mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14460 Commits
17 Branches
Tree: 6ba9ff7b48
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6ba9ff7b48'
${ noResults }
gitea/routers/api/packages/api.go

api.go 18KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package packages

  5. 

  6. import (

  7. 	gocontext "context"

  8. 	"net/http"

  9. 	"regexp"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/models/perm"

  13. 	"code.gitea.io/gitea/modules/context"

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	"code.gitea.io/gitea/modules/setting"

  16. 	"code.gitea.io/gitea/modules/web"

  17. 	"code.gitea.io/gitea/routers/api/packages/composer"

  18. 	"code.gitea.io/gitea/routers/api/packages/conan"

  19. 	"code.gitea.io/gitea/routers/api/packages/conda"

  20. 	"code.gitea.io/gitea/routers/api/packages/container"

  21. 	"code.gitea.io/gitea/routers/api/packages/generic"

  22. 	"code.gitea.io/gitea/routers/api/packages/helm"

  23. 	"code.gitea.io/gitea/routers/api/packages/maven"

  24. 	"code.gitea.io/gitea/routers/api/packages/npm"

  25. 	"code.gitea.io/gitea/routers/api/packages/nuget"

  26. 	"code.gitea.io/gitea/routers/api/packages/pub"

  27. 	"code.gitea.io/gitea/routers/api/packages/pypi"

  28. 	"code.gitea.io/gitea/routers/api/packages/rubygems"

  29. 	"code.gitea.io/gitea/routers/api/packages/vagrant"

  30. 	"code.gitea.io/gitea/services/auth"

  31. 	context_service "code.gitea.io/gitea/services/context"

  32. )

  33. 

  34. func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {

  35. 	return func(ctx *context.Context) {

  36. 		if ctx.Package.AccessMode < accessMode && !ctx.IsUserSiteAdmin() {

  37. 			ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)

  38. 			ctx.Error(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")

  39. 			return

  40. 		}

  41. 	}

  42. }

  43. 

  44. // CommonRoutes provide endpoints for most package managers (except containers - see below)

  45. // These are mounted on `/api/packages` (not `/api/v1/packages`)

  46. func CommonRoutes(ctx gocontext.Context) *web.Route {

  47. 	r := web.NewRoute()

  48. 

  49. 	r.Use(context.PackageContexter(ctx))

  50. 

  51. 	authMethods := []auth.Method{

  52. 		&auth.OAuth2{},

  53. 		&auth.Basic{},

  54. 		&nuget.Auth{},

  55. 		&conan.Auth{},

  56. 	}

  57. 	if setting.Service.EnableReverseProxyAuth {

  58. 		authMethods = append(authMethods, &auth.ReverseProxy{})

  59. 	}

  60. 

  61. 	authGroup := auth.NewGroup(authMethods...)

  62. 	r.Use(func(ctx *context.Context) {

  63. 		var err error

  64. 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)

  65. 		if err != nil {

  66. 			log.Error("Verify: %v", err)

  67. 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")

  68. 			return

  69. 		}

  70. 		ctx.IsSigned = ctx.Doer != nil

  71. 	})

  72. 

  73. 	r.Group("/{username}", func() {

  74. 		r.Group("/composer", func() {

  75. 			r.Get("/packages.json", composer.ServiceIndex)

  76. 			r.Get("/search.json", composer.SearchPackages)

  77. 			r.Get("/list.json", composer.EnumeratePackages)

  78. 			r.Get("/p2/{vendorname}/{projectname}~dev.json", composer.PackageMetadata)

  79. 			r.Get("/p2/{vendorname}/{projectname}.json", composer.PackageMetadata)

  80. 			r.Get("/files/{package}/{version}/{filename}", composer.DownloadPackageFile)

  81. 			r.Put("", reqPackageAccess(perm.AccessModeWrite), composer.UploadPackage)

  82. 		}, reqPackageAccess(perm.AccessModeRead))

  83. 		r.Group("/conan", func() {

  84. 			r.Group("/v1", func() {

  85. 				r.Get("/ping", conan.Ping)

  86. 				r.Group("/users", func() {

  87. 					r.Get("/authenticate", conan.Authenticate)

  88. 					r.Get("/check_credentials", conan.CheckCredentials)

  89. 				})

  90. 				r.Group("/conans", func() {

  91. 					r.Get("/search", conan.SearchRecipes)

  92. 					r.Group("/{name}/{version}/{user}/{channel}", func() {

  93. 						r.Get("", conan.RecipeSnapshot)

