* Remove package submission page from the web interface.
* Replace PKGBUILD and tarball links with links to cgit.
* Remove the "URLPath" field from RPC replies.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace web/lib/config.inc.php with an INI-style configuration file.
This allows us to get rid of several globals and makes it easier to use
the same configuration file in external scripts.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add the typeahead implementation we already use for the package search
to the merge target text field. Instead of suggesting packages, suggest
package base names.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add RPC v3 which always returns a list of objects in RPC responses,
regardless of the request type. An empty list is returned when an error
occurs. The error message is moved to a separate "error" field.
Fixes FS#40963.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is useful to tools that automatically generate requests to orphan,
delete or merge packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Most AUR helpers don't support the new format yet. Use version 1 of the
API by default. In order to use the new format, "v=2" can be appended to
the list of GET parameters.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a backwards compatibility mode for the old RPC API. The old
format can be requested by explicitly adding "v=1" to the list of GET
parameters. Note that due to internal changes, the old format only
returns the first license that belongs to a package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is needed for clients to quickly differentiate between different
versions of the RPC API. The version number should be bumped whenever
there is a change that breaks backwards compatibility.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This patch adds the following fields to info and multiinfo replies:
* Depends
* MakeDepends
* CheckDepends
* OptDepends
* Conflicts
* Provides
* Replaces
* Groups
* License
Each of these fields is an array.
Note that since collecting all these fields is CPU-intensive, they are
not included in replies to search queries.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Fix the SQL query to conform to the new database layout.
* Remove the license field from replies. The license field is now stored
in a separate table and no longer returned on search queries.
* Add a "PackageBase" field that contains the name of the package base
of every package in the result.
* Fix the source tarball URL. The URL is now built based on the package
base name instead of the package name.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use Twitter Bootstrap JavaScript framework for typeahead support.
Add a new "suggest" JSON method, which returns the first 20
packages that match the beginning characters of a query.
canyonknight: Link format change, commit message
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
With no limit to the number of results, memory_limit set to 32M
can easily be exceeded for searches that have a large number of
results. This results in an HTTP error 500 for those queries.
Limit results to an amount set within config.inc.php to avoid
exceeding memory_limit. Introduce new JSON error code for when
the result limit is hit.
Fixes FS#31849
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All DB code currently uses the quickly aging mysql_* functions. These
functions are strongly discouraged and may eventually be deprecated.
Transition all code to utilize the PDO data access abstraction layer. PDO
allows for consistent query code across multiple databases. This could
potentially allow for someone to use a database other than MySQL with
minimal code changes.
All functions and behaviors are reproduced as faithfully as possible with
PDO equivalents and some changes in code.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We already ask for the result count, but only use it as a basis for testing
query success or failure. Add the value to the JSON reply.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.
Note that we already fixed this for the RPC interface in commit
da2ebb667b but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.
This is a rebased version of a patch by elij submitted about half a year
ago.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Coerce following fields into integers to ensure json_encode() serializes
them as integers:
* ID
* CategoryID
* NumVotes
* OutOfDate
* FirstSubmitted
* LastModified
This means that there will be a minor API break. There's no better way
to do this properly, though. Fixes FS#25693.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Convert the "OutOfDate" field to provide a timestamp instead of a
boolean flag in JSON results. We don't really care about backward
compatibility here, as most AUR helpers would break anyway when trying
to parse RPC responses after the data type overhaul that should come
with one of the following patches.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Info queries using package IDs were no longer working due to commit
c6d84b3a8d, which introduced a table join
in process_query(), thus making the "ID" column ambiguous. Fix this by
explicitly specifying the table to use. Fixes FS#25696.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This implements the following scheme:
* /packages/cower/ --> /packages/co/cower/
* /packages/j/ --> /packages/j/j/
* /packages/zqy/ --> /packages/zq/zqy/
We take up to the first two characters of each package name as a
intermediate subdirectory, and then the full package name lives
underneath that. Shorter named packages live in a single letter
directory.
Why, you ask? Well because earlier today the AUR hit 32,000 entries in
the unsupported/ directory, making new package uploads impossible. While
some might argue we shouldn't have so many damn packages in the repos,
we should be able to handle this case.
