pub_server icon indicating copy to clipboard operation
pub_server copied to clipboard
verified publisher icon dart-archive

[Proposal] Pass down shelf request object as param in `PackageRepository`'s abstract methods

Open pd4d10 opened this issue 7 years ago • 4 comments

Take addUploader as an example:

Future addUploader(String package, String userEmail);

We don't know information of the operator. How about changing it to:

Future addUploader(String package, String userEmail, {shelf.Request request});

Now we could get Google OAuth token from request.headers then do permission things.

pd4d10 avatar Apr 06 '19 16:04 pd4d10

Hmm, I'm not sure..

note. there is a few other problems with auth for custom repositories (see https://github.com/dart-lang/pub/issues/1381).

I've started a document with API end-points offered by a pub server. If the abstractions in this repository is limiting you, I would suggest just implementing the necessary API end-point (using something like shelf_router_generator that should be pretty easy).

jonasfj avatar Apr 08 '19 07:04 jonasfj

Oh, I just saw unpub that's very impressive :)

I know @v7lin has been writing a simple pub server too. Maybe we should maintain a list of custom pub servers somewhere..

jonasfj avatar Apr 08 '19 07:04 jonasfj

The API document is cool!

Actually the example or simple_pub_server already meet our needs except the following things:

  1. Only tarball and pubspec yaml file are stored currently. We want to store meta information like uploaders to do permission things
  2. Data stored at file system, which might not be ready for production use

So We want to do some tweak upon it to solve these two problem, as you mentioned, it is named as unpub [WIP]

Thanks for your recommendation!

I'm not sure if this issue should be closed. Feel free to close it if you wish, since this proposal may break pub-dartlang-dart

pd4d10 avatar Apr 09 '19 04:04 pd4d10

@pd4d10, I'm pretty sure pub_server doesn't check if the Accept header is correct, and doesn't respond with Content-Type: application/vnd.pub.v2+json. That might cause problems in the future when new API versions are introduced.

I'm not sure if we make the switch in pub_server, we probably should. But new servers definitely could be more strict in their implementation of the REST API.

By the way please join the discussions on https://github.com/dart-lang/pub/issues/1381 with your thoughts on auth for third-party pub servers (if you have any). We can't use the same Google OAuth token we use for talking to pub.dartlang.org.

jonasfj avatar Apr 09 '19 07:04 jonasfj