8 files changed, 557 insertions, 0 deletions

diff --git a/routers/web/admin/packages.go b/routers/web/admin/packages.go
new file mode 100644
index 0000000000..22be37526f
--- /dev/null
+++ b/routers/web/admin/packages.go
@@ -0,0 +1,95 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package admin
+
+import (
+	"net/http"
+	"net/url"
+
+	"code.gitea.io/gitea/models/db"
+	packages_model "code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	packages_service "code.gitea.io/gitea/services/packages"
+)
+
+const (
+	tplPackagesList base.TplName = "admin/packages/list"
+)
+
+// Packages shows all packages
+func Packages(ctx *context.Context) {
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	query := ctx.FormTrim("q")
+	packageType := ctx.FormTrim("type")
+	sort := ctx.FormTrim("sort")
+
+	pvs, total, err := packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{
+		QueryName: query,
+		Type:      packageType,
+		Sort:      sort,
+		Paginator: &db.ListOptions{
+			PageSize: setting.UI.PackagesPagingNum,
+			Page:     page,
+		},
+	})
+	if err != nil {
+		ctx.ServerError("SearchVersions", err)
+		return
+	}
+
+	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptors", err)
+		return
+	}
+
+	totalBlobSize, err := packages_model.GetTotalBlobSize()
+	if err != nil {
+		ctx.ServerError("GetTotalBlobSize", err)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("packages.title")
+	ctx.Data["PageIsAdmin"] = true
+	ctx.Data["PageIsAdminPackages"] = true
+	ctx.Data["Query"] = query
+	ctx.Data["PackageType"] = packageType
+	ctx.Data["SortType"] = sort
+	ctx.Data["PackageDescriptors"] = pds
+	ctx.Data["Total"] = total
+	ctx.Data["TotalBlobSize"] = totalBlobSize
+
+	pager := context.NewPagination(int(total), setting.UI.PackagesPagingNum, page, 5)
+	pager.AddParamString("q", query)
+	pager.AddParamString("type", packageType)
+	pager.AddParamString("sort", sort)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplPackagesList)
+}
+
+// DeletePackageVersion deletes a package version
+func DeletePackageVersion(ctx *context.Context) {
+	pv, err := packages_model.GetVersionByID(db.DefaultContext, ctx.FormInt64("id"))
+	if err != nil {
+		ctx.ServerError("GetRepositoryByID", err)
+		return
+	}
+
+	if err := packages_service.RemovePackageVersion(ctx.Doer, pv); err != nil {
+		ctx.ServerError("RemovePackageVersion", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("packages.settings.delete.success"))
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": setting.AppSubURL + "/admin/packages?page=" + url.QueryEscape(ctx.FormString("page")) + "&q=" + url.QueryEscape(ctx.FormString("q")) + "&type=" + url.QueryEscape(ctx.FormString("type")),
+	})
+}
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 454e4ce07e..fcfea53801 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -424,6 +424,11 @@ func DeleteUser(ctx *context.Context) {
 			ctx.JSON(http.StatusOK, map[string]interface{}{
 				"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
 			})
+		case models.IsErrUserOwnPackages(err):
+			ctx.Flash.Error(ctx.Tr("admin.users.still_own_packages"))
+			ctx.JSON(http.StatusOK, map[string]interface{}{
+				"redirect": setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"),
+			})
 		default:
 			ctx.ServerError("DeleteUser", err)
 		}
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index 7dd51b253b..5cd245ef09 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -182,6 +182,9 @@ func SettingsDelete(ctx *context.Context) {
 			if models.IsErrUserOwnRepos(err) {
 				ctx.Flash.Error(ctx.Tr("form.org_still_own_repo"))
