Merge remote-tracking branch 'upstream/main'

* upstream/main:
  Fix typo (go-gitea#20993)
  fix broken insecureskipverify handling in rediss connection uris (go-gitea#20967)
  Redirect if user does not exist (go-gitea#20981)
  fix hard-coded timeout and error panic in API archive download endpoint (go-gitea#20925)
  Add support for Vagrant packages (go-gitea#20930)

cmd/migrate_storage.go

@@ -112,11 +112,8 @@ func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) e
 
 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
-		p, err := archiver.RelativePath()
-		if err != nil {
-			return err
-		}
-		_, err = storage.Copy(dstStorage, p, storage.RepoArchives, p)
+		p := archiver.RelativePath()
+		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
 	})
 }

docs/content/doc/packages/overview.en-us.md

@@ -37,6 +37,7 @@ The following package managers are currently supported:
 | [Pub]({{< relref "doc/packages/pub.en-us.md" >}}) | Dart | `dart`, `flutter` |
 | [PyPI]({{< relref "doc/packages/pypi.en-us.md" >}}) | Python | `pip`, `twine` |
 | [RubyGems]({{< relref "doc/packages/rubygems.en-us.md" >}}) | Ruby | `gem`, `Bundler` |
+| [Vagrant]({{< relref "doc/packages/vagrant.en-us.md" >}}) | - | `vagrant` |
 
 **The following paragraphs only apply if Packages are not globally disabled!**
 

docs/content/doc/packages/vagrant.en-us.md

@@ -0,0 +1,78 @@
+---
+date: "2022-08-23T00:00:00+00:00"
+title: "Vagrant Packages Repository"
+slug: "packages/vagrant"
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "packages"
+    name: "vagrant"
+    weight: 120
+    identifier: "vagrant"
+---
+
+# Vagrant Packages Repository
+
+Publish [Vagrant](https://www.vagrantup.com/) packages for your user or organization.
+
+**Table of Contents**
+
+{{< toc >}}
+
+## Requirements
+
+To work with the Vagrant package registry, you need [Vagrant](https://www.vagrantup.com/downloads) and a tool to make HTTP requests like `curl`.
+
+## Publish a package
+
+Publish a Vagrant box by performing a HTTP PUT request to the registry:
+
+```
+PUT https://gitea.example.com/api/packages/{owner}/vagrant/{package_name}/{package_version}/{provider}.box
+```
+
+| Parameter         | Description |
+| ----------------- | ----------- |
+| `owner`           | The owner of the package. |
+| `package_name`    | The package name. |
+| `package_version` | The package version, semver compatible. |
+| `provider`        | One of the [supported provider names](https://www.vagrantup.com/docs/providers). |
+
+Example for uploading a Hyper-V box:
+
+```shell
+curl --user your_username:your_password_or_token \
+     --upload-file path/to/your/vagrant.box \
+     https://gitea.example.com/api/packages/testuser/vagrant/test_system/1.0.0/hyperv.box
+```
+
+You cannot publish a box if a box of the same name, version and provider already exists. You must delete the existing package first.
+
+## Install a package
+
+To install a box from the package registry, execute the following command:
+
+```shell
+vagrant box add "https://gitea.example.com/api/packages/{owner}/vagrant/{package_name}"
+```
+
+| Parameter      | Description |
+| -------------- | ----------- |
+| `owner`        | The owner of the package. |
+| `package_name` | The package name. |
+
+For example:
+
+```shell
+vagrant box add "https://gitea.example.com/api/packages/testuser/vagrant/test_system"
+```
+
+This will install the latest version of the package. To add a specific version, use the `--box-version` parameter.
+If the registry is private you can pass your [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) in the `VAGRANT_CLOUD_TOKEN` environment variable.
+
+## Supported commands
+
+```
+vagrant box add
+```

docs/content/doc/usage/https-support.md

@@ -72,7 +72,7 @@ ACME_DIRECTORY=https
 ACME_EMAIL=email@example.com
 ```
 
-Minimumg setup using a [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.
+Minimum setup using a [smallstep CA](https://github.com/smallstep/certificates), refer to [their tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more information.
 
