext := strings.ToLower(path.Ext(params.Filename))
if isChecksumExtension(ext) {
var hash []byte
switch ext {
@ -147,11 +150,12 @@ func serveMavenMetadata(ctx *context.Context, params parameters) {
}
func servePackageFile(ctx *context.Context, params parameters, serveContent bool) {
packageName := params.GroupID + "-" + params.ArtifactID
pv, err := packages_model.GetVersionByNameAndVersion(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, packageName, params.Version)
pv, err := packages_model.GetVersionByNameAndVersion(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, params.toInternalPackageName(), params.Version)
if errors.Is(err, util.ErrNotExist) {
pv, err = packages_model.GetVersionByNameAndVersion(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, params.toInternalPackageNameLegacy(), params.Version)
}
if err != nil {
if err == packages_model.ErrPackageNotExist {
if errors.Is(err, packages_model.ErrPackageNotExist) {
apiError(ctx, http.StatusNotFound, err)
} else {
apiError(ctx, http.StatusInternalServerError, err)
@ -161,14 +165,14 @@ func servePackageFile(ctx *context.Context, params parameters, serveContent bool
filename := params.Filename
ext := strings.ToLower(filepath.Ext(filename))
ext := strings.ToLower(path.Ext(filename))
if isChecksumExtension(ext) {
filename = filename[:len(filename)-len(ext)]
}
pf, err := packages_model.GetFileForVersionByName(ctx, pv.ID, filename, packages_model.EmptyFileKey)
if err != nil {
if err == packages_model.ErrPackageFileNotExist {
if errors.Is(err, packages_model.ErrPackageFileNotExist) {
apiError(ctx, http.StatusNotFound, err)
} else {
apiError(ctx, http.StatusInternalServerError, err)
@ -238,15 +242,17 @@ func UploadPackageFile(ctx *context.Context) {
return
}
log.Trace("Parameters: %+v", params)
// Ignore the package index /<name>/maven-metadata.xml
if params.IsMeta && params.Version == "" {
ctx.Status(http.StatusOK)
return
}
packageName := params.GroupID + "-" + params.ArtifactID
packageName := params.toInternalPackageName()
if ctx.FormBool("use_legacy_package_name") {
// for testing purpose only
packageName = params.toInternalPackageNameLegacy()
}
// for the same package, only one upload at a time
releaser, err := globallock.Lock(ctx, mavenPkgNameKey(packageName))
@ -274,13 +280,26 @@ func UploadPackageFile(ctx *context.Context) {
Creator: ctx.Doer,
}
ext := filepath.Ext(params.Filename)
// old maven package uses "groupId-artifactId" as package name, so we need to update to the new format "groupId:artifactId"
legacyPackage, err := packages_model.GetPackageByName(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, params.toInternalPackageNameLegacy())
if err != nil && !errors.Is(err, packages_model.ErrPackageNotExist) {
apiError(ctx, http.StatusInternalServerError, err)
return
} else if legacyPackage != nil {
err = packages_model.UpdatePackageNameByID(ctx, ctx.Package.Owner.ID, packages_model.TypeMaven, legacyPackage.ID, packageName)
if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
}
ext := path.Ext(params.Filename)
// Do not upload checksum files but compare the hashes.
