gitea source for verification 2026-05-22

2026-05-22 16:44:59 +08:00
commit 7a61cd3abc
5650 changed files with 690128 additions and 0 deletions
--- a/modules/packages/composer/metadata.go
+++ b/modules/packages/composer/metadata.go
@@ -0,0 +1,187 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package composer
+
+import (
+	"archive/zip"
+	"io"
+	"path"
+	"regexp"
+	"strings"
+
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/validation"
+
+	"github.com/hashicorp/go-version"
+)
+
+// TypeProperty is the name of the property for Composer package types
+const TypeProperty = "composer.type"
+
+var (
+	// ErrMissingComposerFile indicates a missing composer.json file
+	ErrMissingComposerFile = util.NewInvalidArgumentErrorf("composer.json file is missing")
+	// ErrInvalidName indicates an invalid package name
+	ErrInvalidName = util.NewInvalidArgumentErrorf("package name is invalid")
+	// ErrInvalidVersion indicates an invalid package version
+	ErrInvalidVersion = util.NewInvalidArgumentErrorf("package version is invalid")
+)
+
+// Package represents a Composer package
+type Package struct {
+	Name     string
+	Version  string
+	Type     string
+	Metadata *Metadata
+}
+
+// https://getcomposer.org/doc/04-schema.md
+
+// Metadata represents the metadata of a Composer package
+type Metadata struct {
+	Description string            `json:"description,omitempty"`
+	Readme      string            `json:"readme,omitempty"`
+	Keywords    []string          `json:"keywords,omitempty"`
+	Comments    Comments          `json:"_comments,omitempty"`
+	Homepage    string            `json:"homepage,omitempty"`
+	License     Licenses          `json:"license,omitempty"`
+	Authors     []Author          `json:"authors,omitempty"`
+	Bin         []string          `json:"bin,omitempty"`
+	Autoload    map[string]any    `json:"autoload,omitempty"`
+	AutoloadDev map[string]any    `json:"autoload-dev,omitempty"`
+	Extra       map[string]any    `json:"extra,omitempty"`
+	Require     map[string]string `json:"require,omitempty"`
+	RequireDev  map[string]string `json:"require-dev,omitempty"`
+	Suggest     map[string]string `json:"suggest,omitempty"`
+	Provide     map[string]string `json:"provide,omitempty"`
+}
+
+// Licenses represents the licenses of a Composer package
+type Licenses []string
+
+// UnmarshalJSON reads from a string or array
+func (l *Licenses) UnmarshalJSON(data []byte) error {
+	switch data[0] {
+	case '"':
+		var value string
+		if err := json.Unmarshal(data, &value); err != nil {
+			return err
+		}
+		*l = Licenses{value}
+	case '[':
+		values := make([]string, 0, 5)
+		if err := json.Unmarshal(data, &values); err != nil {
+			return err
+		}
+		*l = Licenses(values)
+	}
+	return nil
+}
+
+// Comments represents the comments of a Composer package
+type Comments []string
+
+// UnmarshalJSON reads from a string or array
+func (c *Comments) UnmarshalJSON(data []byte) error {
+	switch data[0] {
+	case '"':
+		var value string
+		if err := json.Unmarshal(data, &value); err != nil {
+			return err
+		}
+		*c = Comments{value}
+	case '[':
+		values := make([]string, 0, 5)
+		if err := json.Unmarshal(data, &values); err != nil {
+			return err
+		}
+		*c = Comments(values)
+	}
+	return nil
+}
+
+// Author represents an author
+type Author struct {
+	Name     string `json:"name,omitempty"`
+	Email    string `json:"email,omitempty"`
+	Homepage string `json:"homepage,omitempty"`
+}
+
+var nameMatch = regexp.MustCompile(`\A[a-z0-9]([_\.-]?[a-z0-9]+)*/[a-z0-9](([_\.]?|-{0,2})[a-z0-9]+)*\z`)
+
+// ParsePackage parses the metadata of a Composer package file
+func ParsePackage(r io.ReaderAt, size int64) (*Package, error) {
+	archive, err := zip.NewReader(r, size)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, file := range archive.File {
+		if strings.Count(file.Name, "/") > 1 {
+			continue
+		}
+		if strings.HasSuffix(strings.ToLower(file.Name), "composer.json") {
+			f, err := archive.Open(file.Name)
+			if err != nil {
+				return nil, err
+			}
+			defer f.Close()
+
+			return ParseComposerFile(archive, path.Dir(file.Name), f)
+		}
+	}
+	return nil, ErrMissingComposerFile
+}
+
+// ParseComposerFile parses a composer.json file to retrieve the metadata of a Composer package
+func ParseComposerFile(archive *zip.Reader, pathPrefix string, r io.Reader) (*Package, error) {
+	var cj struct {
+		Name    string `json:"name"`
+		Version string `json:"version"`
+		Type    string `json:"type"`
+		Metadata
+	}
+	if err := json.NewDecoder(r).Decode(&cj); err != nil {
+		return nil, err
+	}
+
+	if !nameMatch.MatchString(cj.Name) {
+		return nil, ErrInvalidName
+	}
+
+	if cj.Version != "" {
+		if _, err := version.NewSemver(cj.Version); err != nil {
+			return nil, ErrInvalidVersion
+		}
+	}
+
+	if !validation.IsValidURL(cj.Homepage) {
