@@ -19,381 +19,6 @@ If you have any question or suggestions, do not hesitate to [create an issue](ht
1919[ Telegram] ( https://t.me/artipie ) .
2020Artipie [ roadmap] ( https://github.com/orgs/artipie/projects/3 ) .
2121
22- ## Public API
23-
24- ### API tokens
25-
26- API works with token-based authorization, each API endpoint expects ` Authorization ` header with the valid token.
27- To generate a token, use the following request:
28-
29- > ** POST** /api/token
30-
31- Json body is expected with user and password to generate token for:
32-
33- ``` json
34- {
35- "name" : " Alice"
36- "pass" : " 123"
37- }
38- ```
39- 30 days valid token will be generated and returned in the response:
40-
41- ``` json
42- {
43- "token" : " token-value"
44- }
45- ```
46-
47- ### Repositories API
48-
49- > ** GET** /repositories
50-
51- Returns list of the existing repositories as json array:
52- ``` json
53- [
54- {"fullName" : " Jane/maven"
55- {"fullName" : " Mark/conda-repo"
56- {"fullName" : " docker-proxy"
57- ]
58- ```
59-
60- > ** GET** /repository/{name}
61-
62- Returns repository called ` {name} ` settings as json object, repository permissions are not included:
63- ``` json
64- {
65- "repo" : {
66- "type" : " npm-proxy"
67- "url" : " http://artipie-proxy:8080/my-npm-proxy"
68- "path" : " my-npm-proxy"
69- "storage" : {
70- "type" : " fs"
71- "path" : " /var/artipie/data/"
72- },
73- "settings" : {
74- "remote" : {
75- "url" : " http://artipie:8080/my-npm"
76- }
77- }
78- }
79- }
80- ```
81- If repository called ` {name} ` does not exist, ` 404 ` status is returned.
82-
83- > ** HEAD** /repository/{name}
84-
85- Returns response status ` 200 ` if repository ` {name} ` exists, status ` 404 ` otherwise.
86-
87- > ** PUT** /repository/{name}
88-
89- Creates new repository with name ` {name} ` , if such repository already exists, status ` 409 ` is returned.
90- Json request body is expected, minimal format is:
91- ``` json
92- {
93- "repo" : {
94- "type" : " npm-proxy"
95- "storage" : {
96- "type" : " fs"
97- "path" : " /var/artipie/data/"
98- }
99- }
100- }
101- ```
102- Root field ` repo ` , fields ` type ` (repository type) and ` storage ` (repository storage definition)
103- are required. Besides, ` repo ` section can contain ` permission ` and/or ` setting ` sections to set
104- permissions to access repository or add some repository-specific settings. Check supported
105- repositories [ examples] ( https://github.com/artipie/artipie/tree/master/examples )
106- to learn more about different repositories settings.
107-
108- > ** DELETE** /repository/{name}
109-
110- Deletes repository called ` {name} ` , returns status ` 200 ` on success, status ` 404 ` if repository does
111- not exist. Repository data are removed asynchronously, success status does not guarantee, that
112- repo and data were already fully removed. After ` delete ` call ` head ` method on the repository
113- to check whether remove operation was complete and repository does not exist.
114-
115- > ** PUT** /repository/{name}/move
116-
117- Renames repository and moves all the data. Json with the new name is expected in the request body:
118-
119- ``` json
120- {
121- "new_name" : " repo_new_name"
122- }
123- ```
124- Returns response status ` 200 ` if operation was successful. Repository data are moved
125- asynchronously, success status does not guarantee, that rename operation was fully complete.
126- Use ` head ` method on the repository with the previous name, if such repository does not exist, all
127- the data were fully moved to the new repo.
128-
129- ### Repository permissions API
130-
131- > ** GET** /repositories/{repo}/permissions
132-
133- Returns status ` 404 ` if repository ` {repo} ` does not exist, otherwise returns permissions if json format:
134- ``` json
135- {
136- "permissions" : {
137- "Jane" : [" read" " write"
138- "Mark" : [" *"
139- "/readers" : [" read"
140- }
141- }
142- ```
143-
144- > ** PUT** /repositories/{repo}/permissions/{uid}
145-
146- Adds permissions for user ` {uid} ` in the repository ` {repo} ` . This method overrides all previously
147- existed permissions for the user in the repository. Json array with permissions list is expected in
148- the request body:
149- ``` json
150- [" read" " tag"
151- ```
152- If permissions were successfully added, status ` 201 ` is returned, if repository ` {repo} ` does not exist,
153- status ` 404 ` is returned.