 				ctx.Redirect(ctx.Org.OrgLink + "/settings/delete")
+			} else if models.IsErrUserOwnPackages(err) {
+				ctx.Flash.Error(ctx.Tr("form.org_still_own_packages"))
+				ctx.Redirect(ctx.Org.OrgLink + "/settings/delete")
 			} else {
 				ctx.ServerError("DeleteOrganization", err)
 			}
diff --git a/routers/web/repo/packages.go b/routers/web/repo/packages.go
new file mode 100644
index 0000000000..f796bb0de5
--- /dev/null
+++ b/routers/web/repo/packages.go
@@ -0,0 +1,72 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+const (
+	tplPackagesList base.TplName = "repo/packages"
+)
+
+// Packages displays a list of all packages in the repository
+func Packages(ctx *context.Context) {
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	query := ctx.FormTrim("q")
+	packageType := ctx.FormTrim("type")
+
+	pvs, total, err := packages.SearchLatestVersions(ctx, &packages.PackageSearchOptions{
+		Paginator: &db.ListOptions{
+			PageSize: setting.UI.PackagesPagingNum,
+			Page:     page,
+		},
+		OwnerID:   ctx.ContextUser.ID,
+		RepoID:    ctx.Repo.Repository.ID,
+		QueryName: query,
+		Type:      packageType,
+	})
+	if err != nil {
+		ctx.ServerError("SearchLatestVersions", err)
+		return
+	}
+
+	pds, err := packages.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptors", err)
+		return
+	}
+
+	hasPackages, err := packages.HasRepositoryPackages(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("HasRepositoryPackages", err)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("packages.title")
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["ContextUser"] = ctx.ContextUser
+	ctx.Data["Query"] = query
+	ctx.Data["PackageType"] = packageType
+	ctx.Data["HasPackages"] = hasPackages
+	ctx.Data["PackageDescriptors"] = pds
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(int(total), setting.UI.PackagesPagingNum, page, 5)
+	pager.AddParam(ctx, "q", "Query")
+	pager.AddParam(ctx, "type", "PackageType")
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplPackagesList)
+}
diff --git a/routers/web/repo/webhook.go b/routers/web/repo/webhook.go
index 81dab5a3b9..2dafd4b5f4 100644
--- a/routers/web/repo/webhook.go
+++ b/routers/web/repo/webhook.go
@@ -180,6 +180,7 @@ func ParseHookEvent(form forms.WebhookForm) *webhook.HookEvent {
 			PullRequestReview:    form.PullRequestReview,
 			PullRequestSync:      form.PullRequestSync,
 			Repository:           form.Repository,
+			Package:              form.Package,
 		},
 		BranchFilter: form.BranchFilter,
 	}
diff --git a/routers/web/user/package.go b/routers/web/user/package.go
new file mode 100644
index 0000000000..8a5294dce1
--- /dev/null
+++ b/routers/web/user/package.go
@@ -0,0 +1,344 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
+	packages_model "code.gitea.io/gitea/models/packages"
+	container_model "code.gitea.io/gitea/models/packages/container"
+	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	packages_service "code.gitea.io/gitea/services/packages"
+)
+
+const (
+	tplPackagesList       base.TplName = "user/overview/packages"
+	tplPackagesView       base.TplName = "package/view"
+	tplPackageVersionList base.TplName = "user/overview/package_versions"
+	tplPackagesSettings   base.TplName = "package/settings"
+)
+
+// ListPackages displays a list of all packages of the context user
+func ListPackages(ctx *context.Context) {
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	query := ctx.FormTrim("q")
+	packageType := ctx.FormTrim("type")
+
+	pvs, total, err := packages_model.SearchLatestVersions(ctx, &packages_model.PackageSearchOptions{
+		Paginator: &db.ListOptions{
