初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,285 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package composer
+
+import (
+	"archive/tar"
+	"archive/zip"
+	"compress/bzip2"
+	"compress/gzip"
+	"errors"
+	"io"
+	"io/fs"
+	"path"
+	"regexp"
+	"strings"
+
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/util"
+	"gitea.dev/modules/validation"
+
+	"github.com/hashicorp/go-version"
+)
+
+// TypeProperty is the name of the property for Composer package types
+const TypeProperty = "composer.type"
+
+var (
+	// ErrMissingComposerFile indicates a missing composer.json file
+	ErrMissingComposerFile = util.NewInvalidArgumentErrorf("composer.json file is missing")
+	// ErrInvalidName indicates an invalid package name
+	ErrInvalidName = util.NewInvalidArgumentErrorf("package name is invalid")
+	// ErrInvalidVersion indicates an invalid package version
+	ErrInvalidVersion = util.NewInvalidArgumentErrorf("package version is invalid")
+)
+
+// PackageInfo represents Composer package info
+type PackageInfo struct {
+	Filename string
+
+	Name     string
+	Version  string
+	Type     string
+	Metadata *Metadata
+}
+
+// https://getcomposer.org/doc/04-schema.md
+
+// Metadata represents the metadata of a Composer package
+type Metadata struct {
+	Description string            `json:"description,omitempty"`
+	Readme      string            `json:"readme,omitempty"`
+	Keywords    []string          `json:"keywords,omitempty"`
+	Comments    Comments          `json:"_comment,omitempty"`
+	Homepage    string            `json:"homepage,omitempty"`
+	License     Licenses          `json:"license,omitempty"`
+	Authors     []Author          `json:"authors,omitempty"`
+	Bin         []string          `json:"bin,omitempty"`
+	Autoload    map[string]any    `json:"autoload,omitempty"`
+	AutoloadDev map[string]any    `json:"autoload-dev,omitempty"`
+	Extra       map[string]any    `json:"extra,omitempty"`
+	Require     map[string]string `json:"require,omitempty"`
+	RequireDev  map[string]string `json:"require-dev,omitempty"`
+	Suggest     map[string]string `json:"suggest,omitempty"`
+	Provide     map[string]string `json:"provide,omitempty"`
+}
+
+// Licenses represents the licenses of a Composer package
+type Licenses []string
+
+// UnmarshalJSON reads from a string or array
+func (l *Licenses) UnmarshalJSON(data []byte) error {
+	switch data[0] {
+	case '"':
+		var value string
+		if err := json.Unmarshal(data, &value); err != nil {
+			return err
+		}
+		*l = Licenses{value}
+	case '[':
+		values := make([]string, 0, 5)
+		if err := json.Unmarshal(data, &values); err != nil {
+			return err
+		}
+		*l = values
+	}
+	return nil
+}
+
+// Comments represents the comments of a Composer package
+type Comments []string
+
+// UnmarshalJSON reads from a string or array
+func (c *Comments) UnmarshalJSON(data []byte) error {
+	switch data[0] {
+	case '"':
+		var value string
+		if err := json.Unmarshal(data, &value); err != nil {
+			return err
+		}
+		*c = Comments{value}
+	case '[':
+		values := make([]string, 0, 5)
+		if err := json.Unmarshal(data, &values); err != nil {
+			return err
+		}
+		*c = values
+	}
+	return nil
+}
+
+// Author represents an author
+type Author struct {
+	Name     string `json:"name,omitempty"`
