From a6a736ec78ca08d6e387c80a4f12e97c270b099c Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Mon, 8 Aug 2022 21:16:24 +0000 Subject: [PATCH 1/3] Add support for NuGet API key. --- docs/content/doc/packages/nuget.en-us.md | 2 ++ integrations/api_packages_nuget_test.go | 11 ++++++ routers/api/packages/api.go | 1 + routers/api/packages/nuget/auth.go | 45 ++++++++++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 routers/api/packages/nuget/auth.go diff --git a/docs/content/doc/packages/nuget.en-us.md b/docs/content/doc/packages/nuget.en-us.md index a4435fa99f01a..6c8aaa70af1d3 100644 --- a/docs/content/doc/packages/nuget.en-us.md +++ b/docs/content/doc/packages/nuget.en-us.md @@ -47,6 +47,8 @@ For example: dotnet nuget add source --name gitea --username testuser --password password123 https://gitea.example.com/api/packages/testuser/nuget/index.json ``` +You can add the source without credentials and use the [`--api-key`](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-push) parameter when publishing packages. In this case you need to provide a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). + ## Publish a package Publish a package by running the following command: diff --git a/integrations/api_packages_nuget_test.go b/integrations/api_packages_nuget_test.go index 346f391f82fcc..a1d53d234f7f9 100644 --- a/integrations/api_packages_nuget_test.go +++ b/integrations/api_packages_nuget_test.go @@ -24,9 +24,16 @@ import ( "github.com/stretchr/testify/assert" ) +func addNuGetApiKeyHeader(request *http.Request, token string) *http.Request { + request.Header.Set("X-Nuget-Apikey", token) + return request +} + func TestPackageNuGet(t *testing.T) { defer prepareTestEnv(t)() + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User) + token := getUserToken(t, user.Name) packageName := "test.package" packageVersion := "1.0.3" @@ -60,6 +67,10 @@ func TestPackageNuGet(t *testing.T) { req := NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url)) req = AddBasicAuthHeader(req, user.Name) + MakeRequest(t, req, http.StatusOK) + + req = NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url)) + req = addNuGetApiKeyHeader(req, token) resp := MakeRequest(t, req, http.StatusOK) var result nuget.ServiceIndexResponse diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go index 4b274860dcdff..cecc49363abbc 100644 --- a/routers/api/packages/api.go +++ b/routers/api/packages/api.go @@ -46,6 +46,7 @@ func Routes() *web.Route { authMethods := []auth.Method{ &auth.OAuth2{}, &auth.Basic{}, + &nuget.Auth{}, &conan.Auth{}, } if setting.Service.EnableReverseProxyAuth { diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go new file mode 100644 index 0000000000000..bc78d55b53d17 --- /dev/null +++ b/routers/api/packages/nuget/auth.go @@ -0,0 +1,45 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package nuget + +import ( + "net/http" + + "code.gitea.io/gitea/models" + user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/timeutil" + "code.gitea.io/gitea/services/auth" +) + +type Auth struct{} + +func (a *Auth) Name() string { + return "nuget" +} + +// https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters +func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) *user_model.User { + token, err := models.GetAccessTokenBySHA(req.Header.Get("X-Nuget-Apikey")) + if err != nil { + if !(models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err)) { + log.Error("GetAccessTokenBySHA: %v", err) + } + return nil + } + + u, err := user_model.GetUserByID(token.UID) + if err != nil { + log.Error("GetUserByID: %v", err) + return nil + } + + token.UpdatedUnix = timeutil.TimeStampNow() + if err := models.UpdateAccessToken(token); err != nil { + log.Error("UpdateAccessToken: %v", err) + } + + return u +} From 344c1e5dd4eadf747f10ae8a45e4c0691507551c Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Tue, 9 Aug 2022 06:07:25 +0000 Subject: [PATCH 2/3] lint --- integrations/api_packages_nuget_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/api_packages_nuget_test.go b/integrations/api_packages_nuget_test.go index a1d53d234f7f9..c4e41c068650d 100644 --- a/integrations/api_packages_nuget_test.go +++ b/integrations/api_packages_nuget_test.go @@ -24,7 +24,7 @@ import ( "github.com/stretchr/testify/assert" ) -func addNuGetApiKeyHeader(request *http.Request, token string) *http.Request { +func addNuGetAPIKeyHeader(request *http.Request, token string) *http.Request { request.Header.Set("X-Nuget-Apikey", token) return request } @@ -70,7 +70,7 @@ func TestPackageNuGet(t *testing.T) { MakeRequest(t, req, http.StatusOK) req = NewRequest(t, "GET", fmt.Sprintf("%s/index.json", url)) - req = addNuGetApiKeyHeader(req, token) + req = addNuGetAPIKeyHeader(req, token) resp := MakeRequest(t, req, http.StatusOK) var result nuget.ServiceIndexResponse From 71648a6a64e4c6fbdf4cdde6372352393f60f056 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Tue, 9 Aug 2022 12:21:56 +0200 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: delvh --- integrations/api_packages_nuget_test.go | 2 +- routers/api/packages/nuget/auth.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/api_packages_nuget_test.go b/integrations/api_packages_nuget_test.go index c4e41c068650d..06eb485541efa 100644 --- a/integrations/api_packages_nuget_test.go +++ b/integrations/api_packages_nuget_test.go @@ -25,7 +25,7 @@ import ( ) func addNuGetAPIKeyHeader(request *http.Request, token string) *http.Request { - request.Header.Set("X-Nuget-Apikey", token) + request.Header.Set("X-NuGet-ApiKey", token) return request } diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go index bc78d55b53d17..26a5b9018931b 100644 --- a/routers/api/packages/nuget/auth.go +++ b/routers/api/packages/nuget/auth.go @@ -22,7 +22,7 @@ func (a *Auth) Name() string { // https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) *user_model.User { - token, err := models.GetAccessTokenBySHA(req.Header.Get("X-Nuget-Apikey")) + token, err := models.GetAccessTokenBySHA(req.Header.Get("X-NuGet-ApiKey")) if err != nil { if !(models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err)) { log.Error("GetAccessTokenBySHA: %v", err)