Add composor source field (#33502)

Fix #33066

4 files changed, 70 insertions, 13 deletions

diff --git a/models/packages/descriptor.go b/models/packages/descriptor.go
index 803b73c968..d251fcc4a9 100644
--- a/models/packages/descriptor.go
+++ b/models/packages/descriptor.go
@@ -110,9 +110,12 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 	if err != nil {
 		return nil, err
 	}
-	repository, err := repo_model.GetRepositoryByID(ctx, p.RepoID)
-	if err != nil && !repo_model.IsErrRepoNotExist(err) {
-		return nil, err
+	var repository *repo_model.Repository
+	if p.RepoID > 0 {
+		repository, err = repo_model.GetRepositoryByID(ctx, p.RepoID)
+		if err != nil && !repo_model.IsErrRepoNotExist(err) {
+			return nil, err
+		}
 	}
 	creator, err := user_model.GetUserByID(ctx, pv.CreatorID)
 	if err != nil {
diff --git a/routers/api/packages/composer/api.go b/routers/api/packages/composer/api.go
index a3bcf80417..a3ea2c2f9a 100644
--- a/routers/api/packages/composer/api.go
+++ b/routers/api/packages/composer/api.go
@@ -66,6 +66,7 @@ type PackageMetadataResponse struct {
 }
 
 // PackageVersionMetadata contains package metadata
+// https://getcomposer.org/doc/05-repositories.md#package
 type PackageVersionMetadata struct {
 	*composer_module.Metadata
 	Name    string    `json:"name"`
@@ -73,6 +74,7 @@ type PackageVersionMetadata struct {
 	Type    string    `json:"type"`
 	Created time.Time `json:"time"`
 	Dist    Dist      `json:"dist"`
+	Source  Source    `json:"source"`
 }
 
 // Dist contains package download information
@@ -82,6 +84,13 @@ type Dist struct {
 	Checksum string `json:"shasum"`
 }
 
+// Source contains package source information
+type Source struct {
+	URL       string `json:"url"`
+	Type      string `json:"type"`
+	Reference string `json:"reference"`
+}
+
 func createPackageMetadataResponse(registryURL string, pds []*packages_model.PackageDescriptor) *PackageMetadataResponse {
 	versions := make([]*PackageVersionMetadata, 0, len(pds))
 
@@ -94,7 +103,7 @@ func createPackageMetadataResponse(registryURL string, pds []*packages_model.Pac
 			}
 		}
 
-		versions = append(versions, &PackageVersionMetadata{
+		pkg := PackageVersionMetadata{
 			Name:     pd.Package.Name,
 			Version:  pd.Version.Version,
 			Type:     packageType,
@@ -105,7 +114,16 @@ func createPackageMetadataResponse(registryURL string, pds []*packages_model.Pac
 				URL:      fmt.Sprintf("%s/files/%s/%s/%s", registryURL, url.PathEscape(pd.Package.LowerName), url.PathEscape(pd.Version.LowerVersion), url.PathEscape(pd.Files[0].File.LowerName)),
 				Checksum: pd.Files[0].Blob.HashSHA1,
 			},
-		})
+		}
+		if pd.Repository != nil {
+			pkg.Source = Source{
+				URL:       pd.Repository.HTMLURL(),
+				Type:      "git",
+				Reference: pd.Version.Version,
+			}
+		}
+
+		versions = append(versions, &pkg)
 	}
 
 	return &PackageMetadataResponse{
diff --git a/services/packages/package_update.go b/services/packages/package_update.go
index 8d851fac53..4a22ee7a62 100644
--- a/services/packages/package_update.go
+++ b/services/packages/package_update.go
@@ -44,16 +44,17 @@ func UnlinkFromRepository(ctx context.Context, pkg *packages_model.Package, doer
 	}
 
 	repo, err := repo_model.GetRepositoryByID(ctx, pkg.RepoID)
-	if err != nil {
+	if err != nil && !repo_model.IsErrRepoNotExist(err) {
 		return fmt.Errorf("error getting repository %d: %w", pkg.RepoID, err)
 	}
-
-	perms, err := access_model.GetUserRepoPermission(ctx, repo, doer)
-	if err != nil {
-		return fmt.Errorf("error getting permissions for user %d on repository %d: %w", doer.ID, repo.ID, err)
-	}
-	if !perms.CanWrite(unit.TypePackages) {
-		return util.ErrPermissionDenied
+	if err == nil {
+		perms, err := access_model.GetUserRepoPermission(ctx, repo, doer)
+		if err != nil {
+			return fmt.Errorf("error getting permissions for user %d on repository %d: %w", doer.ID, repo.ID, err)
+		}
+		if !perms.CanWrite(unit.TypePackages) {
+			return util.ErrPermissionDenied
+		}
 	}
 
 	user, err := user_model.GetUserByID(ctx, pkg.OwnerID)
diff --git a/tests/integration/api_packages_composer_test.go b/tests/integration/api_packages_composer_test.go
index 51b047ab41..bc858c7476 100644
--- a/tests/integration/api_packages_composer_test.go
+++ b/tests/integration/api_packages_composer_test.go
@@ -13,6 +13,7 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
+	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	composer_module "code.gitea.io/gitea/modules/packages/composer"
@@ -217,5 +218,39 @@ func TestPackageComposer(t *testing.T) {
 		assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum)
 		assert.Len(t, pkgs[0].Bin, 1)
 		assert.Equal(t, packageBin, pkgs[0].Bin[0])
+
+		// Test package linked to repository
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		userPkgs, err := packages.GetPackagesByType(db.DefaultContext, user.ID, packages.TypeComposer)
+		assert.NoError(t, err)
+		assert.Len(t, userPkgs, 1)
+		assert.EqualValues(t, 0, userPkgs[0].RepoID)
+
+		err = packages.SetRepositoryLink(db.DefaultContext, userPkgs[0].ID, repo1.ID)
+		assert.NoError(t, err)
+
+		req = NewRequest(t, "GET", fmt.Sprintf("%s/p2/%s/%s.json", url, vendorName, projectName)).
+			AddBasicAuth(user.Name)
+		resp = MakeRequest(t, req, http.StatusOK)
+
+		result = composer.PackageMetadataResponse{}
+		DecodeJSON(t, resp, &result)
+
+		assert.Contains(t, result.Packages, packageName)
+		pkgs = result.Packages[packageName]
+		assert.Len(t, pkgs, 1)
+		assert.Equal(t, packageName, pkgs[0].Name)
+		assert.Equal(t, packageVersion, pkgs[0].Version)
+		assert.Equal(t, packageType, pkgs[0].Type)
+		assert.Equal(t, packageDescription, pkgs[0].Description)
+		assert.Len(t, pkgs[0].Authors, 1)
+		assert.Equal(t, packageAuthor, pkgs[0].Authors[0].Name)
+		assert.Equal(t, "zip", pkgs[0].Dist.Type)
+		assert.Equal(t, "4f5fa464c3cb808a1df191dbf6cb75363f8b7072", pkgs[0].Dist.Checksum)
+		assert.Len(t, pkgs[0].Bin, 1)
+		assert.Equal(t, packageBin, pkgs[0].Bin[0])
+		assert.Equal(t, repo1.HTMLURL(), pkgs[0].Source.URL)
+		assert.Equal(t, "git", pkgs[0].Source.Type)
+		assert.Equal(t, packageVersion, pkgs[0].Source.Reference)
 	})
 }