+	Email    string `json:"email,omitempty"`
+	Homepage string `json:"homepage,omitempty"`
+}
+
+var nameMatch = regexp.MustCompile(`\A[a-z0-9]([_\.-]?[a-z0-9]+)*/[a-z0-9](([_\.]?|-{0,2})[a-z0-9]+)*\z`)
+
+type ReadSeekAt interface {
+	io.Reader
+	io.ReaderAt
+	io.Seeker
+	Size() int64
+}
+
+func readPackageFileZip(r ReadSeekAt, filename string, limit int) ([]byte, error) {
+	archive, err := zip.NewReader(r, r.Size())
+	if err != nil {
+		return nil, err
+	}
+
+	for _, file := range archive.File {
+		filePath := path.Clean(file.Name)
+		if util.AsciiEqualFold(filePath, filename) {
+			f, err := archive.Open(file.Name)
+			if err != nil {
+				return nil, err
+			}
+			defer f.Close()
+
+			return util.ReadWithLimit(f, limit)
+		}
+	}
+	return nil, fs.ErrNotExist
+}
+
+func readPackageFileTar(r io.Reader, filename string, limit int) ([]byte, error) {
+	tarReader := tar.NewReader(r)
+	for {
+		header, err := tarReader.Next()
+		if err == io.EOF {
+			break
+		} else if err != nil {
+			return nil, err
+		}
+
+		filePath := path.Clean(header.Name)
+		if util.AsciiEqualFold(filePath, filename) {
+			return util.ReadWithLimit(tarReader, limit)
+		}
+	}
+	return nil, fs.ErrNotExist
+}
+
+const (
+	pkgExtZip    = ".zip"
+	pkgExtTarGz  = ".tar.gz"
+	pkgExtTarBz2 = ".tar.bz2"
+)
+
+func detectPackageExtName(r ReadSeekAt) (string, error) {
+	headBytes := make([]byte, 4)
+	_, err := r.ReadAt(headBytes, 0)
+	if err != nil {
+		return "", err
+	}
+	_, err = r.Seek(0, io.SeekStart)
+	if err != nil {
+		return "", err
+	}
+	switch {
+	case headBytes[0] == 'P' && headBytes[1] == 'K':
+		return pkgExtZip, nil
+	case string(headBytes[:3]) == "BZh":
+		return pkgExtTarBz2, nil
+	case headBytes[0] == 0x1f && headBytes[1] == 0x8b:
+		return pkgExtTarGz, nil
+	}
+	return "", util.NewInvalidArgumentErrorf("not a valid package file")
+}
+
+func readPackageFile(pkgExt string, r ReadSeekAt, filename string, limit int) ([]byte, error) {
+	_, err := r.Seek(0, io.SeekStart)
+	if err != nil {
+		return nil, err
+	}
+
+	switch pkgExt {
+	case pkgExtZip:
+		return readPackageFileZip(r, filename, limit)
+	case pkgExtTarBz2:
+		bzip2Reader := bzip2.NewReader(r)
+		return readPackageFileTar(bzip2Reader, filename, limit)
+	case pkgExtTarGz:
+		gzReader, err := gzip.NewReader(r)
+		if err != nil {
+			return nil, err
+		}
+		return readPackageFileTar(gzReader, filename, limit)
+	}
+	return nil, util.NewInvalidArgumentErrorf("not a valid package file")
+}
+
+// ParsePackage parses the metadata of a Composer package file
+func ParsePackage(r ReadSeekAt, optVersion ...string) (*PackageInfo, error) {
+	pkgExt, err := detectPackageExtName(r)
+	if err != nil {
+		return nil, err
+	}
+	dataComposerJSON, err := readPackageFile(pkgExt, r, "composer.json", 10*1024*1024)
+	if errors.Is(err, fs.ErrNotExist) {
+		return nil, ErrMissingComposerFile
+	} else if err != nil {
+		return nil, err
+	}
+
+	var cj struct {
+		Name    string `json:"name"`
+		Version string `json:"version"`
+		Type    string `json:"type"`
+		Metadata
+	}
+	if err := json.Unmarshal(dataComposerJSON, &cj); err != nil {
+		return nil, err
+	}
+
+	if !nameMatch.MatchString(cj.Name) {
+		return nil, ErrInvalidName
+	}
+
+	if cj.Version == "" {
+		cj.Version = util.OptionalArg(optVersion)
+	}
+	if cj.Version != "" {
