/// <summary>
/// Validates and creates a <see cref="Package"/> entity from a NuGet package archive.
/// </summary>
/// <param name="nugetPackage">A <see cref="PackageArchiveReader"/> instance from which package metadata can be read.</param>
/// <param name="packageStreamMetadata">The <see cref="PackageStreamMetadata"/> instance providing metadata about the package stream.</param>
/// <param name="owner">The <see cref="User"/> creating the package.</param>
/// <param name="commitChanges"><c>True</c> to commit the changes to the data store and notify the indexing service; otherwise <c>false</c>.</param>
/// <returns>Returns the created <see cref="Package"/> entity.</returns>
/// <exception cref="InvalidPackageException">
/// This exception will be thrown when a package metadata property violates a data validation constraint.
/// </exception>
public async Task <Package> CreatePackageAsync(PackageArchiveReader nugetPackage, PackageStreamMetadata packageStreamMetadata, User owner, User currentUser, bool isVerified)
{
PackageMetadata packageMetadata;
PackageRegistration packageRegistration;
try
{
packageMetadata = PackageMetadata.FromNuspecReader(
nugetPackage.GetNuspecReader(),
strict: true);
PackageHelper.ValidateNuGetPackageMetadata(packageMetadata);
packageRegistration = CreateOrGetPackageRegistration(owner, packageMetadata, isVerified);
}
catch (Exception exception) when(exception is EntityException || exception is PackagingException)
{
// Wrap the exception for consistency of this API.
throw new InvalidPackageException(exception.Message, exception);
}
var package = CreatePackageFromNuGetPackage(packageRegistration, nugetPackage, packageMetadata, packageStreamMetadata, currentUser);
packageRegistration.Packages.Add(package);
await UpdateIsLatestAsync(packageRegistration, commitChanges : false);
return(package);
}
/// <summary>
/// When no exceptions thrown, this method ensures the package metadata is valid.
/// </summary>
/// <param name="packageArchiveReader">
/// The <see cref="PackageArchiveReader"/> instance providing the package metadata.
/// </param>
/// <exception cref="InvalidPackageException">
/// This exception will be thrown when a package metadata property violates a data validation constraint.
/// </exception>
public async Task EnsureValid(PackageArchiveReader packageArchiveReader)
{
try
{
var packageMetadata = PackageMetadata.FromNuspecReader(
packageArchiveReader.GetNuspecReader(),
strict: true);
if (packageMetadata.IsSymbolsPackage())
{
throw new InvalidPackageException(ServicesStrings.UploadPackage_SymbolsPackageNotAllowed);
}
PackageHelper.ValidateNuGetPackageMetadata(packageMetadata);
var supportedFrameworks = GetSupportedFrameworks(packageArchiveReader).Select(fn => fn.ToShortNameOrNull()).ToArray();
if (!supportedFrameworks.AnySafe(sf => sf == null))
{
ValidateSupportedFrameworks(supportedFrameworks);
}
// This will throw if the package contains an entry which will extract outside of the target extraction directory
await packageArchiveReader.ValidatePackageEntriesAsync(CancellationToken.None);
}
catch (Exception exception) when(exception is EntityException || exception is PackagingException)
{
// Wrap the exception for consistency of this API.
throw new InvalidPackageException(exception.Message, exception);
}
}
private static void ValidateSymbolPackage(PackageArchiveReader symbolPackage, PackageMetadata metadata)
{
PackageHelper.ValidateNuGetPackageMetadata(metadata);
// Validate nuspec manifest.
var errors = ManifestValidator.Validate(symbolPackage.GetNuspec(), out var nuspec, out var packageMetadata).ToArray();
if (errors.Length > 0)
{
var errorsString = string.Join("', '", errors.Select(error => error.ErrorMessage));
throw new InvalidDataException(string.Format(
CultureInfo.CurrentCulture,
errors.Length > 1 ? Strings.UploadPackage_InvalidNuspecMultiple : Strings.UploadPackage_InvalidNuspec,
errorsString));
}
// Validate that the PII is not embedded in nuspec
var invalidItems = new List <string>();
if (metadata.Authors != null &&
(metadata.Authors.Count > 1 ||
!string.IsNullOrWhiteSpace(metadata.Authors.FirstOrDefault())))
{
invalidItems.Add("Authors");
}
if (metadata.Owners != null && metadata.Owners.Any())
{
invalidItems.Add("Owners");
}
if (invalidItems.Any())
{
throw new InvalidDataException(string.Format(Strings.SymbolsPackage_InvalidDataInNuspec, string.Join(",", invalidItems.ToArray())));
}
if (!CheckForAllowedFiles(symbolPackage))
{
throw new InvalidDataException(string.Format(Strings.SymbolsPackage_InvalidFiles, PDBExtension));
}
if (!CheckForPDBFiles(symbolPackage))
{
throw new InvalidDataException(string.Format(Strings.SymbolsPackage_NoSymbols));
}
}