if isChecksumExtension(ext) {
pv, err := packages_model.GetVersionByNameAndVersion(ctx, pvci.Owner.ID, pvci.PackageType, pvci.Name, pvci.Version)
if err != nil {
if err == packages_model.ErrPackageNotExist {
if errors.Is(err, packages_model.ErrPackageNotExist) {
apiError(ctx, http.StatusNotFound, err)
return
}
@ -289,7 +308,7 @@ func UploadPackageFile(ctx *context.Context) {
}
pf, err := packages_model.GetFileForVersionByName(ctx, pv.ID, params.Filename[:len(params.Filename)-len(ext)], packages_model.EmptyFileKey)
if err != nil {
if err == packages_model.ErrPackageFileNotExist {
if errors.Is(err, packages_model.ErrPackageFileNotExist) {
apiError(ctx, http.StatusNotFound, err)
return
}
@ -343,7 +362,7 @@ func UploadPackageFile(ctx *context.Context) {
if pvci.Metadata != nil {
pv, err := packages_model.GetVersionByNameAndVersion(ctx, pvci.Owner.ID, pvci.PackageType, pvci.Name, pvci.Version)
if err != nil && err != packages_model.ErrPackageNotExist {
if err != nil && !errors.Is(err, packages_model.ErrPackageNotExist) {
apiError(ctx, http.StatusInternalServerError, err)
return
}
@ -399,9 +418,26 @@ type parameters struct {
IsMeta bool
}
func (p *parameters) toInternalPackageName() string {
// there cuold be 2 choices: "/" or ":"
// Maven says: "groupId:artifactId:version" in their document: https://maven.apache.org/pom.html#Maven_Coordinates
// but it would be slightly ugly in URL: "/-/packages/maven/group-id%3Aartifact-id"
return p.GroupID + ":" + p.ArtifactID
}
func (p *parameters) toInternalPackageNameLegacy() string {
return p.GroupID + "-" + p.ArtifactID
}
func extractPathParameters(ctx *context.Context) (parameters, error) {
parts := strings.Split(ctx.PathParam("*"), "/")
// formats:
// * /com/group/id/artifactId/maven-metadata.xml[.md5|.sha1|.sha256|.sha512]
// * /com/group/id/artifactId/version-SNAPSHOT/maven-metadata.xml[.md5|.sha1|.sha256|.sha512]
// * /com/group/id/artifactId/version/any-file
// * /com/group/id/artifactId/version-SNAPSHOT/any-file
p := parameters{
Filename: parts[len(parts)-1],
}

View File

@ -6,6 +6,7 @@ package integration
import (
"fmt"
"net/http"
"net/url"
"strconv"
"strings"
"sync"
@ -20,6 +21,7 @@ import (
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestPackageMaven(t *testing.T) {
@ -29,16 +31,14 @@ func TestPackageMaven(t *testing.T) {
groupID := "com.gitea"
artifactID := "test-project"
packageName := groupID + "-" + artifactID
packageVersion := "1.0.1"
packageDescription := "Test Description"
root := fmt.Sprintf("/api/packages/%s/maven/%s/%s", user.Name, strings.ReplaceAll(groupID, ".", "/"), artifactID)
filename := fmt.Sprintf("%s-%s.jar", packageName, packageVersion)
root := "/api/packages/user2/maven/com/gitea/test-project"
filename := "any-name.jar"
putFile := func(t *testing.T, path, content string, expectedStatus int) {
req := NewRequestWithBody(t, "PUT", root+path, strings.NewReader(content)).
AddBasicAuth(user.Name)
req := NewRequestWithBody(t, "PUT", root+path, strings.NewReader(content)).AddBasicAuth(user.Name)
MakeRequest(t, req, expectedStatus)
}
@ -56,27 +56,67 @@ func TestPackageMaven(t *testing.T) {
putFile(t, "/maven-metadata.xml", "test", http.StatusOK)
pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeMaven)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pvs, 1)
pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
assert.NoError(t, err)
require.NoError(t, err)
assert.Nil(t, pd.SemVer)
assert.Nil(t, pd.Metadata)
assert.Equal(t, packageName, pd.Package.Name)
assert.Equal(t, groupID+":"+artifactID, pd.Package.Name)
assert.Equal(t, packageVersion, pd.Version.Version)
pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pfs, 1)
assert.Equal(t, filename, pfs[0].Name)
assert.False(t, pfs[0].IsLead)
pb, err := packages.GetBlobByID(db.DefaultContext, pfs[0].BlobID)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, int64(4), pb.Size)
})
t.Run("UploadLegacy", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
legacyRootLink := "/api/packages/user2/maven/com/gitea/legacy-project"
req := NewRequestWithBody(t, "PUT", legacyRootLink+"/1.0.2/any-file-name?use_legacy_package_name=1", strings.NewReader("test-content")).AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusCreated)
