cenotelie
diff --git a/‎.sqlx/query-606b54deb2a8792ced5c2bdd6f2bf7792bdeb5c4ca110d33d2d97aecd03a3ec7.json
Lines changed: 12 additions & 0 deletions b/‎.sqlx/query-606b54deb2a8792ced5c2bdd6f2bf7792bdeb5c4ca110d33d2d97aecd03a3ec7.json
Lines changed: 12 additions & 0 deletions
diff --git a/‎.sqlx/query-64020941f6a6cf41e841dd40caca417c0511c3f0e384cdf0505b1d2178e09417.json
Lines changed: 0 additions & 20 deletions b/‎.sqlx/query-64020941f6a6cf41e841dd40caca417c0511c3f0e384cdf0505b1d2178e09417.json
Lines changed: 0 additions & 20 deletions
diff --git a/‎.sqlx/query-d93dcaeade8c53483517e8d07cfaf8aa2fb47883f59d2ad152a6cf525b727a0d.json
Lines changed: 26 additions & 0 deletions b/‎.sqlx/query-d93dcaeade8c53483517e8d07cfaf8aa2fb47883f59d2ad152a6cf525b727a0d.json
Lines changed: 26 additions & 0 deletions
diff --git a/‎src/application.rs
Lines changed: 4 additions & 4 deletions b/‎src/application.rs
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/services/database/packages.rs
Lines changed: 66 additions & 30 deletions b/‎src/services/database/packages.rs
Lines changed: 66 additions & 30 deletions
diff --git a/‎src/services/index/git.rs
Lines changed: 50 additions & 5 deletions b/‎src/services/index/git.rs
Lines changed: 50 additions & 5 deletions
diff --git a/‎src/services/index/mod.rs
Lines changed: 1 addition & 1 deletion b/‎src/services/index/mod.rs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/tests/mocks.rs
Lines changed: 5 additions & 1 deletion b/‎src/tests/mocks.rs
Lines changed: 5 additions & 1 deletion
@@ -435,14 +435,14 @@ impl Application {
         let package = CrateUploadData::new(content)?;
         let index_data = package.build_index_data();
 
-        let (user, result, targets, capabilities) = {
+        let (user, result, targets, capabilities, is_overwriting) = {
             let package = &package;
             self.db_transaction_write("publish_crate_version", |app| async move {
                 let authentication = app.authenticate(auth_data).await?;
                 authentication.check_can_write()?;
                 let user = app.database.get_user_profile(authentication.uid()?).await?;
                 // publish
-                let result = app.database.publish_crate_version(user.id, package).await?;
+                let (result, is_overwriting) = app.database.publish_crate_version(user.id, package).await?;
                 let mut targets = app.database.get_crate_targets(&package.metadata.name).await?;
                 if targets.is_empty() {
                     targets.push(CrateInfoTarget {
@@ -456,13 +456,13 @@ impl Application {
                         .await?;
                 }
                 let capabilities = app.database.get_crate_required_capabilities(&package.metadata.name).await?;
-                Ok::<_, ApiError>((user, result, targets, capabilities))
+                Ok::<_, ApiError>((user, result, targets, capabilities, is_overwriting))
             })
             .await
         }?;
 
         self.service_storage.store_crate(&package.metadata, package.content).await?;
-        self.service_index.publish_crate_version(&index_data).await?;
+        self.service_index.publish_crate_version(&index_data, is_overwriting).await?;
         for info in targets {
             self.service_docs_generator
                 .queue(
 
