-
Notifications
You must be signed in to change notification settings - Fork 18
/
blobhandler.go
171 lines (152 loc) · 4.5 KB
/
blobhandler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
package npm
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/npm"
"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi"
"github.com/open-component-model/ocm/pkg/logging"
"github.com/open-component-model/ocm/pkg/mime"
npmLogin "github.com/open-component-model/ocm/pkg/npm"
)
const BLOB_HANDLER_NAME = "ocm/npmPackage"
type artifactHandler struct {
spec *Config
}
func NewArtifactHandler(repospec *Config) cpi.BlobHandler {
return &artifactHandler{repospec}
}
func (b *artifactHandler) StoreBlob(blob cpi.BlobAccess, _ string, _ string, _ cpi.AccessSpec, ctx cpi.StorageContext) (cpi.AccessSpec, error) {
if b.spec == nil {
return nil, nil
}
mimeType := blob.MimeType()
if mime.MIME_TGZ != mimeType && mime.MIME_TGZ_ALT != mimeType {
return nil, nil
}
if b.spec.Url == "" {
return nil, fmt.Errorf("NPM registry url not provided")
}
blobReader, err := blob.Reader()
if err != nil {
return nil, err
}
defer blobReader.Close()
data, err := io.ReadAll(blobReader)
if err != nil {
return nil, err
}
// read package.json from tarball to get name, version, etc.
log := logging.Context().Logger(npmLogin.REALM)
log.Debug("reading package.json from tarball")
var pkg *Package
pkg, err = prepare(data)
if err != nil {
return nil, err
}
tbName := pkg.Name + "-" + pkg.Version + ".tgz"
pkg.Dist.Tarball = b.spec.Url + pkg.Name + "/-/" + tbName
log = log.WithValues("package", pkg.Name, "version", pkg.Version)
log.Debug("identified")
token, err := npmLogin.BearerToken(ctx.GetContext(), b.spec.Url, pkg.Name)
if err != nil {
// we assume, it's not possible to publish anonymous - without token
return nil, err
}
// check if package exists
exists, err := packageExists(b.spec.Url, *pkg, token)
if err != nil {
return nil, err
}
if exists {
log.Debug("package+version already exists, skipping upload")
return npm.New(b.spec.Url, pkg.Name, pkg.Version), nil
}
// prepare body for upload
body := Body{
ID: pkg.Name,
Name: pkg.Name,
Description: pkg.Description,
}
body.Versions = map[string]*Package{
pkg.Version: pkg,
}
body.DistTags.Latest = pkg.Version
body.Readme = pkg.Readme
body.Attachments = map[string]*Attachment{
tbName: NewAttachment(data),
}
marshal, err := json.Marshal(body)
if err != nil {
return nil, err
}
// prepare PUT request
req, err := http.NewRequestWithContext(context.Background(), http.MethodPut, b.spec.Url+"/"+url.PathEscape(pkg.Name), bytes.NewReader(marshal))
if err != nil {
return nil, err
}
req.Header.Set("authorization", "Bearer "+token)
req.Header.Set("content-type", "application/json")
// send PUT request - upload tgz
client := http.Client{}
log.Debug("uploading")
resp, err := client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusCreated {
all, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
return nil, fmt.Errorf("http (%d) - failed to upload package: %s", resp.StatusCode, string(all))
}
log.Debug("successfully uploaded")
return npm.New(b.spec.Url, pkg.Name, pkg.Version), nil
}
// Check if package already exists in npm registry. If it does, checks if it's the same.
func packageExists(repoUrl string, pkg Package, token string) (bool, error) {
client := http.Client{}
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, repoUrl+"/"+url.PathEscape(pkg.Name)+"/"+url.PathEscape(pkg.Version), nil)
if err != nil {
return false, err
}
req.Header.Set("authorization", "Bearer "+token)
resp, err := client.Do(req)
if err != nil {
return false, err
}
defer resp.Body.Close()
if resp.StatusCode == http.StatusNotFound {
// artifact doesn't exist, it's safe to upload
return false, nil
}
// artifact exists, let's check if it's the same
all, err := io.ReadAll(resp.Body)
if err != nil {
return false, err
}
if resp.StatusCode != http.StatusOK {
return false, fmt.Errorf("http (%d) - %s", resp.StatusCode, string(all))
}
var data map[string]interface{}
err = json.Unmarshal(all, &data)
if err != nil {
return false, err
}
dist := data["dist"].(map[string]interface{})
if pkg.Dist.Integrity == dist["integrity"] {
// sha-512 sum is the same, we can skip the upload
return true, nil
}
if pkg.Dist.Shasum == dist["shasum"] {
// sha-1 sum is the same, we can skip the upload
return true, nil
}
return false, fmt.Errorf("artifact already exists but has different shasum or integrity")
}