  94. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV1)

  95. 						r.Get("/search", conan.SearchPackagesV1)

  96. 						r.Get("/digest", conan.RecipeDownloadURLs)

  97. 						r.Post("/upload_urls", reqPackageAccess(perm.AccessModeWrite), conan.RecipeUploadURLs)

  98. 						r.Get("/download_urls", conan.RecipeDownloadURLs)

  99. 						r.Group("/packages", func() {

  100. 							r.Post("/delete", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV1)

  101. 							r.Group("/{package_reference}", func() {

  102. 								r.Get("", conan.PackageSnapshot)

  103. 								r.Get("/digest", conan.PackageDownloadURLs)

  104. 								r.Post("/upload_urls", reqPackageAccess(perm.AccessModeWrite), conan.PackageUploadURLs)

  105. 								r.Get("/download_urls", conan.PackageDownloadURLs)

  106. 							})

  107. 						})

  108. 					}, conan.ExtractPathParameters)

  109. 				})

  110. 				r.Group("/files/{name}/{version}/{user}/{channel}/{recipe_revision}", func() {

  111. 					r.Group("/recipe/{filename}", func() {

  112. 						r.Get("", conan.DownloadRecipeFile)

  113. 						r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadRecipeFile)

  114. 					})

  115. 					r.Group("/package/{package_reference}/{package_revision}/{filename}", func() {

  116. 						r.Get("", conan.DownloadPackageFile)

  117. 						r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadPackageFile)

  118. 					})

  119. 				}, conan.ExtractPathParameters)

  120. 			})

  121. 			r.Group("/v2", func() {

  122. 				r.Get("/ping", conan.Ping)

  123. 				r.Group("/users", func() {

  124. 					r.Get("/authenticate", conan.Authenticate)

  125. 					r.Get("/check_credentials", conan.CheckCredentials)

  126. 				})

  127. 				r.Group("/conans", func() {

  128. 					r.Get("/search", conan.SearchRecipes)

  129. 					r.Group("/{name}/{version}/{user}/{channel}", func() {

  130. 						r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV2)

  131. 						r.Get("/search", conan.SearchPackagesV2)

  132. 						r.Get("/latest", conan.LatestRecipeRevision)

  133. 						r.Group("/revisions", func() {

  134. 							r.Get("", conan.ListRecipeRevisions)

  135. 							r.Group("/{recipe_revision}", func() {

  136. 								r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeleteRecipeV2)

  137. 								r.Get("/search", conan.SearchPackagesV2)

  138. 								r.Group("/files", func() {

  139. 									r.Get("", conan.ListRecipeRevisionFiles)

  140. 									r.Group("/{filename}", func() {

  141. 										r.Get("", conan.DownloadRecipeFile)

  142. 										r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadRecipeFile)

  143. 									})

  144. 								})

  145. 								r.Group("/packages", func() {

  146. 									r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  147. 									r.Group("/{package_reference}", func() {

  148. 										r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  149. 										r.Get("/latest", conan.LatestPackageRevision)

  150. 										r.Group("/revisions", func() {

  151. 											r.Get("", conan.ListPackageRevisions)

  152. 											r.Group("/{package_revision}", func() {

  153. 												r.Delete("", reqPackageAccess(perm.AccessModeWrite), conan.DeletePackageV2)

  154. 												r.Group("/files", func() {

  155. 													r.Get("", conan.ListPackageRevisionFiles)

  156. 													r.Group("/{filename}", func() {

  157. 														r.Get("", conan.DownloadPackageFile)

  158. 														r.Put("", reqPackageAccess(perm.AccessModeWrite), conan.UploadPackageFile)

  159. 													})

  160. 												})

  161. 											})

  162. 										})

  163. 									})

  164. 								})

  165. 							})

  166. 						})

  167. 					}, conan.ExtractPathParameters)

  168. 				})

  169. 			})

  170. 		}, reqPackageAccess(perm.AccessModeRead))

  171. 		r.Group("/conda", func() {

  172. 			var (

  173. 				downloadPattern = regexp.MustCompile(`\A(.+/)?(.+)/((?:[^/]+(?:\.tar\.bz2|\.conda))|(?:current_)?repodata\.json(?:\.bz2)?)\z`)

  174. 				uploadPattern   = regexp.MustCompile(`\A(.+/)?([^/]+(?:\.tar\.bz2|\.conda))\z`)

  175. 			)

  176. 