154-
155- > ** DELETE** /repositories/{repo}/permissions/{uid}
156-
157- Revokes all permissions for user ` {uid} ` in the repository ` {repo} ` , returns status ` 200 ` on success.
158- If repository ` {repo} ` does not exist or user ` {uid} ` does not have any permissions in the repository,
159- status ` 404 ` is returned.
160-
161- > ** PATCH** /repositories/{repo}/permissions
162-
163- Patches permissions of the repository ` {repo} ` . Json body is expected in the request:
164- ``` json
165- {
166- "grant" : {
167- "bob" : [" read"
168- "john" : [" read"
169- },
170- "revoke" : {
171- "john" : [" write"
172- }
173- }
174- ```
175- In this example we grant ` read ` permission to bob and john but revoke ` write ` permission for john.
176- All other already granted permissions for user are kept as is. For example, if john already has
177- ` tag ` permission for the repository, after ` PATCH ` operation with request body from the example,
178- he will have ` read ` and ` tag ` permissions.
179-
180- If repository ` {repo} ` does not exist, ` 404 ` status is returned.
181-
182- > ** Note**
183- > When Artipie layout is ` org ` , each repository belongs to some user, thus repository name path
184- > parameter ` {repo} ` actually consists of two parts: ` {repository_owner_name}/{repository_name} ` .
185- > When layout is ` flat ` , ` {repo} ` is just the name of the repository.
186-
187- ### Users API
188-
189- > ** GET** /users
190-
191- Returns list of the existing users in json format:
192- ``` json
193- {
194- "John" : {},
195- "Jane" : {
196- "email" : " jane@work.com"
197- },
198- "mark" : {
199- "email" : " mark@example.com"
200- "groups" : [" dev" " admin"
201- }
202- }
203- ```
204- Fields ` email ` and ` groups ` are optional.
205-
206- > ** GET** /user/{name}
207-
208- Returns info of the user with name ` {name} ` as json object:
209-
210- ``` json
211- {
212- "mark" : {
213- "email" : " mark@example.com"
214- "groups" : [" dev" " admin"
215- }
216- }
217- ```
218- Fields ` email ` and ` groups ` are optional, if user does not exist ` 404 ` status is returned.
219-
220- > ** HEAD** /user/{name}
221-
222- Returns response status ` 200 ` if user with name ` {name} ` exists, status ` 404 ` otherwise.
223-
224- > ** PUT** /user/{name}
225-
226- Creates new user with name ` {name} ` , json request body is expected:
227- ``` json
228- {
229- "Alice" : {
230- "type" : " plain"
231- "pass" : " 123"
232- "email" : " alice@example.com"
233- "groups" : [" admin" " dev-lead"
234- }
235- }
236- ```
237- Field ` type ` is required, can be either ` plain ` or ` sha256 ` , field ` pass ` is also required,
238- if ` type ` is ` plain ` not-encoded password is expected in ` pass ` field,
239- if ` type ` is ` sha256 ` sha-256 checksum of the password is expected in ` pass ` field.
240- Fields ` email ` and ` groups ` are optional.
241- If user with name ` {name} ` already exists, status ` 409 ` is returned.
242-
243- > ** DELETE** /user/{name}
244-
245- Removed user with name ` {name} ` , returns status ` 200 ` on success, status ` 404 ` if user does
246- not exist.
247-
248- ### Storages API
249-
250- Artipie can have separate settings for storages, each storage in storages settings has its alias
251- and can be used in repositories setting. Storages settings can exist for repository, for user
252- is the case of ` org ` layout or for whole system in the case of ` flat ` layout. Here is the API to
253- manage these storages settings:
254-
255- > ** GET** /repositories/{repo}/storages
256- > ** GET** /storages/{uid}
257-
258- Returns the list of the existing storage aliases as json object:
259- ``` json
260- {
261- "storages" : {
262- "default" : {
263- "type" : " file"
264- "path" : " /data/default"
265- },
266- "temp" : {
267- "type" : " file"
268- "path," : " /data/temp,"
269- }
270- }
271- }
272- ```
273-
274- > ** GET** /repositories/{repo}/storages/{alias}
275- > ** GET** /storages/{uid}/{alias}
276-
277- Obtain details about storage alias ` {alias} ` , response is provided as json object:
278- ``` json
279- {
280- "type" : " file"
281- "path" : " /data/default"
282- }
283- ```
284- If the storage alias ` {alias} ` does not exist, status ` 404 ` is returned.