+			PageSize: setting.UI.PackagesPagingNum,
+			Page:     page,
+		},
+		OwnerID:   ctx.ContextUser.ID,
+		Type:      packageType,
+		QueryName: query,
+	})
+	if err != nil {
+		ctx.ServerError("SearchLatestVersions", err)
+		return
+	}
+
+	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptors", err)
+		return
+	}
+
+	hasPackages, err := packages_model.HasOwnerPackages(ctx, ctx.ContextUser.ID)
+	if err != nil {
+		ctx.ServerError("HasOwnerPackages", err)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("packages.title")
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["ContextUser"] = ctx.ContextUser
+	ctx.Data["Query"] = query
+	ctx.Data["PackageType"] = packageType
+	ctx.Data["HasPackages"] = hasPackages
+	ctx.Data["PackageDescriptors"] = pds
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(int(total), setting.UI.PackagesPagingNum, page, 5)
+	pager.AddParam(ctx, "q", "Query")
+	pager.AddParam(ctx, "type", "PackageType")
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplPackagesList)
+}
+
+// RedirectToLastVersion redirects to the latest package version
+func RedirectToLastVersion(ctx *context.Context) {
+	p, err := packages_model.GetPackageByName(ctx, ctx.Package.Owner.ID, packages_model.Type(ctx.Params("type")), ctx.Params("name"))
+	if err != nil {
+		if err == packages_model.ErrPackageNotExist {
+			ctx.NotFound("GetPackageByName", err)
+		} else {
+			ctx.ServerError("GetPackageByName", err)
+		}
+		return
+	}
+
+	pvs, _, err := packages_model.SearchLatestVersions(ctx, &packages_model.PackageSearchOptions{
+		PackageID: p.ID,
+	})
+	if err != nil {
+		ctx.ServerError("GetPackageByName", err)
+		return
+	}
+	if len(pvs) == 0 {
+		ctx.NotFound("", err)
+		return
+	}
+
+	pd, err := packages_model.GetPackageDescriptor(ctx, pvs[0])
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptor", err)
+		return
+	}
+
+	ctx.Redirect(pd.FullWebLink())
+}
+
+// ViewPackageVersion displays a single package version
+func ViewPackageVersion(ctx *context.Context) {
+	pd := ctx.Package.Descriptor
+
+	ctx.Data["Title"] = pd.Package.Name
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["ContextUser"] = ctx.ContextUser
+	ctx.Data["PackageDescriptor"] = pd
+
+	var (
+		total int64
+		pvs   []*packages_model.PackageVersion
+		err   error
+	)
+	switch pd.Package.Type {
+	case packages_model.TypeContainer:
+		ctx.Data["RegistryHost"] = setting.Packages.RegistryHost
+
+		pvs, total, err = container_model.SearchImageTags(ctx, &container_model.ImageTagsSearchOptions{
+			Paginator: db.NewAbsoluteListOptions(0, 5),
+			PackageID: pd.Package.ID,
+			IsTagged:  true,
+		})
+	default:
+		pvs, total, err = packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{
+			Paginator: db.NewAbsoluteListOptions(0, 5),
+			PackageID: pd.Package.ID,
+		})
+		if err != nil {
+			ctx.ServerError("SearchVersions", err)
+			return
+		}
+	}
+	if err != nil {
+		ctx.ServerError("", err)
+		return
+	}
+
+	ctx.Data["LatestVersions"] = pvs
+	ctx.Data["TotalVersionCount"] = total
+
+	ctx.Data["CanWritePackages"] = ctx.Package.AccessMode >= perm.AccessModeWrite || ctx.IsUserSiteAdmin()
+
+	ctx.HTML(http.StatusOK, tplPackagesView)
+}
+
+// ListPackageVersions lists all versions of a package
+func ListPackageVersions(ctx *context.Context) {
+	p, err := packages_model.GetPackageByName(ctx, ctx.Package.Owner.ID, packages_model.Type(ctx.Params("type")), ctx.Params("name"))
+	if err != nil {
+		if err == packages_model.ErrPackageNotExist {
+			ctx.NotFound("GetPackageByName", err)
+		} else {
+			ctx.ServerError("GetPackageByName", err)
+		}
+		return
+	}
+
