NPM dependency proxy: implement the download tgz endpoint
🔥 Problem
The NPM dependency proxy will require a new endpoint from which the tgz
files are downloaded.
This is very similar to the Maven dependency proxy endpoint and care should be take around organizing the code.
In addition, re-use the advanced caching system that uses the ETag
field to know if the file was updated on the remote registry.
Regarding authentication, copy what we have for the GitLab NPM package registry.
Regarding authorization, re-use what we have for the Maven dependency proxy.
🚒 Solution
- Implement
projects/:id/dependency_proxy/packages/npm/*package_name/-/*file_name
in its own classnpm.rb
- Centralize all logic between the maven and npm dependency proxy endpoints.
- Centralize logic around the advanced caching.
- Gate the endpoint behind a feature flag.
Edited by David Fernandez