285-
286- > ** HEAD** /repositories/{repo}/storages/{alias}
287- > ** HEAD** /storages/{uid}/{alias}
288-
289- If the storage alias ` {alias} ` exist, status ` 302 ` is returned, status ` 404 ` is returned otherwise.
290-
291- > ** PUT** /repositories/{repo}/storages/{alias}
292- > ** PUT** /storages/{uid}/{alias}
293-
294- Adds storage with alias ` {alias} ` to the settings, json with full new storage settings is expected
295- in request body, for example:
296- ``` json
297- {
298- "type" : " file"
299- "path" : " path/for/new/storage"
300- }
301- ```
302- If storage alias ` {alias} ` already exists, status ` 409 ` is returned.
303-
304- > ** DELETE** /repositories/{repo}/storages/{alias}
305- > ** DELETE** /storages/{uid}/{alias}
306-
307- Removes storage alias ` {alias} ` from the settings, returns status ` 200 ` on success, status ` 404 ` is
308- returned if such storage alias does not exist.
309-
310- > ** Note**
311- > When Artipie layout is ` org ` , each repository belongs to some user, thus repository name path
312- > parameter ` {repo} ` actually consists of two parts: ` {repository_owner_name}/{repository_name} ` .
313- > When layout is ` flat ` , ` {repo} ` is just the name of the repository.
314- > Path parameter ` {uid} ` is required only for ` org ` layout (to manage user's storages settings)
315- > and should be omitted when layout is ` flat ` (to manage common storages settings).
316-
317- ## Public API permissions
318-
319- Permissions to access API endpoints are very flexible and can be granted however it is convenient
320- for the team. To create and grant any permissions to users, create ` _api_permissions.yml ` file. The
321- format is the following:
322- ``` yaml
323- endpoints :
324- # This section maps endpoints and permissions
325- " /repositories.* " # Regex to match request line
326- " GET|HEAD " # Regex to match request method
327- - repo-read # Name of the permission required to access the API endpoint
328- - repo-write
329- " PUT|DELETE "
330- - repo-write
331- " /users.* "
332- " GET|HEAD "
333- - users-read
334- - users-write
335- " PUT|DELETE|POST "
336- - users-write
337- " .* "
338- " .* "
339- - god
340-
341- users :
342- # This sections grants permissions to users
343- jane :
344- - repo-read
345- - users-read
346- john :
347- - repo-write
348- - users-write
349- olga :
350- - users-read
351- mark :
352- - god
353- ` ` `
354-
355- The first section ` endpoints` defines what permission is required to access the API endpoint:
356- the upper level is a regular expression to match the request line, the second level is the
357- regular expression to match the request method. Here are some examples :
358- ` ` ` yaml
359- endpoints:
360- # Storages API (all methods) is available with ` storages-all` permission
361- " /storages.* "
362- " .* "
363- - storages-all
364- # Storages API settings for alice (all methods) are available with `storages-alice` permission
365- " /storages/alice.* "
366- " .* "
367- - storages-alice
368- # Users API with GET or HEAD methods is available with `users-read`
369- " /users.* "
370- " GET|HEAD "
371- - users-read
372- # `admin` permission allows to access all the endpoints
373- " .* "
374- " .* "
375- - admin
376- ` ` `
377-
378- The second section ` users` defines permissions list granted for the user:
379- ` ` ` yaml
380- users:
381- # Margo has access to whole storages API and can read users information
382- margo:
383- - storages-all
384- - users-read
385- # Alice can only read her storages settings
386- alice:
387- - storages-alice
388- # Olga has access to all API endpoints
389- olga:
390- - admin
391- ` ` `
392-
393- When API request is accepted, request line and method are matched by `endpoint` regular expressions
394- to get the list of the permissions required to access the endpoint. Then, we check if the user has
395- any of the required permission to accept or deny the request.
396-
39722## How to contribute
39823
39924Please read [ contributing rules] ( https://github.com/artipie/artipie/blob/master/CONTRIBUTING.md ) .
0 commit comments