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	pagination := &db.ListOptions{
+		PageSize: setting.UI.PackagesPagingNum,
+		Page:     page,
+	}
+
+	query := ctx.FormTrim("q")
+
+	ctx.Data["Title"] = ctx.Tr("packages.title")
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["ContextUser"] = ctx.ContextUser
+	ctx.Data["PackageDescriptor"] = &packages_model.PackageDescriptor{
+		Package: p,
+		Owner:   ctx.Package.Owner,
+	}
+	ctx.Data["Query"] = query
+
+	pagerParams := map[string]string{
+		"q": query,
+	}
+
+	var (
+		total int64
+		pvs   []*packages_model.PackageVersion
+	)
+	switch p.Type {
+	case packages_model.TypeContainer:
+		tagged := ctx.FormTrim("tagged")
+
+		pagerParams["tagged"] = tagged
+		ctx.Data["Tagged"] = tagged
+
+		pvs, total, err = container_model.SearchImageTags(ctx, &container_model.ImageTagsSearchOptions{
+			Paginator: pagination,
+			PackageID: p.ID,
+			Query:     query,
+			IsTagged:  tagged == "" || tagged == "tagged",
+		})
+		if err != nil {
+			ctx.ServerError("SearchImageTags", err)
+			return
+		}
+	default:
+		pvs, total, err = packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{
+			Paginator:    pagination,
+			PackageID:    p.ID,
+			QueryVersion: query,
+		})
+		if err != nil {
+			ctx.ServerError("SearchVersions", err)
+			return
+		}
+	}
+
+	ctx.Data["PackageDescriptors"], err = packages_model.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		ctx.ServerError("GetPackageDescriptors", err)
+		return
+	}
+
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(int(total), setting.UI.PackagesPagingNum, page, 5)
+	for k, v := range pagerParams {
+		pager.AddParamString(k, v)
+	}
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplPackageVersionList)
+}
+
+// PackageSettings displays the package settings page
+func PackageSettings(ctx *context.Context) {
+	pd := ctx.Package.Descriptor
+
+	ctx.Data["Title"] = pd.Package.Name
+	ctx.Data["IsPackagesPage"] = true
+	ctx.Data["ContextUser"] = ctx.ContextUser
+	ctx.Data["PackageDescriptor"] = pd
+
+	repos, _, _ := models.GetUserRepositories(&models.SearchRepoOptions{
+		Actor: pd.Owner,
+	})
+	ctx.Data["Repos"] = repos
+	ctx.Data["CanWritePackages"] = ctx.Package.AccessMode >= perm.AccessModeWrite || ctx.IsUserSiteAdmin()
+
+	ctx.HTML(http.StatusOK, tplPackagesSettings)
+}
+
+// PackageSettingsPost updates the package settings
+func PackageSettingsPost(ctx *context.Context) {
+	pd := ctx.Package.Descriptor
+
+	form := web.GetForm(ctx).(*forms.PackageSettingForm)
+	switch form.Action {
+	case "link":
+		success := func() bool {
+			repoID := int64(0)
+			if form.RepoID != 0 {
+				repo, err := repo_model.GetRepositoryByID(form.RepoID)
+				if err != nil {
+					log.Error("Error getting repository: %v", err)
+					return false
+				}
+
+				if repo.OwnerID != pd.Owner.ID {
+					return false
+				}
+
+				repoID = repo.ID
+			}
+
+			if err := packages_model.SetRepositoryLink(ctx, pd.Package.ID, repoID); err != nil {
+				log.Error("Error updating package: %v", err)
+				return false
+			}
+
+			return true
+		}()
+
+		if success {
+			ctx.Flash.Success(ctx.Tr("packages.settings.link.success"))
+		} else {
+			ctx.Flash.Error(ctx.Tr("packages.settings.link.error"))
+		}
+
+		ctx.Redirect(ctx.Link)
+		return
+	case "delete":
+		err := packages_service.RemovePackageVersion(ctx.Doer, ctx.Package.Descriptor.Version)
+		if err != nil {
+			log.Error("Error deleting package: %v", err)
+			ctx.Flash.Error(ctx.Tr("packages.settings.delete.error"))
+		} else {
+			ctx.Flash.Success(ctx.Tr("packages.settings.delete.success"))
+		}
+
