RPM Authentication/Authorization
Proposal
Add authentication to the two RPM API endpoints created in #370867 (closed). We should use the API::Helpers::Authentication
module, similar to how we have implemented this in NuGet.
We should accept:
- Personal access tokens
- Deploy tokens
- Job tokens
Sent through:
- Basic Auth
The POST/PUT endpoints should always require authentication.
The GET endpoints should only require authentication when the project is not public.
Authorization should be checked for the given project using :read_package
and :create_package
permissions.