p, err := packages.GetPackageByName(db.DefaultContext, user.ID, packages.TypeMaven, "com.gitea-legacy-project")
require.NoError(t, err)
assert.Equal(t, "com.gitea-legacy-project", p.Name)
req = NewRequest(t, "HEAD", legacyRootLink+"/1.0.2/any-file-name").AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea-legacy-project/1.0.2")
MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea:legacy-project/1.0.2")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea%3Alegacy-project/1.0.2")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequestWithBody(t, "PUT", legacyRootLink+"/1.0.3/any-file-name", strings.NewReader("test-content")).AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusCreated)
_, err = packages.GetPackageByName(db.DefaultContext, user.ID, packages.TypeMaven, "com.gitea-legacy-project")
require.ErrorIs(t, err, packages.ErrPackageNotExist)
p, err = packages.GetPackageByName(db.DefaultContext, user.ID, packages.TypeMaven, "com.gitea:legacy-project")
require.NoError(t, err)
assert.Equal(t, "com.gitea:legacy-project", p.Name)
req = NewRequest(t, "HEAD", legacyRootLink+"/1.0.2/any-file-name").AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea-legacy-project/1.0.2")
MakeRequest(t, req, http.StatusNotFound)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea:legacy-project/1.0.2")
MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", "/user2/-/packages/maven/com.gitea%3Alegacy-project/1.0.2")
MakeRequest(t, req, http.StatusOK)
require.NoError(t, packages.DeletePackageByID(db.DefaultContext, p.ID))
})
t.Run("UploadExists", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
@ -86,14 +126,12 @@ func TestPackageMaven(t *testing.T) {
t.Run("Download", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "HEAD", fmt.Sprintf("%s/%s/%s", root, packageVersion, filename)).
AddBasicAuth(user.Name)
req := NewRequest(t, "HEAD", fmt.Sprintf("%s/%s/%s", root, packageVersion, filename)).AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusOK)
checkHeaders(t, resp.Header(), "application/java-archive", 4)
req = NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s", root, packageVersion, filename)).
AddBasicAuth(user.Name)
req = NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s", root, packageVersion, filename)).AddBasicAuth(user.Name)
resp = MakeRequest(t, req, http.StatusOK)
checkHeaders(t, resp.Header(), "application/java-archive", 4)
@ -101,7 +139,7 @@ func TestPackageMaven(t *testing.T) {
assert.Equal(t, []byte("test"), resp.Body.Bytes())
pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeMaven)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pvs, 1)
assert.Equal(t, int64(0), pvs[0].DownloadCount)
})
@ -133,26 +171,26 @@ func TestPackageMaven(t *testing.T) {
defer tests.PrintCurrentTest(t)()
pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeMaven)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pvs, 1)
pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
assert.NoError(t, err)
require.NoError(t, err)
assert.Nil(t, pd.Metadata)
putFile(t, fmt.Sprintf("/%s/%s.pom", packageVersion, filename), pomContent, http.StatusCreated)
pvs, err = packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeMaven)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pvs, 1)
pd, err = packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
assert.NoError(t, err)
require.NoError(t, err)
assert.IsType(t, &maven.Metadata{}, pd.Metadata)
assert.Equal(t, packageDescription, pd.Metadata.(*maven.Metadata).Description)
pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pfs, 2)
for _, pf := range pfs {
if strings.HasSuffix(pf.Name, ".pom") {
@ -167,14 +205,12 @@ func TestPackageMaven(t *testing.T) {
t.Run("DownloadPOM", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "HEAD", fmt.Sprintf("%s/%s/%s.pom", root, packageVersion, filename)).
AddBasicAuth(user.Name)
req := NewRequest(t, "HEAD", fmt.Sprintf("%s/%s/%s.pom", root, packageVersion, filename)).AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusOK)
checkHeaders(t, resp.Header(), "text/xml", int64(len(pomContent)))
req = NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s.pom", root, packageVersion, filename)).
