summaryrefslogtreecommitdiffstats
path: root/routers/api/packages/api.go
diff options
context:
space:
mode:
authorKN4CK3R <admin@oldschoolhack.me>2022-09-24 17:17:08 +0200
committerGitHub <noreply@github.com>2022-09-24 23:17:08 +0800
commit0c8ce71188cae1d59380a213816a22bce48691db (patch)
tree04522bcd43477a73f594db22aaa7b2479ccabf48 /routers/api/packages/api.go
parentcca189ef97d5f9fd3f52c75ec6e1ae916916cd08 (diff)
downloadgitea-0c8ce71188cae1d59380a213816a22bce48691db.tar.gz
gitea-0c8ce71188cae1d59380a213816a22bce48691db.zip
Make NuGet service index publicly accessible (#21242)
Addition to #20734, Fixes #20717 The `/index.json` endpoint needs to be accessible even if the registry is private. The NuGet client uses this endpoint without authentification. The old fix only works if the NuGet cli is used with `--source <name>` but not with `--source <url>/index.json`. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers/api/packages/api.go')
-rw-r--r--routers/api/packages/api.go54
1 files changed, 28 insertions, 26 deletions
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index cb9b3b78ab..3354fe12d4 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -69,7 +69,7 @@ func Routes(ctx gocontext.Context) *web.Route {
r.Get("/p2/{vendorname}/{projectname}.json", composer.PackageMetadata)
r.Get("/files/{package}/{version}/{filename}", composer.DownloadPackageFile)
r.Put("", reqPackageAccess(perm.AccessModeWrite), composer.UploadPackage)
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/conan", func() {
r.Group("/v1", func() {
r.Get("/ping", conan.Ping)
@@ -157,7 +157,7 @@ func Routes(ctx gocontext.Context) *web.Route {
}, conan.ExtractPathParameters)
})
})
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/generic", func() {
r.Group("/{packagename}/{packageversion}", func() {
r.Delete("", reqPackageAccess(perm.AccessModeWrite), generic.DeletePackage)
@@ -169,33 +169,35 @@ func Routes(ctx gocontext.Context) *web.Route {
}, reqPackageAccess(perm.AccessModeWrite))
})
})
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/helm", func() {
r.Get("/index.yaml", helm.Index)
r.Get("/{filename}", helm.DownloadPackageFile)
r.Post("/api/charts", reqPackageAccess(perm.AccessModeWrite), helm.UploadPackage)
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/maven", func() {
r.Put("/*", reqPackageAccess(perm.AccessModeWrite), maven.UploadPackageFile)
r.Get("/*", maven.DownloadPackageFile)
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/nuget", func() {
- r.Get("/index.json", nuget.ServiceIndex)
- r.Get("/query", nuget.SearchService)
- r.Group("/registration/{id}", func() {
- r.Get("/index.json", nuget.RegistrationIndex)
- r.Get("/{version}", nuget.RegistrationLeaf)
- })
- r.Group("/package/{id}", func() {
- r.Get("/index.json", nuget.EnumeratePackageVersions)
- r.Get("/{version}/{filename}", nuget.DownloadPackageFile)
- })
+ r.Get("/index.json", nuget.ServiceIndex) // Needs to be unauthenticated for the NuGet client.
r.Group("", func() {
- r.Put("/", nuget.UploadPackage)
- r.Put("/symbolpackage", nuget.UploadSymbolPackage)
- r.Delete("/{id}/{version}", nuget.DeletePackage)
- }, reqPackageAccess(perm.AccessModeWrite))
- r.Get("/symbols/{filename}/{guid:[0-9a-f]{32}}FFFFFFFF/{filename2}", nuget.DownloadSymbolFile)
+ r.Get("/query", nuget.SearchService)
+ r.Group("/registration/{id}", func() {
+ r.Get("/index.json", nuget.RegistrationIndex)
+ r.Get("/{version}", nuget.RegistrationLeaf)
+ })
+ r.Group("/package/{id}", func() {
+ r.Get("/index.json", nuget.EnumeratePackageVersions)
+ r.Get("/{version}/{filename}", nuget.DownloadPackageFile)
+ })
+ r.Group("", func() {
+ r.Put("/", nuget.UploadPackage)
+ r.Put("/symbolpackage", nuget.UploadSymbolPackage)
+ r.Delete("/{id}/{version}", nuget.DeletePackage)
+ }, reqPackageAccess(perm.AccessModeWrite))
+ r.Get("/symbols/{filename}/{guid:[0-9a-f]{32}}FFFFFFFF/{filename2}", nuget.DownloadSymbolFile)
+ }, reqPackageAccess(perm.AccessModeRead))
})
r.Group("/npm", func() {
r.Group("/@{scope}/{id}", func() {
@@ -239,7 +241,7 @@ func Routes(ctx gocontext.Context) *web.Route {
r.Group("/-/v1/search", func() {
r.Get("", npm.PackageSearch)
})
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/pub", func() {
r.Group("/api/packages", func() {
r.Group("/versions/new", func() {
@@ -253,12 +255,12 @@ func Routes(ctx gocontext.Context) *web.Route {
r.Get("/{version}", pub.PackageVersionMetadata)
})
})
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/pypi", func() {
r.Post("/", reqPackageAccess(perm.AccessModeWrite), pypi.UploadPackageFile)
r.Get("/files/{id}/{version}/{filename}", pypi.DownloadPackageFile)
r.Get("/simple/{id}", pypi.PackageMetadata)
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/rubygems", func() {
r.Get("/specs.4.8.gz", rubygems.EnumeratePackages)
r.Get("/latest_specs.4.8.gz", rubygems.EnumeratePackagesLatest)
@@ -269,7 +271,7 @@ func Routes(ctx gocontext.Context) *web.Route {
r.Post("/", rubygems.UploadPackageFile)
r.Delete("/yank", rubygems.DeletePackage)
}, reqPackageAccess(perm.AccessModeWrite))
- })
+ }, reqPackageAccess(perm.AccessModeRead))
r.Group("/vagrant", func() {
r.Group("/authenticate", func() {
r.Get("", vagrant.CheckAuthenticate)
@@ -282,8 +284,8 @@ func Routes(ctx gocontext.Context) *web.Route {
r.Put("", reqPackageAccess(perm.AccessModeWrite), vagrant.UploadPackageFile)
})
})
- })
- }, context_service.UserAssignmentWeb(), context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
+ }, reqPackageAccess(perm.AccessModeRead))
+ }, context_service.UserAssignmentWeb(), context.PackageAssignment())
return r
}