  177. 			r.Get("/*", func(ctx *context.Context) {

  178. 				m := downloadPattern.FindStringSubmatch(ctx.Params("*"))

  179. 				if len(m) == 0 {

  180. 					ctx.Status(http.StatusNotFound)

  181. 					return

  182. 				}

  183. 

  184. 				ctx.SetParams("channel", strings.TrimSuffix(m[1], "/"))

  185. 				ctx.SetParams("architecture", m[2])

  186. 				ctx.SetParams("filename", m[3])

  187. 

  188. 				switch m[3] {

  189. 				case "repodata.json", "repodata.json.bz2", "current_repodata.json", "current_repodata.json.bz2":

  190. 					conda.EnumeratePackages(ctx)

  191. 				default:

  192. 					conda.DownloadPackageFile(ctx)

  193. 				}

  194. 			})

  195. 			r.Put("/*", reqPackageAccess(perm.AccessModeWrite), func(ctx *context.Context) {

  196. 				m := uploadPattern.FindStringSubmatch(ctx.Params("*"))

  197. 				if len(m) == 0 {

  198. 					ctx.Status(http.StatusNotFound)

  199. 					return

  200. 				}

  201. 

  202. 				ctx.SetParams("channel", strings.TrimSuffix(m[1], "/"))

  203. 				ctx.SetParams("filename", m[2])

  204. 

  205. 				conda.UploadPackageFile(ctx)

  206. 			})

  207. 		}, reqPackageAccess(perm.AccessModeRead))

  208. 		r.Group("/generic", func() {

  209. 			r.Group("/{packagename}/{packageversion}", func() {

  210. 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), generic.DeletePackage)

  211. 				r.Group("/{filename}", func() {

  212. 					r.Get("", generic.DownloadPackageFile)

  213. 					r.Group("", func() {

  214. 						r.Put("", generic.UploadPackage)

  215. 						r.Delete("", generic.DeletePackageFile)

  216. 					}, reqPackageAccess(perm.AccessModeWrite))

  217. 				})

  218. 			})

  219. 		}, reqPackageAccess(perm.AccessModeRead))

  220. 		r.Group("/helm", func() {

  221. 			r.Get("/index.yaml", helm.Index)

  222. 			r.Get("/{filename}", helm.DownloadPackageFile)

  223. 			r.Post("/api/charts", reqPackageAccess(perm.AccessModeWrite), helm.UploadPackage)

  224. 		}, reqPackageAccess(perm.AccessModeRead))

  225. 		r.Group("/maven", func() {

  226. 			r.Put("/*", reqPackageAccess(perm.AccessModeWrite), maven.UploadPackageFile)

  227. 			r.Get("/*", maven.DownloadPackageFile)

  228. 			r.Head("/*", maven.ProvidePackageFileHeader)

  229. 		}, reqPackageAccess(perm.AccessModeRead))

  230. 		r.Group("/nuget", func() {

  231. 			r.Group("", func() { // Needs to be unauthenticated for the NuGet client.

  232. 				r.Get("/", nuget.ServiceIndexV2)

  233. 				r.Get("/index.json", nuget.ServiceIndexV3)

  234. 				r.Get("/$metadata", nuget.FeedCapabilityResource)

  235. 			})

  236. 			r.Group("", func() {

  237. 				r.Get("/query", nuget.SearchServiceV3)

  238. 				r.Group("/registration/{id}", func() {

  239. 					r.Get("/index.json", nuget.RegistrationIndex)

  240. 					r.Get("/{version}", nuget.RegistrationLeafV3)

  241. 				})

  242. 				r.Group("/package/{id}", func() {

  243. 					r.Get("/index.json", nuget.EnumeratePackageVersionsV3)

  244. 					r.Get("/{version}/{filename}", nuget.DownloadPackageFile)

  245. 				})

  246. 				r.Group("", func() {

  247. 					r.Put("/", nuget.UploadPackage)

  248. 					r.Put("/symbolpackage", nuget.UploadSymbolPackage)

  249. 					r.Delete("/{id}/{version}", nuget.DeletePackage)

  250. 				}, reqPackageAccess(perm.AccessModeWrite))

  251. 				r.Get("/symbols/{filename}/{guid:[0-9a-fA-F]{32}[fF]{8}}/{filename2}", nuget.DownloadSymbolFile)

  252. 				r.Get("/Packages(Id='{id:[^']+}',Version='{version:[^']+}')", nuget.RegistrationLeafV2)

  253. 				r.Get("/Packages()", nuget.SearchServiceV2)