+		if _, err := version.NewSemver(cj.Version); err != nil {
+			return nil, ErrInvalidVersion
+		}
+	}
+
+	if !validation.IsValidURL(cj.Homepage) {
+		cj.Homepage = ""
+	}
+
+	if cj.Type == "" {
+		cj.Type = "library"
+	}
+
+	if cj.Readme == "" {
+		cj.Readme = "README.md"
+	}
+	dataReadmeMd, _ := readPackageFile(pkgExt, r, cj.Readme, 10*1024)
+
+	// FIXME: legacy problem, the "Readme" field is abused, it should always be the path to the readme file
+	if len(dataReadmeMd) == 0 {
+		cj.Readme = ""
+	} else {
+		cj.Readme = string(dataReadmeMd)
+	}
+
+	// FIXME: legacy format: strings.ToLower(fmt.Sprintf("%s.%s.zip", strings.ReplaceAll(cp.Name, "/", "-"), cp.Version)), doesn't read good
+	pkgFilename := strings.ReplaceAll(cj.Name, "/", "-")
+	if cj.Version != "" {
+		pkgFilename += "." + cj.Version
+	}
+	pkgFilename += pkgExt
+	return &PackageInfo{
+		Filename: pkgFilename,
+		Name:     cj.Name,
+		Version:  cj.Version,
+		Type:     cj.Type,
+		Metadata: &cj.Metadata,
+	}, nil
+}
@@ -0,0 +1,198 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package composer
+
+import (
+	"archive/tar"
+	"archive/zip"
+	"bytes"
+	"compress/gzip"
+	"io"
+	"strings"
+	"testing"
+
+	"gitea.dev/modules/json"
+
+	"github.com/dsnet/compress/bzip2"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	name        = "gitea/composer-package"
+	description = "Package Description"
+	readme      = "Package Readme"
+	comments    = "Package Comment"
+	packageType = "composer-plugin"
+	author      = "Gitea Authors"
+	email       = "no.reply@gitea.io"
+	homepage    = "https://gitea.io"
+	license     = "MIT"
+)
+
+func buildComposerContent(version string) string {
+	return `{
+    "name": "` + name + `",
+		"version": "` + version + `",
+    "description": "` + description + `",
+    "type": "` + packageType + `",
+    "license": "` + license + `",
+    "authors": [
+        {
+            "name": "` + author + `",
+            "email": "` + email + `"
+        }
+    ],
+    "homepage": "` + homepage + `",
+    "autoload": {
+        "psr-4": {"Gitea\\ComposerPackage\\": "src/"}
+    },
+    "require": {
+        "php": ">=7.2 || ^8.0"
+    },
+    "_comment": "` + comments + `"
+}`
+}
+
+func TestLicenseUnmarshal(t *testing.T) {
+	var l Licenses
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`["MIT"]`)).Decode(&l))
+	assert.Len(t, l, 1)
+	assert.Equal(t, "MIT", l[0])
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`"MIT"`)).Decode(&l))
+	assert.Len(t, l, 1)
+	assert.Equal(t, "MIT", l[0])
+}
+
+func TestCommentsUnmarshal(t *testing.T) {
+	var c Comments
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`["comment"]`)).Decode(&c))
+	assert.Len(t, c, 1)
+	assert.Equal(t, "comment", c[0])
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`"comment"`)).Decode(&c))
+	assert.Len(t, c, 1)
+	assert.Equal(t, "comment", c[0])
+}
+
+func TestParsePackage(t *testing.T) {
+	createArchive := func(files map[string]string) []byte {
+		var buf bytes.Buffer
+		archive := zip.NewWriter(&buf)
+		for name, content := range files {
+			w, _ := archive.Create(name)
+			_, _ = w.Write([]byte(content))
+		}
+		_ = archive.Close()
+		return buf.Bytes()
+	}
+
+	createArchiveTar := func(comp func(io.Writer) io.WriteCloser, files map[string]string) []byte {
