X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=blobdiff_plain;f=gocheese.go;h=5ecd959bc61e6f1a5881f8dc0d6b8c6b97b43de6;hp=25a1b562918b1a6b35f7e48c663cfc38faa21829;hb=5d0340e435f90599a8072ad8cd67ef8ef4be116a;hpb=48325fb9a20dcc7fab91c6f3c86618e19057254e

diff --git a/gocheese.go b/gocheese.go
index 25a1b56..5ecd959 100644
--- a/gocheese.go
+++ b/gocheese.go
@@ -202,22 +202,35 @@ func refreshDir(
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return false
 			}
+			if err = DirSync(dirPath); err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return false
+			}
 		}
 		if filename == filenameGet || gpgUpdate {
-			if _, err = os.Stat(path); err == nil {
-				if resp, err := http.Get(pkgURL.String() + GPGSigExt); err == nil {
-					sig, err := ioutil.ReadAll(resp.Body)
-					resp.Body.Close()
-					if err == nil {
-						if err = WriteFileSync(dirPath, path+GPGSigExt, sig); err != nil {
-							http.Error(w, err.Error(), http.StatusInternalServerError)
-							return false
-						}
-						log.Println(r.RemoteAddr, "pypi downloaded signature", filename)
-					}
-				}
+			if _, err = os.Stat(path); err != nil {
+				goto GPGSigSkip
+			}
+			resp, err := http.Get(pkgURL.String() + GPGSigExt)
+			if err != nil {
+				goto GPGSigSkip
+			}
+			if resp.StatusCode != http.StatusOK {
+				resp.Body.Close()
+				goto GPGSigSkip
 			}
+			sig, err := ioutil.ReadAll(resp.Body)
+			resp.Body.Close()
+			if err != nil {
+				goto GPGSigSkip
+			}
+			if err = WriteFileSync(dirPath, path+GPGSigExt, sig); err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return false
+			}
+			log.Println(r.RemoteAddr, "pypi downloaded signature", filename)
 		}
+	GPGSigSkip:
 		path = path + SHA256Ext
 		_, err = os.Stat(path)
 		if err == nil {
@@ -328,6 +341,7 @@ func servePkg(w http.ResponseWriter, r *http.Request, dir, filename string) {
 }
 
 func serveUpload(w http.ResponseWriter, r *http.Request) {
+	// Authentication
 	username, password, ok := r.BasicAuth()
 	if !ok {
 		log.Println(r.RemoteAddr, "unauthenticated", username)
@@ -340,6 +354,8 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "unauthenticated", http.StatusUnauthorized)
 		return
 	}
+
+	// Form parsing
 	var err error
 	if err = r.ParseMultipartForm(1 << 20); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
@@ -347,7 +363,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 	}
 	pkgNames, exists := r.MultipartForm.Value["name"]
 	if !exists || len(pkgNames) != 1 {
-		http.Error(w, "name is expected in request", http.StatusBadRequest)
+		http.Error(w, "single name is expected in request", http.StatusBadRequest)
 		return
 	}
 	dir := normalizationRe.ReplaceAllString(pkgNames[0], "-")
@@ -361,6 +377,14 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	gpgSigsExpected := make(map[string]struct{})
+
+	// Checking is it internal package
+	if _, err = os.Stat(filepath.Join(dirPath, InternalFlag)); err != nil {
+		log.Println(r.RemoteAddr, "non-internal package", dir)
+		http.Error(w, "unknown internal package", http.StatusUnauthorized)
+		return
+	}
+
 	for _, file := range r.MultipartForm.File["content"] {
 		filename := file.Filename
 		gpgSigsExpected[filename+GPGSigExt] = struct{}{}
@@ -368,28 +392,19 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 		path := filepath.Join(dirPath, filename)
 		if _, err = os.Stat(path); err == nil {
 			log.Println(r.RemoteAddr, "already exists", filename)
-			http.Error(w, "Already exists", http.StatusBadRequest)
+			http.Error(w, "already exists", http.StatusBadRequest)
 			return
 		}
 		if !mkdirForPkg(w, r, dir) {
 			return
 		}
-		internalPath := filepath.Join(dirPath, InternalFlag)
-		var dst *os.File
-		if _, err = os.Stat(internalPath); os.IsNotExist(err) {
-			if dst, err = os.Create(internalPath); err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			dst.Close()
-		}
 		src, err := file.Open()
 		defer src.Close()
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		dst, err = TempFile(dirPath)
+		dst, err := TempFile(dirPath)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -424,6 +439,10 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+		if err = DirSync(dirPath); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
 		if err = WriteFileSync(dirPath, path+SHA256Ext, digest); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
@@ -440,7 +459,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 		path := filepath.Join(dirPath, filename)
 		if _, err = os.Stat(path); err == nil {
 			log.Println(r.RemoteAddr, "already exists", filename)
-			http.Error(w, "Already exists", http.StatusBadRequest)
+			http.Error(w, "already exists", http.StatusBadRequest)
 			return
 		}
 		src, err := file.Open()