From b461e610332c87d89aca09ad856a53a44f11c61b Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Tue, 17 Dec 2019 12:59:49 +0300
Subject: [PATCH] Check PyPI HTTP status code

---
 VERSION      |  2 +-
 install.texi |  2 +-
 refresh.go   | 15 +++++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/VERSION b/VERSION
index ccbccc3..276cbf9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2.0
+2.3.0
diff --git a/install.texi b/install.texi
index 94a12f5..dc95c2d 100644
--- a/install.texi
+++ b/install.texi
@@ -1,7 +1,7 @@
 @node Install
 @unnumbered Install
 
-@set VERSION 2.2.0
+@set VERSION 2.3.0
 
 Preferable way is to download tarball with the signature from
 website and, for example, run tests with benchmarks:
diff --git a/refresh.go b/refresh.go
index 625f840..860267b 100644
--- a/refresh.go
+++ b/refresh.go
@@ -60,6 +60,12 @@ func refreshDir(
 		http.Error(w, err.Error(), http.StatusBadGateway)
 		return false
 	}
+	if resp.StatusCode != http.StatusOK {
+		resp.Body.Close()
+		log.Println("error", r.RemoteAddr, "refresh", pkgName, "HTTP status:", resp.Status)
+		http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
+		return false
+	}
 	body, err := ioutil.ReadAll(resp.Body)
 	resp.Body.Close()
 	if err != nil {
@@ -154,6 +160,15 @@ func refreshDir(
 				return false
 			}
 			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				log.Println(
+					"error", r.RemoteAddr,
+					"pypi", filename, "download",
+					"HTTP status:", resp.Status,
+				)
+				http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
+				return false
+			}
 			hasher := hasherNew()
 			hasherSHA256 := sha256.New()
 			dst, err := TempFile(dirPath)
-- 
2.44.0