 ```ini
 [server]

integrations/api_packages_vagrant_test.go

@@ -0,0 +1,170 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/json"
+	vagrant_module "code.gitea.io/gitea/modules/packages/vagrant"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPackageVagrant(t *testing.T) {
+	defer prepareTestEnv(t)()
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	token := "Bearer " + getUserToken(t, user.Name)
+
+	packageName := "test_package"
+	packageVersion := "1.0.1"
+	packageDescription := "Test Description"
+	packageProvider := "virtualbox"
+
+	filename := fmt.Sprintf("%s.box", packageProvider)
+
+	infoContent, _ := json.Marshal(map[string]string{
+		"description": packageDescription,
+	})
+
+	var buf bytes.Buffer
+	zw := gzip.NewWriter(&buf)
+	archive := tar.NewWriter(zw)
+	archive.WriteHeader(&tar.Header{
+		Name: "info.json",
+		Mode: 0o600,
+		Size: int64(len(infoContent)),
+	})
+	archive.Write(infoContent)
+	archive.Close()
+	zw.Close()
+	content := buf.Bytes()
+
+	root := fmt.Sprintf("/api/packages/%s/vagrant", user.Name)
+
+	t.Run("Authenticate", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		authenticateURL := fmt.Sprintf("%s/authenticate", root)
+
+		req := NewRequest(t, "GET", authenticateURL)
+		MakeRequest(t, req, http.StatusUnauthorized)
+
+		req = NewRequest(t, "GET", authenticateURL)
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusOK)
+	})
+
+	boxURL := fmt.Sprintf("%s/%s", root, packageName)
+
+	t.Run("Upload", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "HEAD", boxURL)
+		MakeRequest(t, req, http.StatusNotFound)
+
+		uploadURL := fmt.Sprintf("%s/%s/%s", boxURL, packageVersion, filename)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		MakeRequest(t, req, http.StatusUnauthorized)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequest(t, "HEAD", boxURL)
+		resp := MakeRequest(t, req, http.StatusOK)
+		assert.True(t, strings.HasPrefix(resp.HeaderMap.Get("Content-Type"), "application/json"))
+
+		pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeVagrant)
+		assert.NoError(t, err)
+		assert.Len(t, pvs, 1)
+
+		pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
+		assert.NoError(t, err)
+		assert.NotNil(t, pd.SemVer)
+		assert.IsType(t, &vagrant_module.Metadata{}, pd.Metadata)
+		assert.Equal(t, packageName, pd.Package.Name)
+		assert.Equal(t, packageVersion, pd.Version.Version)
+
+		pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
+		assert.NoError(t, err)
+		assert.Len(t, pfs, 1)
+		assert.Equal(t, filename, pfs[0].Name)
+		assert.True(t, pfs[0].IsLead)
+
+		pb, err := packages.GetBlobByID(db.DefaultContext, pfs[0].BlobID)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(len(content)), pb.Size)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusConflict)
+	})
+
+	t.Run("Download", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s", boxURL, packageVersion, filename))
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		assert.Equal(t, content, resp.Body.Bytes())
+	})
+
+	t.Run("EnumeratePackageVersions", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", boxURL)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		type providerData struct {
+			Name         string `json:"name"`
+			URL          string `json:"url"`
+			Checksum     string `json:"checksum"`
+			ChecksumType string `json:"checksum_type"`
+		}
+
+		type versionMetadata struct {
+			Version             string          `json:"version"`
+			Status              string          `json:"status"`
+			DescriptionHTML     string          `json:"description_html,omitempty"`
+			DescriptionMarkdown string          `json:"description_markdown,omitempty"`
+			Providers           []*providerData `json:"providers"`
+		}
+
+		type packageMetadata struct {
+			Name             string             `json:"name"`
+			Description      string             `json:"description,omitempty"`
+			ShortDescription string             `json:"short_description,omitempty"`
+			Versions         []*versionMetadata `json:"versions"`
+		}
+
+		var result packageMetadata
+		DecodeJSON(t, resp, &result)
+
+		assert.Equal(t, packageName, result.Name)
+		assert.Equal(t, packageDescription, result.Description)
+		assert.Len(t, result.Versions, 1)
+		version := result.Versions[0]
+		assert.Equal(t, packageVersion, version.Version)
+		assert.Equal(t, "active", version.Status)
+		assert.Len(t, version.Providers, 1)
+		provider := version.Providers[0]
+		assert.Equal(t, packageProvider, provider.Name)
+		assert.Equal(t, "sha512", provider.ChecksumType)
+		assert.Equal(t, "259bebd6160acad695016d22a45812e26f187aaf78e71a4c23ee3201528346293f991af3468a8c6c5d2a21d7d9e1bdc1bf79b87110b2fddfcc5a0d45963c7c30", provider.Checksum)
+	})
+}

models/packages/descriptor.go

@@ -22,6 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/packages/pub"
 	"code.gitea.io/gitea/modules/packages/pypi"
 	"code.gitea.io/gitea/modules/packages/rubygems"
+	"code.gitea.io/gitea/modules/packages/vagrant"
 