+		var buf bytes.Buffer
+		w := comp(&buf)
+		archive := tar.NewWriter(w)
+		for name, content := range files {
+			hdr := &tar.Header{
+				Name: name,
+				Mode: 0o600,
+				Size: int64(len(content)),
+			}
+			_ = archive.WriteHeader(hdr)
+			_, _ = archive.Write([]byte(content))
+		}
+		_ = w.Close()
+		_ = archive.Close()
+		return buf.Bytes()
+	}
+
+	t.Run("MissingComposerFile", func(t *testing.T) {
+		data := createArchive(map[string]string{"dummy.txt": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrMissingComposerFile)
+	})
+
+	t.Run("MissingComposerFileInRoot", func(t *testing.T) {
+		data := createArchive(map[string]string{"sub/sub/composer.json": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrMissingComposerFile)
+	})
+
+	t.Run("InvalidComposerFile", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.Nil(t, cp)
+		assert.Error(t, err)
+	})
+
+	t.Run("InvalidPackageName", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": "{}"})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrInvalidName)
+	})
+
+	t.Run("InvalidPackageVersion", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": `{"name": "gitea/composer-package", "version": "1.a.3"}`})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrInvalidVersion)
+	})
+
+	t.Run("InvalidReadmePath", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": `{"name": "gitea/composer-package", "readme": "sub/README.md"}`})
+
+		cp, err := ParsePackage(bytes.NewReader(data))
+		assert.NoError(t, err)
+		assert.NotNil(t, cp)
+
+		assert.Empty(t, cp.Metadata.Readme)
+	})
+
+	assertValidPackage := func(t *testing.T, data []byte, version, filename string) {
+		cp, err := ParsePackage(bytes.NewReader(data))
+		require.NoError(t, err)
+		assert.NotNil(t, cp)
+
+		assert.Equal(t, filename, cp.Filename)
+		assert.Equal(t, name, cp.Name)
+		assert.Equal(t, version, cp.Version)
+		assert.Equal(t, description, cp.Metadata.Description)
+		assert.Equal(t, readme, cp.Metadata.Readme)
+		assert.Len(t, cp.Metadata.Comments, 1)
+		assert.Equal(t, comments, cp.Metadata.Comments[0])
+		assert.Len(t, cp.Metadata.Authors, 1)
+		assert.Equal(t, author, cp.Metadata.Authors[0].Name)
+		assert.Equal(t, email, cp.Metadata.Authors[0].Email)
+		assert.Equal(t, homepage, cp.Metadata.Homepage)
+		assert.Equal(t, packageType, cp.Type)
+		assert.Len(t, cp.Metadata.License, 1)
+		assert.Equal(t, license, cp.Metadata.License[0])
+	}
+
+	t.Run("ValidZip", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": buildComposerContent(""), "README.md": readme})
+		assertValidPackage(t, data, "", "gitea-composer-package.zip")
+	})
+
+	t.Run("ValidTarBz2", func(t *testing.T) {
+		data := createArchiveTar(func(w io.Writer) io.WriteCloser {
+			bz2Writer, _ := bzip2.NewWriter(w, nil)
+			return bz2Writer
+		}, map[string]string{"composer.json": buildComposerContent("1.0"), "README.md": readme})
+		assertValidPackage(t, data, "1.0", "gitea-composer-package.1.0.tar.bz2")
+	})
+
+	t.Run("ValidTarGz", func(t *testing.T) {
+		data := createArchiveTar(func(w io.Writer) io.WriteCloser {
+			return gzip.NewWriter(w)
+		}, map[string]string{"composer.json": buildComposerContent(""), "README.md": readme})
+		assertValidPackage(t, data, "", "gitea-composer-package.tar.gz")
+	})
+}