+		ctx.Redirect(ctx.Package.Owner.HTMLURL() + "/-/packages")
+		return
+	}
+}
+
+// DownloadPackageFile serves the content of a package file
+func DownloadPackageFile(ctx *context.Context) {
+	pf, err := packages_model.GetFileForVersionByID(ctx, ctx.Package.Descriptor.Version.ID, ctx.ParamsInt64(":fileid"))
+	if err != nil {
+		if err == packages_model.ErrPackageFileNotExist {
+			ctx.NotFound("", err)
+		} else {
+			ctx.ServerError("GetFileForVersionByID", err)
+		}
+		return
+	}
+
+	s, _, err := packages_service.GetPackageFileStream(
+		ctx,
+		ctx.Package.Descriptor.Version,
+		pf,
+	)
+	if err != nil {
+		ctx.ServerError("GetPackageFileStream", err)
+		return
+	}
+	defer s.Close()
+
+	ctx.ServeStream(s, pf.Name)
+}
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index a5854991a0..b2476dff94 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -251,6 +251,9 @@ func DeleteAccount(ctx *context.Context) {
 		case models.IsErrUserHasOrgs(err):
 			ctx.Flash.Error(ctx.Tr("form.still_has_org"))
 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")
+		case models.IsErrUserOwnPackages(err):
+			ctx.Flash.Error(ctx.Tr("form.still_own_packages"))
+			ctx.Redirect(setting.AppSubURL + "/user/settings/account")
 		default:
 			ctx.ServerError("DeleteUser", err)
 		}
diff --git a/routers/web/web.go b/routers/web/web.go
index 485ba1a1a0..60e104ccf8 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"path"
 
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
@@ -471,6 +472,11 @@ func RegisterRoutes(m *web.Route) {
 			m.Post("/delete", admin.DeleteRepo)
 		})
 
+		m.Group("/packages", func() {
+			m.Get("", admin.Packages)
+			m.Post("/delete", admin.DeletePackageVersion)
+		})
+
 		m.Group("/hooks", func() {
 			m.Get("", admin.DefaultOrSystemWebhooks)
 			m.Post("/delete", admin.DeleteDefaultOrSystemWebhook)
@@ -557,6 +563,14 @@ func RegisterRoutes(m *web.Route) {
 	reqRepoProjectsReader := context.RequireRepoReader(unit.TypeProjects)
 	reqRepoProjectsWriter := context.RequireRepoWriter(unit.TypeProjects)
 
+	reqPackageAccess := func(accessMode perm.AccessMode) func(ctx *context.Context) {
+		return func(ctx *context.Context) {
+			if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {
+				ctx.NotFound("", nil)
+			}
+		}
+	}
+
 	// ***** START: Organization *****
 	m.Group("/org", func() {
 		m.Group("", func() {
@@ -654,6 +668,24 @@ func RegisterRoutes(m *web.Route) {
 		}, context.RepoIDAssignment(), context.UnitTypes(), reqRepoCodeReader)
 	}, reqSignIn)
 
+	m.Group("/{username}/-", func() {
+		m.Group("/packages", func() {
+			m.Get("", user.ListPackages)
+			m.Group("/{type}/{name}", func() {
+				m.Get("", user.RedirectToLastVersion)
+				m.Get("/versions", user.ListPackageVersions)
+				m.Group("/{version}", func() {
+					m.Get("", user.ViewPackageVersion)
+					m.Get("/files/{fileid}", user.DownloadPackageFile)
+					m.Group("/settings", func() {
+						m.Get("", user.PackageSettings)
+						m.Post("", bindIgnErr(forms.PackageSettingForm{}), user.PackageSettingsPost)
+					}, reqPackageAccess(perm.AccessModeWrite))
+				})
+			})
+		}, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
+	}, context_service.UserAssignmentWeb())
+
 	// ***** Release Attachment Download without Signin
 	m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)
 
@@ -940,6 +972,8 @@ func RegisterRoutes(m *web.Route) {
 			m.Get("/milestones", reqRepoIssuesOrPullsReader, repo.Milestones)
 		}, context.RepoRef())
 
+		m.Get("/packages", repo.Packages)
+
 		m.Group("/projects", func() {
 			m.Get("", repo.Projects)
 			m.Get("/{id}", repo.ViewProject)