 	"github.com/hashicorp/go-version"
 )
@@ -150,6 +151,8 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 		metadata = &pypi.Metadata{}
 	case TypeRubyGems:
 		metadata = &rubygems.Metadata{}
+	case TypeVagrant:
+		metadata = &vagrant.Metadata{}
 	default:
 		panic(fmt.Sprintf("unknown package type: %s", string(p.Type)))
 	}

models/packages/package.go

@@ -42,6 +42,7 @@ const (
 	TypePub       Type = "pub"
 	TypePyPI      Type = "pypi"
 	TypeRubyGems  Type = "rubygems"
+	TypeVagrant   Type = "vagrant"
 )
 
 // Name gets the name of the package type
@@ -69,6 +70,8 @@ func (pt Type) Name() string {
 		return "PyPI"
 	case TypeRubyGems:
 		return "RubyGems"
+	case TypeVagrant:
+		return "Vagrant"
 	}
 	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
 }
@@ -98,6 +101,8 @@ func (pt Type) SVGName() string {
 		return "gitea-python"
 	case TypeRubyGems:
 		return "gitea-rubygems"
+	case TypeVagrant:
+		return "gitea-vagrant"
 	}
 	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
 }

models/repo.go

@@ -218,8 +218,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 
 	archivePaths := make([]string, 0, len(archives))
 	for _, v := range archives {
-		p, _ := v.RelativePath()
-		archivePaths = append(archivePaths, p)
+		archivePaths = append(archivePaths, v.RelativePath())
 	}
 
 	if _, err := db.DeleteByBean(ctx, &repo_model.RepoArchiver{RepoID: repoID}); err != nil {

models/repo/archiver.go

@@ -39,9 +39,9 @@ func init() {
 	db.RegisterModel(new(RepoArchiver))
 }
 
-// RelativePath returns relative path
-func (archiver *RepoArchiver) RelativePath() (string, error) {
-	return fmt.Sprintf("%d/%s/%s.%s", archiver.RepoID, archiver.CommitID[:2], archiver.CommitID, archiver.Type.String()), nil
+// RelativePath returns the archive path relative to the archive storage root.
+func (archiver *RepoArchiver) RelativePath() string {
+	return fmt.Sprintf("%d/%s/%s.%s", archiver.RepoID, archiver.CommitID[:2], archiver.CommitID, archiver.Type.String())
 }
 
 var delRepoArchiver = new(RepoArchiver)

modules/nosql/manager_redis.go

@@ -245,7 +245,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {
 
 	if len(skipverify) > 0 {
 		skipverify, err := strconv.ParseBool(skipverify)
-		if err != nil {
+		if err == nil {
 			tlsConfig.InsecureSkipVerify = skipverify
 		}
 	}
@@ -254,7 +254,7 @@ func getRedisTLSOptions(uri *url.URL) *tls.Config {
 
 	if len(insecureskipverify) > 0 {
 		insecureskipverify, err := strconv.ParseBool(insecureskipverify)
-		if err != nil {
+		if err == nil {
 			tlsConfig.InsecureSkipVerify = insecureskipverify
 		}
 	}

modules/nosql/manager_redis_test.go

@@ -27,6 +27,24 @@ func TestRedisPasswordOpt(t *testing.T) {
 	}
 }
 
+func TestSkipVerifyOpt(t *testing.T) {
+	uri, _ := url.Parse("rediss://myredis/0?skipverify=true")
+	tlsConfig := getRedisTLSOptions(uri)
+
+	if !tlsConfig.InsecureSkipVerify {
+		t.Fail()
+	}
+}
+
+func TestInsecureSkipVerifyOpt(t *testing.T) {
+	uri, _ := url.Parse("rediss://myredis/0?insecureskipverify=true")
+	tlsConfig := getRedisTLSOptions(uri)
+
+	if !tlsConfig.InsecureSkipVerify {
+		t.Fail()
+	}
+}
+
 func TestRedisSentinelUsernameOpt(t *testing.T) {
 	uri, _ := url.Parse("redis+sentinel://redis:password@myredis/0?sentinelusername=suser&sentinelpassword=spass")
 	opts := getRedisOptions(uri).Failover()