Why two characters instead of one? Our two biggest two-char groups, 'pe'
and 'py', both start with 'p', and have nearly 2000 packages each. Go
Python and Perl.
Still needed is a "move the existing data" script, as well as a set of
rewrite rules for those wishing to preserve backward compatible URLs for
any helper programs doing the wrong thing and relying on them.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
after reading the discussion about the submitter field, i looked again
at my previous patch and realized that it was not very good at all.
hopefully this simplified version will be more acceptable.
the justification for this patch is that many third-party tools will
want to know how new a package is, or when it last changed. adding the
submitted and modified timestamps will allow users to get all the
relevant package data in a single query.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add etag and if-none-match conditional get support. This will allow
'smart client' to save network bandwidth, as they can save the etag hash
value for queries and test it later. Still an http request because this
patch specifically sets a cache lifetime of zero, and must-revalidate.
The benefit here is bandwidth savings. Caching based on expires headers
would likely be counter productive, as the api data can change rather
quickly...but etag is a nice compromise, and could be quite beneficial
for bandwidth recution in some scenarios.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The majority of "real world" info requests [1] come in hefty batches. We
would be better served to handle these in one request rather than
multiple by allowing AUR clients to send multiple arguments.
This enables things like this to work:
http://aur.test/rpc.php?type=multiinfo&arg[]=cups-xerox&arg[]=cups-mc2430dl&arg[]=10673
Note to RPC users: unfortunately due to the asinine design of PHP, you
unfortunately have to use the 'arg[]' syntax if you want more than one
query argument, or you will only get the package satisfying the last arg
you pass.
[1] Rough data from April 11, 2011, with a total hit count of 1,109,163:
12 /login.php
13 /rpc.php?type=sarch
15 /rpc.php?type=msearch
16 /pingserver.php
16 /rpc.php
22 /logout.php
163 /passreset.php
335 /account.php
530 /pkgsubmit.php
916 /rss2.php
3838 /index.php
6752 /rss.php
9699 /
42478 /rpc.php?type=search
184737 /packages.php
681725 /rpc.php?type=info
That means a whopping 61.5% of our requests were for info over the RPC
interface; package pages are a distant second at only 16.7%.
Lukas: Introduce "multiinfo" query instead of extending "info" (for the
sake of backward compatibility).
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do the implode as the same but separate step each time, and remove
indentation where no other query has it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Mark things static in the class rather than use a constructor every
single invocation of the service.
* Don't call mysql_real_escape_string() before we even have a database
connection, and don't do work in the database if we don't need to.
* Formatting consistency fixups in a few places.
* Add new process_query() helper function; use this instead of
copy-pasted code in all of the RPC method calls.
* Remove the escaping code meant to fix FS#15526, introduced in commit
4d1eb4dd7a. It broke more than it solved, only fixed the output in
one of three RPC calls (and who knows what the web interface then also
does), and proper encoding should be done at the database level rather
than up here.
Lukas: Add special case for "info" queries to process_query() (return a
single result instead of an array of results here).
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
You need this enabled for the AUR, period. No need for this BS.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead, we just store dependencies directly in the PackageDepends
table. Since we don't use this info anywhere besides the package details
page, there is little value in precalculating what is in the AUR vs.
what is not.
An upgrade path is provided via several SQL statements in the UPGRADING
document. There should be no user-visible change from this, but the DB
schema gets a bit more sane and we no longer have loads of junk packages
in our tables that are never shown to the end user. This should also
help the MySQL query planner in several cases as we no longer have to be
careful to exclude dummy packages on every query.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
jsonp callback should have a content type of text/javascipt,
since it specifies a callback function wrapping json data,
and is not soley json data.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Currently AUR does not check the uploaded packages, whether they are
correctly in UTF8 encoding. If there are fields (such as $pkgdesc)
that contain such non-UTF8 characters, the rpc interface chokes on
those fields: even if there's data successfully retrieved from the
database, rpc returns "null".
In an effort to make such errors in the PKGBUILDs debugged more easily,
let's force rpc to have more useful output: try to convert non-UTF8
fields to UTF8. If it's a success, good. Partial success (some characters
showing as \uXXXX) is ok. Failure results in error message printed to that
field.
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