  254. 				r.Get("/FindPackagesById()", nuget.EnumeratePackageVersionsV2)

  255. 				r.Get("/Search()", nuget.SearchServiceV2)

  256. 			}, reqPackageAccess(perm.AccessModeRead))

  257. 		})

  258. 		r.Group("/npm", func() {

  259. 			r.Group("/@{scope}/{id}", func() {

  260. 				r.Get("", npm.PackageMetadata)

  261. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), npm.UploadPackage)

  262. 				r.Group("/-/{version}/{filename}", func() {

  263. 					r.Get("", npm.DownloadPackageFile)

  264. 					r.Delete("/-rev/{revision}", reqPackageAccess(perm.AccessModeWrite), npm.DeletePackageVersion)

  265. 				})

  266. 				r.Get("/-/{filename}", npm.DownloadPackageFileByName)

  267. 				r.Group("/-rev/{revision}", func() {

  268. 					r.Delete("", npm.DeletePackage)

  269. 					r.Put("", npm.DeletePreview)

  270. 				}, reqPackageAccess(perm.AccessModeWrite))

  271. 			})

  272. 			r.Group("/{id}", func() {

  273. 				r.Get("", npm.PackageMetadata)

  274. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), npm.UploadPackage)

  275. 				r.Group("/-/{version}/{filename}", func() {

  276. 					r.Get("", npm.DownloadPackageFile)

  277. 					r.Delete("/-rev/{revision}", reqPackageAccess(perm.AccessModeWrite), npm.DeletePackageVersion)

  278. 				})

  279. 				r.Get("/-/{filename}", npm.DownloadPackageFileByName)

  280. 				r.Group("/-rev/{revision}", func() {

  281. 					r.Delete("", npm.DeletePackage)

  282. 					r.Put("", npm.DeletePreview)

  283. 				}, reqPackageAccess(perm.AccessModeWrite))

  284. 			})

  285. 			r.Group("/-/package/@{scope}/{id}/dist-tags", func() {

  286. 				r.Get("", npm.ListPackageTags)

  287. 				r.Group("/{tag}", func() {

  288. 					r.Put("", npm.AddPackageTag)

  289. 					r.Delete("", npm.DeletePackageTag)

  290. 				}, reqPackageAccess(perm.AccessModeWrite))

  291. 			})

  292. 			r.Group("/-/package/{id}/dist-tags", func() {

  293. 				r.Get("", npm.ListPackageTags)

  294. 				r.Group("/{tag}", func() {

  295. 					r.Put("", npm.AddPackageTag)

  296. 					r.Delete("", npm.DeletePackageTag)

  297. 				}, reqPackageAccess(perm.AccessModeWrite))

  298. 			})

  299. 			r.Group("/-/v1/search", func() {

  300. 				r.Get("", npm.PackageSearch)

  301. 			})

  302. 		}, reqPackageAccess(perm.AccessModeRead))

  303. 		r.Group("/pub", func() {

  304. 			r.Group("/api/packages", func() {

  305. 				r.Group("/versions/new", func() {

  306. 					r.Get("", pub.RequestUpload)

  307. 					r.Post("/upload", pub.UploadPackageFile)

  308. 					r.Get("/finalize/{id}/{version}", pub.FinalizePackage)

  309. 				}, reqPackageAccess(perm.AccessModeWrite))

  310. 				r.Group("/{id}", func() {

  311. 					r.Get("", pub.EnumeratePackageVersions)

  312. 					r.Get("/files/{version}", pub.DownloadPackageFile)

  313. 					r.Get("/{version}", pub.PackageVersionMetadata)

  314. 				})

  315. 			})

  316. 		}, reqPackageAccess(perm.AccessModeRead))

  317. 		r.Group("/pypi", func() {

  318. 			r.Post("/", reqPackageAccess(perm.AccessModeWrite), pypi.UploadPackageFile)

  319. 			r.Get("/files/{id}/{version}/{filename}", pypi.DownloadPackageFile)

  320. 			r.Get("/simple/{id}", pypi.PackageMetadata)

  321. 		}, reqPackageAccess(perm.AccessModeRead))

  322. 		r.Group("/rubygems", func() {

  323. 			r.Get("/specs.4.8.gz", rubygems.EnumeratePackages)

  324. 			r.Get("/latest_specs.4.8.gz", rubygems.EnumeratePackagesLatest)

  325. 			r.Get("/prerelease_specs.4.8.gz", rubygems.EnumeratePackagesPreRelease)

