public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
// if version is non-null, check if it's semantically correct and normalize it.
if (!String.IsNullOrEmpty(version))
{
NuGetVersion dummy;
if (!NuGetVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
// Normalize the version
version = NuGetVersionNormalizer.Normalize(version);
}
else
{
// if version is null, get the latest version from the database.
// This ensures that on package restore scenario where version will be non null, we don't hit the database.
try
{
var package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
version = package.NormalizedVersion;
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
}
// If metrics service is specified we post the data to it asynchronously. Else we skip stats.
if (_config != null && _config.MetricsServiceUri != null)
{
try
{
var userHostAddress = Request.UserHostAddress;
var userAgent = Request.UserAgent;
var operation = Request.Headers["NuGet-Operation"];
var dependentPackage = Request.Headers["NuGet-DependentPackage"];
var projectGuids = Request.Headers["NuGet-ProjectGuids"];
HostingEnvironment.QueueBackgroundWorkItem(cancellationToken => PostDownloadStatistics(id, version, userHostAddress, userAgent, operation, dependentPackage, projectGuids, cancellationToken));
}
catch (Exception ex)
{
QuietLog.LogHandledException(ex);
}
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id, version));
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? string.Empty))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
// if version is non-null, check if it's semantically correct and normalize it.
if (!String.IsNullOrEmpty(version))
{
NuGetVersion dummy;
if (!NuGetVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
// Normalize the version
version = NuGetVersionFormatter.Normalize(version);
}
else
{
// If version is null, get the latest version from the database.
// This ensures that on package restore scenario where version will be non null, we don't hit the database.
try
{
var package = PackageService.FindPackageByIdAndVersion(
id,
version,
SemVerLevelKey.SemVer2,
allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
version = package.NormalizedVersion;
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
}
if (ConfigurationService.Features.TrackPackageDownloadCountInLocalDatabase)
{
await PackageService.IncrementDownloadCountAsync(id, version);
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id, version));
}
public virtual async Task <ActionResult> GetPackage(string id, string version)
{
// some security paranoia about URL hacking somehow creating e.g. open redirects
// validate user input: explicit calls to the same validators used during Package Registrations
// Ideally shouldn't be necessary?
if (!PackageIdValidator.IsValidPackageId(id ?? ""))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The format of the package id is invalid"));
}
if (!String.IsNullOrEmpty(version))
{
SemanticVersion dummy;
if (!SemanticVersion.TryParse(version, out dummy))
{
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.BadRequest, "The package version is not a valid semantic version"));
}
}
// Normalize the version
version = SemanticVersionExtensions.Normalize(version);
// if the version is null, the user is asking for the latest version. Presumably they don't want includePrerelease release versions.
// The allow prerelease flag is ignored if both partialId and version are specified.
// In general we want to try to add download statistics for any package regardless of whether a version was specified.
// Only allow database requests to take up to 5 seconds. Any longer and we just lose the data; oh well.
EntitiesContext.SetCommandTimeout(5);
Package package = null;
try
{
package = PackageService.FindPackageByIdAndVersion(id, version, allowPrerelease: false);
if (package == null)
{
return(new HttpStatusCodeWithBodyResult(
HttpStatusCode.NotFound, String.Format(CultureInfo.CurrentCulture, Strings.PackageWithIdAndVersionNotFound, id, version)));
}
try
{
var stats = new PackageStatistics
{
IPAddress = Request.UserHostAddress,
UserAgent = Request.UserAgent,
Package = package,
Operation = Request.Headers["NuGet-Operation"],
DependentPackage = Request.Headers["NuGet-DependentPackage"],
ProjectGuids = Request.Headers["NuGet-ProjectGuids"],
};
PackageService.AddDownloadStatistics(stats);
}
catch (ReadOnlyModeException)
{
// *gulp* Swallowed. It's OK not to add statistics and ok to not log errors in read only mode.
}
catch (SqlException e)
{
// Log the error and continue
QuietLog.LogHandledException(e);
}
catch (DataException e)
{
// Log the error and continue
QuietLog.LogHandledException(e);
}
}
catch (SqlException e)
{
QuietLog.LogHandledException(e);
}
catch (DataException e)
{
QuietLog.LogHandledException(e);
}
// Fall back to constructing the URL based on the package version and ID.
if (String.IsNullOrEmpty(version) && package == null)
{
// Database was unavailable and we don't have a version, return a 503
return(new HttpStatusCodeWithBodyResult(HttpStatusCode.ServiceUnavailable, Strings.DatabaseUnavailable_TrySpecificVersion));
}
return(await PackageFileService.CreateDownloadPackageActionResultAsync(
HttpContext.Request.Url,
id,
String.IsNullOrEmpty(version)?package.NormalizedVersion : version));
}