AddBasicAuth(user.Name)
req = NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s.pom", root, packageVersion, filename)).AddBasicAuth(user.Name)
resp = MakeRequest(t, req, http.StatusOK)
checkHeaders(t, resp.Header(), "text/xml", int64(len(pomContent)))
@ -182,7 +218,7 @@ func TestPackageMaven(t *testing.T) {
assert.Equal(t, []byte(pomContent), resp.Body.Bytes())
pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeMaven)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, pvs, 1)
assert.Equal(t, int64(1), pvs[0].DownloadCount)
})
@ -190,8 +226,7 @@ func TestPackageMaven(t *testing.T) {
t.Run("DownloadChecksums", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "GET", fmt.Sprintf("%s/1.2.3/%s", root, filename)).
AddBasicAuth(user.Name)
req := NewRequest(t, "GET", fmt.Sprintf("%s/1.2.3/%s", root, filename)).AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusNotFound)
for key, checksum := range map[string]string{
@ -200,8 +235,7 @@ func TestPackageMaven(t *testing.T) {
"sha256": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
"sha512": "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff",
} {
req := NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s.%s", root, packageVersion, filename, key)).
AddBasicAuth(user.Name)
req := NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s.%s", root, packageVersion, filename, key)).AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusOK)
assert.Equal(t, checksum, resp.Body.String())
@ -211,8 +245,7 @@ func TestPackageMaven(t *testing.T) {
t.Run("DownloadMetadata", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "GET", root+"/maven-metadata.xml").
AddBasicAuth(user.Name)
req := NewRequest(t, "GET", root+"/maven-metadata.xml").AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusOK)
expectedMetadata := `<?xml version="1.0" encoding="UTF-8"?>` + "\n<metadata><groupId>com.gitea</groupId><artifactId>test-project</artifactId><versioning><release>1.0.1</release><latest>1.0.1</latest><versions><version>1.0.1</version></versions></versioning></metadata>"
@ -227,8 +260,7 @@ func TestPackageMaven(t *testing.T) {
"sha256": "3f48322f81c4b2c3bb8649ae1e5c9801476162b520e1c2734ac06b2c06143208",
"sha512": "cb075aa2e2ef1a83cdc14dd1e08c505b72d633399b39e73a21f00f0deecb39a3e2c79f157c1163f8a3854828750706e0dec3a0f5e4778e91f8ec2cf351a855f2",
} {
req := NewRequest(t, "GET", fmt.Sprintf("%s/maven-metadata.xml.%s", root, key)).
AddBasicAuth(user.Name)
req := NewRequest(t, "GET", fmt.Sprintf("%s/maven-metadata.xml.%s", root, key)).AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusOK)
assert.Equal(t, checksum, resp.Body.String())
@ -245,9 +277,10 @@ func TestPackageMaven(t *testing.T) {
})
t.Run("InvalidFile", func(t *testing.T) {
ver := packageVersion + "-invalid"
putFile(t, fmt.Sprintf("/%s/%s", ver, filename), "any invalid content", http.StatusCreated)
req := NewRequestf(t, "GET", "/%s/-/packages/maven/%s-%s/%s", user.Name, groupID, artifactID, ver)
invalidVersion := packageVersion + "-invalid"
putFile(t, fmt.Sprintf("/%s/%s", invalidVersion, filename), "any invalid content", http.StatusCreated)
req := NewRequestf(t, "GET", "/%s/-/packages/maven/%s/%s", user.Name, url.QueryEscape(groupID+":"+artifactID), invalidVersion)
resp := MakeRequest(t, req, http.StatusOK)
assert.Contains(t, resp.Body.String(), "No metadata.")
assert.True(t, test.IsNormalPageCompleted(resp.Body.String()))
@ -266,8 +299,7 @@ func TestPackageMavenConcurrent(t *testing.T) {
root := fmt.Sprintf("/api/packages/%s/maven/%s/%s", user.Name, strings.ReplaceAll(groupID, ".", "/"), artifactID)
putFile := func(t *testing.T, path, content string, expectedStatus int) {
req := NewRequestWithBody(t, "PUT", root+path, strings.NewReader(content)).
AddBasicAuth(user.Name)
req := NewRequestWithBody(t, "PUT", root+path, strings.NewReader(content)).AddBasicAuth(user.Name)
MakeRequest(t, req, expectedStatus)
}