|tagger||Kevin Moore <email@example.com>||Fri Jul 23 10:59:43 2021 -0700|
|author||Jonas Finnemann Jensen <firstname.lastname@example.org>||Thu Jul 08 21:26:00 2021 +0200|
|committer||GitHub <email@example.com>||Thu Jul 08 21:26:00 2021 +0200|
Validate and normalize hosted url. (#3030) * Validate and normalize hosted url. We normalize the URL for a _hosted pub server_ to have no slash if the server is just a bare domain like `https://example.com`, but if the URL contains a path like `https://example.com/my-folder` then we always normalize to `https://example.com/my-folder/`. The reason for normalizing the URL is to improve consistency in `pubspec.lock` and make it easier to implement authentication without risks of being tricked by incorrect prefixes. Additionally, be normalizing to no slash for empty paths, and paths always ending in a slash when path is non-empty, we gain the benefit that relative URLs can always be constructed correctly using `hostedUrl.resolve('api/packages/$package')`. This additionally forbids a few edge cases such as: * querystring in the hosted URL (`https://server.com/?query`), * fragment in the hosted URL (`https://server.com/#hash`), * user-info in the hosted URL (`https://user:firstname.lastname@example.org`). These may have worked with previous versions of the `pub` client, but most likely the _querystring_ or _fragment_ would cause URLs to be garbled. Any user-info would likely have been ignored, this was not tested, any usage of these options is considered unlikely. Previously, `dart pub publish` would ignore the path in the hosted URL and always upload to `/api/packages/new`. This commit fixes this issue.
Pub is the package manager for Dart.
Thanks for being interested in contributing to pub! Contributing to a new project can be hard: there's a lot of new code and practices to learn. This document is intended to get you up and running as quickly as possible. For more information, see the pub tool documentation.
The first step towards contributing is to contact the pub dev team and let us know what you‘re working on, so we can be sure not to start working on the same thing at the same time. Open an issue letting us know that you’re interested in contributing and what you plan on working on. This will also let us give you specific advice about where to start.
Pub isn‘t a package, but it’s organized like one. It has four top-level directories:
lib/ contains the implementation of pub. Currently, it's all in
lib/src/, since there are no libraries intended for public consumption.
test/ contains the tests for pub.
pub.dart, the entrypoint script that's run whenever a user types “pub” on the command line or runs it in the Dart editor. This is usually run through shell scripts in
sdk/bin at the root of the Dart repository.
It's probably easiest to start diving into the codebase by looking at a particular pub command. Each command is encapsulated in files in
To run pub from the Git repository, run:
Before any change is made to pub, all tests should pass. To run a pub test, run:
dart tool/test.dart test/path/to_test.dart
To run all tests at once, run:
Changes to pub should be accompanied by one or more tests that exercise the new functionality. When adding a test, the best strategy is to find a similar test in
test/ and follow the same patterns.
Pub tests come in two basic forms. The first, which is usually used to unit test classes and libraries internal to pub, has many tests in a single file. This is used when each test will take a short time to run. For example,
test/version_test.dart contains unit tests for pub's Version class.
The other form, used by most pub tests, is usually used for integration tests of user-visible pub commands. Each test has a file to itself, which is named after the test description. This is used when tests can take a long time to run to avoid having the tests time out when running on the build bots. For example,
tests/get/hosted/get_transitive_test.dart tests the resolution of transitive hosted dependencies when using
All patches to official Dart packages, including to pub, need to undergo code review before they're submitted. The full process for putting up your patch for review is documented elsewhere.