  326. 			r.Get("/quick/Marshal.4.8/{filename}", rubygems.ServePackageSpecification)

  327. 			r.Get("/gems/{filename}", rubygems.DownloadPackageFile)

  328. 			r.Group("/api/v1/gems", func() {

  329. 				r.Post("/", rubygems.UploadPackageFile)

  330. 				r.Delete("/yank", rubygems.DeletePackage)

  331. 			}, reqPackageAccess(perm.AccessModeWrite))

  332. 		}, reqPackageAccess(perm.AccessModeRead))

  333. 		r.Group("/vagrant", func() {

  334. 			r.Group("/authenticate", func() {

  335. 				r.Get("", vagrant.CheckAuthenticate)

  336. 			})

  337. 			r.Group("/{name}", func() {

  338. 				r.Head("", vagrant.CheckBoxAvailable)

  339. 				r.Get("", vagrant.EnumeratePackageVersions)

  340. 				r.Group("/{version}/{provider}", func() {

  341. 					r.Get("", vagrant.DownloadPackageFile)

  342. 					r.Put("", reqPackageAccess(perm.AccessModeWrite), vagrant.UploadPackageFile)

  343. 				})

  344. 			})

  345. 		}, reqPackageAccess(perm.AccessModeRead))

  346. 	}, context_service.UserAssignmentWeb(), context.PackageAssignment())

  347. 

  348. 	return r

  349. }

  350. 

  351. // ContainerRoutes provides endpoints that implement the OCI API to serve containers

  352. // These have to be mounted on `/v2/...` to comply with the OCI spec:

  353. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md

  354. func ContainerRoutes(ctx gocontext.Context) *web.Route {

  355. 	r := web.NewRoute()

  356. 

  357. 	r.Use(context.PackageContexter(ctx))

  358. 

  359. 	authMethods := []auth.Method{

  360. 		&auth.Basic{},

  361. 		&container.Auth{},

  362. 	}

  363. 	if setting.Service.EnableReverseProxyAuth {

  364. 		authMethods = append(authMethods, &auth.ReverseProxy{})

  365. 	}

  366. 

  367. 	authGroup := auth.NewGroup(authMethods...)

  368. 	r.Use(func(ctx *context.Context) {

  369. 		var err error

  370. 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)

  371. 		if err != nil {

  372. 			log.Error("Failed to verify user: %v", err)

  373. 			ctx.Error(http.StatusUnauthorized, "Verify")

  374. 			return

  375. 		}

  376. 		ctx.IsSigned = ctx.Doer != nil

  377. 	})

  378. 

  379. 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)

  380. 	r.Get("/token", container.Authenticate)

  381. 	r.Get("/_catalog", container.ReqContainerAccess, container.GetRepositoryList)

  382. 	r.Group("/{username}", func() {

  383. 		r.Group("/{image}", func() {

  384. 			r.Group("/blobs/uploads", func() {

  385. 				r.Post("", container.InitiateUploadBlob)

  386. 				r.Group("/{uuid}", func() {

  387. 					r.Get("", container.GetUploadBlob)

  388. 					r.Patch("", container.UploadBlob)

  389. 					r.Put("", container.EndUploadBlob)

  390. 					r.Delete("", container.CancelUploadBlob)

  391. 				})

  392. 			}, reqPackageAccess(perm.AccessModeWrite))

  393. 			r.Group("/blobs/{digest}", func() {

  394. 				r.Head("", container.HeadBlob)

  395. 				r.Get("", container.GetBlob)

  396. 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), container.DeleteBlob)

  397. 			})

  398. 			r.Group("/manifests/{reference}", func() {

  399. 				r.Put("", reqPackageAccess(perm.AccessModeWrite), container.UploadManifest)

  400. 				r.Head("", container.HeadManifest)

  401. 				r.Get("", container.GetManifest)

  402. 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), container.DeleteManifest)

  403. 			})

  404. 			r.Get("/tags/list", container.GetTagList)

  405. 		}, container.VerifyImageName)

  406. 

  407. 		var (

  408. 			blobsUploadsPattern = regexp.MustCompile(`\A(.+)/blobs/uploads/([a-zA-Z0-9-_.=]+)\z`)

  409. 			blobsPattern        = regexp.MustCompile(`\A(.+)/blobs/([^/]+)\z`)

  410. 			manifestsPattern    = regexp.MustCompile(`\A(.+)/manifests/([^/]+)\z`)

  411. 		)

  412. 