+		cj.Homepage = ""
+	}
+
+	if cj.Type == "" {
+		cj.Type = "library"
+	}
+
+	if cj.Readme == "" {
+		cj.Readme = "README.md"
+	}
+	f, err := archive.Open(path.Join(pathPrefix, cj.Readme))
+	if err == nil {
+		// 10kb limit for readme content
+		buf, _ := io.ReadAll(io.LimitReader(f, 10*1024))
+		cj.Readme = string(buf)
+		_ = f.Close()
+	} else {
+		cj.Readme = ""
+	}
+
+	return &Package{
+		Name:     cj.Name,
+		Version:  cj.Version,
+		Type:     cj.Type,
+		Metadata: &cj.Metadata,
+	}, nil
+}
--- a/modules/packages/composer/metadata_test.go
+++ b/modules/packages/composer/metadata_test.go
@@ -0,0 +1,153 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package composer
+
+import (
+	"archive/zip"
+	"bytes"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/modules/json"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	name        = "gitea/composer-package"
+	description = "Package Description"
+	readme      = "Package Readme"
+	comments    = "Package Comment"
+	packageType = "composer-plugin"
+	author      = "Gitea Authors"
+	email       = "no.reply@gitea.io"
+	homepage    = "https://gitea.io"
+	license     = "MIT"
+)
+
+const composerContent = `{
+    "name": "` + name + `",
+    "description": "` + description + `",
+    "type": "` + packageType + `",
+    "license": "` + license + `",
+    "authors": [
+        {
+            "name": "` + author + `",
+            "email": "` + email + `"
+        }
+    ],
+    "homepage": "` + homepage + `",
+    "autoload": {
+        "psr-4": {"Gitea\\ComposerPackage\\": "src/"}
+    },
+    "require": {
+        "php": ">=7.2 || ^8.0"
+    },
+    "_comments": "` + comments + `"
+}`
+
+func TestLicenseUnmarshal(t *testing.T) {
+	var l Licenses
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`["MIT"]`)).Decode(&l))
+	assert.Len(t, l, 1)
+	assert.Equal(t, "MIT", l[0])
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`"MIT"`)).Decode(&l))
+	assert.Len(t, l, 1)
+	assert.Equal(t, "MIT", l[0])
+}
+
+func TestCommentsUnmarshal(t *testing.T) {
+	var c Comments
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`["comment"]`)).Decode(&c))
+	assert.Len(t, c, 1)
+	assert.Equal(t, "comment", c[0])
+	assert.NoError(t, json.NewDecoder(strings.NewReader(`"comment"`)).Decode(&c))
+	assert.Len(t, c, 1)
+	assert.Equal(t, "comment", c[0])
+}
+
+func TestParsePackage(t *testing.T) {
+	createArchive := func(files map[string]string) []byte {
+		var buf bytes.Buffer
+		archive := zip.NewWriter(&buf)
+		for name, content := range files {
+			w, _ := archive.Create(name)
+			w.Write([]byte(content))
+		}
+		archive.Close()
+		return buf.Bytes()
+	}
+
+	t.Run("MissingComposerFile", func(t *testing.T) {
+		data := createArchive(map[string]string{"dummy.txt": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrMissingComposerFile)
+	})
+
+	t.Run("MissingComposerFileInRoot", func(t *testing.T) {
+		data := createArchive(map[string]string{"sub/sub/composer.json": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrMissingComposerFile)
+	})
+
+	t.Run("InvalidComposerFile", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": ""})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.Nil(t, cp)
+		assert.Error(t, err)
+	})
+
+	t.Run("InvalidPackageName", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": "{}"})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrInvalidName)
+	})
+
+	t.Run("InvalidPackageVersion", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": `{"name": "gitea/composer-package", "version": "1.a.3"}`})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.Nil(t, cp)
+		assert.ErrorIs(t, err, ErrInvalidVersion)
+	})
+
+	t.Run("InvalidReadmePath", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": `{"name": "gitea/composer-package", "readme": "sub/README.md"}`})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.NoError(t, err)
+		assert.NotNil(t, cp)
+
+		assert.Empty(t, cp.Metadata.Readme)
+	})
+
+	t.Run("Valid", func(t *testing.T) {
+		data := createArchive(map[string]string{"composer.json": composerContent, "README.md": readme})
+
+		cp, err := ParsePackage(bytes.NewReader(data), int64(len(data)))
+		assert.NoError(t, err)
+		assert.NotNil(t, cp)
+
+		assert.Equal(t, name, cp.Name)
+		assert.Empty(t, cp.Version)
+		assert.Equal(t, description, cp.Metadata.Description)
+		assert.Equal(t, readme, cp.Metadata.Readme)
+		assert.Len(t, cp.Metadata.Comments, 1)
+		assert.Equal(t, comments, cp.Metadata.Comments[0])
+		assert.Len(t, cp.Metadata.Authors, 1)
+		assert.Equal(t, author, cp.Metadata.Authors[0].Name)
+		assert.Equal(t, email, cp.Metadata.Authors[0].Email)
+		assert.Equal(t, homepage, cp.Metadata.Homepage)
+		assert.Equal(t, packageType, cp.Type)
+		assert.Len(t, cp.Metadata.License, 1)
+		assert.Equal(t, license, cp.Metadata.License[0])
+	})
+}