-
-
Notifications
You must be signed in to change notification settings - Fork 475
feat: add package version delete api #1533
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,6 +16,7 @@ | |
use App\Entity\SecurityAdvisory; | ||
use App\Entity\User; | ||
use App\Entity\Vendor; | ||
use App\Entity\Version; | ||
use App\Model\DownloadManager; | ||
use App\Model\ProviderManager; | ||
use App\Model\VersionIdCache; | ||
|
@@ -24,6 +25,7 @@ | |
use App\Service\Scheduler; | ||
use App\Util\UserAgentParser; | ||
use Composer\Pcre\Preg; | ||
use Symfony\Bridge\Doctrine\Attribute\MapEntity; | ||
use Symfony\Component\HttpFoundation\BinaryFileResponse; | ||
use Symfony\Component\HttpFoundation\JsonResponse; | ||
use Symfony\Component\HttpFoundation\Request; | ||
|
@@ -183,14 +185,14 @@ public function updatePackageAction(Request $request, string $githubWebhookSecre | |
} | ||
|
||
#[Route(path: '/api/packages/{package}', name: 'api_edit_package', requirements: ['package' => '[A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+?'], defaults: ['_format' => 'json'], methods: ['PUT'])] | ||
public function editPackageAction(Request $request, Package $package, ValidatorInterface $validator, StatsDClient $statsd): JsonResponse | ||
public function editPackageAction(Request $request, #[MapEntity(mapping: ['package' => 'name'])] Package $package, ValidatorInterface $validator, StatsDClient $statsd): JsonResponse | ||
{ | ||
$user = $this->findUser($request); | ||
if (!$user) { | ||
return new JsonResponse(['status' => 'error', 'message' => 'Missing or invalid username/apiToken in request'], 406); | ||
} | ||
if (!$package->getMaintainers()->contains($user)) { | ||
throw new AccessDeniedException; | ||
return new JsonResponse(['status' => 'error', 'message' => 'You are not allowed to edit this package'], 403); | ||
} | ||
|
||
$statsd->increment('edit_package_api'); | ||
|
@@ -225,6 +227,35 @@ public function editPackageAction(Request $request, Package $package, ValidatorI | |
return new JsonResponse(['status' => 'success'], 200); | ||
} | ||
|
||
#[Route(path: '/api/packages/{package}/delete-version/{version}', name: 'api_delete_package_version', requirements: ['package' => '[A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+?'], defaults: ['_format' => 'json'], methods: ['POST'])] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think should should be a path |
||
public function deletePackageVersionAction(Request $request, #[MapEntity(mapping: ['package' => 'name'])] Package $package, string $version, StatsDClient $statsd): JsonResponse | ||
{ | ||
$user = $this->findUser($request); | ||
if (!$user) { | ||
return new JsonResponse(['status' => 'error', 'message' => 'Missing or invalid username/apiToken in request'], 406); | ||
} | ||
if (!$package->getMaintainers()->contains($user)) { | ||
return new JsonResponse(['status' => 'error', 'message' => 'You are not allowed to delete this package version'], 403); | ||
} | ||
|
||
$statsd->increment('delete_package_version_api'); | ||
|
||
$packageVersion = $package->getVersions()->findFirst(static function (int $index, Version $innerVersion) use ($version) { | ||
return $innerVersion->getVersion() === $version; | ||
}); | ||
|
||
if (!$packageVersion) { | ||
return new JsonResponse(['status' => 'error', 'message' => 'Version not found'], 404); | ||
} | ||
|
||
$repo = $this->getEM()->getRepository(Version::class); | ||
$repo->remove($packageVersion); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this should be wrapped in |
||
$this->getEM()->flush(); | ||
$this->getEM()->clear(); | ||
|
||
return new JsonResponse(['status' => 'success'], 200); | ||
} | ||
|
||
#[Route(path: '/jobs/{id}', name: 'get_job', requirements: ['id' => '[a-f0-9]+'], defaults: ['_format' => 'json'], methods: ['GET'])] | ||
public function getJobAction(string $id, StatsDClient $statsd): JsonResponse | ||
{ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -523,16 +523,35 @@ PUT https://{{ packagist_host }}/api/packages/[package name]?username=[username] | |
<p>This endpoint is considered SAFE and allows either your main or safe <a href="{{ path('my_profile') }}">API token</a> to be used.</p> | ||
|
||
<pre> | ||
POST https://{{ packagist_host }}/api/update-package?username=[username]&apiToken=[apiToken] {"repository":"[url]"} | ||
PUT https://{{ packagist_host }}/api/update-package?username=[username]&apiToken=[apiToken] {"repository":"[url]"} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is wrong. This endpoints receiving a webhook to trigger an update of the method of this package expects the |
||
<code> | ||
{ | ||
"status": "success", | ||
"jobs": ["job-id", ".."] | ||
} | ||
</code></pre> | ||
<p>Working examples:<br/> | ||
<code>curl -X POST -H'Content-Type:application/json' 'https://{{ packagist_host }}/api/update-package?username={{ app.user.username|default('USERNAME') }}&apiToken=********' -d '{"repository":"https://github.com/Seldaek/monolog"}'</code><br/> | ||
<code>curl -X POST -H'Content-Type:application/json' 'https://{{ packagist_host }}/api/update-package?username={{ app.user.username|default('USERNAME') }}&apiToken=********' -d '{"repository":"https://packagist.org/monolog/monolog"}'</code> | ||
<code>curl -X PUT -H'Content-Type:application/json' 'https://{{ packagist_host }}/api/update-package?username={{ app.user.username|default('USERNAME') }}&apiToken=********' -d '{"repository":"https://github.com/Seldaek/monolog"}'</code><br/> | ||
<code>curl -X PUT -H'Content-Type:application/json' 'https://{{ packagist_host }}/api/update-package?username={{ app.user.username|default('USERNAME') }}&apiToken=********' -d '{"repository":"https://packagist.org/monolog/monolog"}'</code> | ||
</p> | ||
|
||
</section> | ||
|
||
<section class="col-d-12"> | ||
<h3 id="delete-package-version">Delete a package version</h3> | ||
|
||
<p>This endpoint deletes a package version by package name and version. Parameters <code>username</code> and <code>apiToken</code> are required. Only the <code>POST</code> method is allowed. The <code>content-type: application/json</code> header is required.</p> | ||
<p>This endpoint is considered SAFE and allows either your main or safe <a href="{{ path('my_profile') }}">API token</a> to be used.</p> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. should this be considered safe ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No definitely not. |
||
|
||
<pre> | ||
POST https://{{ packagist_host }}/api/packages/[package name]/delete-version/[version]?username=[username]&apiToken=[apiToken] | ||
<code> | ||
{ | ||
"status": "success" | ||
} | ||
</code></pre> | ||
<p>Working examples:<br/> | ||
<code>curl -X POST 'https://{{ packagist_host }}/api/packages/monolog/monolog/delete-version/1.0.0?username={{ app.user.username|default('USERNAME') }}&apiToken=********'</code><br/> | ||
</p> | ||
|
||
</section> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks like a different change than adding a new API endpoint.