  413. 		// Manual mapping of routes because {image} can contain slashes which chi does not support

  414. 		r.Route("/*", "HEAD,GET,POST,PUT,PATCH,DELETE", func(ctx *context.Context) {

  415. 			path := ctx.Params("*")

  416. 			isHead := ctx.Req.Method == "HEAD"

  417. 			isGet := ctx.Req.Method == "GET"

  418. 			isPost := ctx.Req.Method == "POST"

  419. 			isPut := ctx.Req.Method == "PUT"

  420. 			isPatch := ctx.Req.Method == "PATCH"

  421. 			isDelete := ctx.Req.Method == "DELETE"

  422. 

  423. 			if isPost && strings.HasSuffix(path, "/blobs/uploads") {

  424. 				reqPackageAccess(perm.AccessModeWrite)(ctx)

  425. 				if ctx.Written() {

  426. 					return

  427. 				}

  428. 

  429. 				ctx.SetParams("image", path[:len(path)-14])

  430. 				container.VerifyImageName(ctx)

  431. 				if ctx.Written() {

  432. 					return

  433. 				}

  434. 

  435. 				container.InitiateUploadBlob(ctx)

  436. 				return

  437. 			}

  438. 			if isGet && strings.HasSuffix(path, "/tags/list") {

  439. 				ctx.SetParams("image", path[:len(path)-10])

  440. 				container.VerifyImageName(ctx)

  441. 				if ctx.Written() {

  442. 					return

  443. 				}

  444. 

  445. 				container.GetTagList(ctx)

  446. 				return

  447. 			}

  448. 

  449. 			m := blobsUploadsPattern.FindStringSubmatch(path)

  450. 			if len(m) == 3 && (isGet || isPut || isPatch || isDelete) {

  451. 				reqPackageAccess(perm.AccessModeWrite)(ctx)

  452. 				if ctx.Written() {

  453. 					return

  454. 				}

  455. 

  456. 				ctx.SetParams("image", m[1])

  457. 				container.VerifyImageName(ctx)

  458. 				if ctx.Written() {

  459. 					return

  460. 				}

  461. 

  462. 				ctx.SetParams("uuid", m[2])

  463. 

  464. 				if isGet {

  465. 					container.GetUploadBlob(ctx)

  466. 				} else if isPatch {

  467. 					container.UploadBlob(ctx)

  468. 				} else if isPut {

  469. 					container.EndUploadBlob(ctx)

  470. 				} else {

  471. 					container.CancelUploadBlob(ctx)

  472. 				}

  473. 				return

  474. 			}

  475. 			m = blobsPattern.FindStringSubmatch(path)

  476. 			if len(m) == 3 && (isHead || isGet || isDelete) {

  477. 				ctx.SetParams("image", m[1])

  478. 				container.VerifyImageName(ctx)

  479. 				if ctx.Written() {

  480. 					return

  481. 				}

  482. 

  483. 				ctx.SetParams("digest", m[2])

  484. 

  485. 				if isHead {

  486. 					container.HeadBlob(ctx)

  487. 				} else if isGet {

  488. 					container.GetBlob(ctx)

  489. 				} else {

  490. 					reqPackageAccess(perm.AccessModeWrite)(ctx)

  491. 					if ctx.Written() {

  492. 						return

  493. 					}

  494. 					container.DeleteBlob(ctx)

  495. 				}

  496. 				return

  497. 			}

  498. 			m = manifestsPattern.FindStringSubmatch(path)

  499. 			if len(m) == 3 && (isHead || isGet || isPut || isDelete) {

  500. 				ctx.SetParams("image", m[1])

  501. 				container.VerifyImageName(ctx)

  502. 				if ctx.Written() {

  503. 					return

  504. 				}

  505. 

  506. 				ctx.SetParams("reference", m[2])

  507. 

  508. 				if isHead {

  509. 					container.HeadManifest(ctx)

  510. 				} else if isGet {

  511. 					container.GetManifest(ctx)

  512. 				} else {

  513. 					reqPackageAccess(perm.AccessModeWrite)(ctx)

  514. 					if ctx.Written() {

  515. 						return

  516. 					}

  517. 					if isPut {

  518. 						container.UploadManifest(ctx)

  519. 					} else {

  520. 						container.DeleteManifest(ctx)

  521. 					}

  522. 				}

  523. 				return

  524. 			}

  525. 

  526. 			ctx.Status(http.StatusNotFound)

  527. 		})

  528. 	}, container.ReqContainerAccess, context_service.UserAssignmentWeb(), context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))

  529. 

  530. 	return r

  531. }