Started working on this. There are several areas where we can centralize the logic between Maven and NPM. Trying to have the best code organization for this.
I think I pinned the centralizing refactoring for API endpoints. Existing Maven specs are passing which is a good sign that the refactoring is a coherent one.
Worked through the implementation of the tgz endpoint. Many aspects to implement since the centralized logic will have the caching aspect and the pull+upload aspect.
This is to say, that I'm configuring several aspects for the NPM dependency proxy in the implementation. As expected I would say, to be able to use the common dependency proxy logic, we need to have several things properly implemented (events tracking is an example).
Worked my way through the changes and I was able to try to pull a tgz file from a gitlab.com . That is I have the dependency proxy working locally and it's pointing to a project on gitlab.com using a deploy token.
curl -vvv--header"Authorization: Bearer <token>""http://gdk.test:8000/api/v4/projects/283/dependency_proxy/packages/npm/@issue-reproduce/my_package/-/@issue-reproduce/my_package-1.0.0.tgz"* Trying 172.16.123.1:8000...* Connected to gdk.test (172.16.123.1) port 8000 (#0)> GET /api/v4/projects/283/dependency_proxy/packages/npm/@issue-reproduce/my_package/-/@issue-reproduce/my_package-1.0.0.tgz HTTP/1.1> Host: gdk.test:8000> User-Agent: curl/8.1.2> Accept: */*> Authorization: Bearer <token>>< HTTP/1.1 200 OK< Content-Length: 251< Content-Security-Policy: default-src 'none'< Content-Type: application/octet-stream< Etag: "03c589d2d02e201f4090d90de9851f5d"< X-Runtime: 0.088855< Date: Fri, 09 Feb 2024 16:10:11 GMT< Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: <FILE>" to save to a file.* Failure writing output to destination* Closing connection 0
I curled the tgz file download endpoint and the NPM dependency proxy properly returned the file to me!
Not so good news:
The amount of changes was becoming too large. I had to split things in two MRs. This will reduce heavily the chances to have this issue delivered in %16.9.
While the first MR is under review, I implemented the feature flag support and cleaned up the code. Next step: implement the related specs.
I was able to resume working on this. I spotted a strange behavior on the endpoint when the file is present in the package registry. Turns out that the centralized logic for the dependency proxy still had a specific function for the Maven dependency proxy that doesn't exist on the NPM endpoints (obviously). Fixed that.
Introduced specs for all code changes and we have a pipeline
The MR is a tad too large for my taste. I'm investigating ways to reduce its size. One possible thing is: put the event tracking aspect to a side and implement it at a later time.