@@ -172,35 +172,54 @@ impl Database {
 
     /// Publish a crate
     #[allow(clippy::similar_names)]
-    pub async fn publish_crate_version(&self, uid: i64, package: &CrateUploadData) -> Result<CrateUploadResult, ApiError> {
-        let warnings = package.metadata.validate()?;
+    pub async fn publish_crate_version(
+        &self,
+        uid: i64,
+        package: &CrateUploadData,
+    ) -> Result<(CrateUploadResult, bool), ApiError> {
+        let mut warnings = package.metadata.validate()?;
         let lowercase = package.metadata.name.to_ascii_lowercase();
-        let row = sqlx::query!(
+
+        // get existing package and version data
+        let package_row = sqlx::query!(
+            "SELECT name, canOverwrite AS can_overwrite FROM Package WHERE lowercase = $1 LIMIT 1",
+            lowercase
+        )
+        .fetch_optional(&mut *self.transaction.borrow().await)
+        .await?;
+        let version_row = sqlx::query!(
             "SELECT upload FROM PackageVersion WHERE package = $1 AND version = $2 LIMIT 1",
             package.metadata.name,
             package.metadata.vers
         )
         .fetch_optional(&mut *self.transaction.borrow().await)
         .await?;
-        if let Some(row) = row {
-            return Err(specialize(
-                error_invalid_request(),
-                format!(
-                    "Package {} already exists in version {}, uploaded on {}",
-                    &package.metadata.name, &package.metadata.vers, row.upload
-                ),
-            ));
-        }
+
+        // check for previous version
+        let is_overwriting = if let Some(version_row) = version_row {
+            // has previous version
+            if package_row.as_ref().is_some_and(|r| !r.can_overwrite) {
+                // cannot overwrite
+                return Err(specialize(
+                    error_invalid_request(),
+                    format!(
+                        "Package {} already exists in version {}, uploaded on {}",
+                        &package.metadata.name, &package.metadata.vers, version_row.upload
+                    ),
+                ));
+            }
+            true
+        } else {
+            false
+        };
+
         // check whether the package already exists
-        let row = sqlx::query!("SELECT name FROM Package WHERE lowercase = $1 LIMIT 1", lowercase)
-            .fetch_optional(&mut *self.transaction.borrow().await)
-            .await?;
-        if let Some(row) = row {
+        if let Some(package_row) = package_row {
             // check this is the same package
-            if row.name != lowercase {
+            if package_row.name != lowercase {
                 return Err(specialize(
                     error_invalid_request(),
-                    format!("A package named {} already exists", row.name),
+                    format!("A package named {} already exists", package_row.name),
                 ));
             }
             // check the ownership
@@ -223,20 +242,37 @@ impl Database {
             .execute(&mut *self.transaction.borrow().await)
             .await?;
         }
+
         let now = Local::now().naive_local();
-        // create the version
         let description = package.metadata.description.as_ref().map_or("", String::as_str);
-        sqlx::query!(
-            "INSERT INTO PackageVersion (package, version, description, upload, uploadedBy, yanked, downloadCount, downloads, depsLastCheck, depsHasOutdated, depsHasCVEs) VALUES ($1, $2, $3, $4, $5, false, 0, NULL, 0, false, false)",
-            package.metadata.name,
-            package.metadata.vers,
-            description,
-            now,
-            uid,
-        )
-        .execute(&mut *self.transaction.borrow().await)
-        .await?;
-        Ok(warnings)
+        if is_overwriting {
+            // update the version
+            sqlx::query!("UPDATE PackageVersion SET description = $3, upload = $4, uploadedBy = $5, yanked = FALSE, depsLastCheck = 0, depsHasOutdated = FALSE, depsHasCVEs = 0 WHERE package = $1 AND version = $2",
+                package.metadata.name,
+                package.metadata.vers,
+                description,
+                now,
+                uid
+            ).execute(&mut *self.transaction.borrow().await)
+            .await?;
+            warnings
+                .warnings
+                .other
+                .push(format!("overwriting existing version {}", package.metadata.vers));
+        } else {
+            // create the version
+            sqlx::query!(
+                "INSERT INTO PackageVersion (package, version, description, upload, uploadedBy, yanked, downloadCount, downloads, depsLastCheck, depsHasOutdated, depsHasCVEs) VALUES ($1, $2, $3, $4, $5, false, 0, NULL, 0, false, false)",
+                package.metadata.name,
+                package.metadata.vers,
+                description,
+                now,
+                uid,
+            )
+            .execute(&mut *self.transaction.borrow().await)
+            .await?;
+        }
+        Ok((warnings, is_overwriting))
     }
 
     /// Yank a crate version
 
@@ -45,8 +45,8 @@ impl Index for GitIndex {
         Box::pin(async move { self.inner.lock().await.get_upload_pack_for(input).await })
     }
 
-    fn publish_crate_version<'a>(&'a self, metadata: &'a IndexCrateMetadata) -> FaillibleFuture<'a, ()> {
-        Box::pin(async move { self.inner.lock().await.publish_crate_version(metadata).await })
+    fn publish_crate_version<'a>(&'a self, metadata: &'a IndexCrateMetadata, is_overwriting: bool) -> FaillibleFuture<'a, ()> {
+        Box::pin(async move { self.inner.lock().await.publish_crate_version(metadata, is_overwriting).await })
     }
 
     fn get_crate_data<'a>(&'a self, package: &'a str) -> FaillibleFuture<'a, Vec<IndexCrateMetadata>> {
@@ -203,12 +203,16 @@ impl GitIndexImpl {
     }
 
     /// Publish a new version for a crate
-    async fn publish_crate_version(&self, metadata: &IndexCrateMetadata) -> Result<(), ApiError> {
+    async fn publish_crate_version(&self, metadata: &IndexCrateMetadata, is_overwriting: bool) -> Result<(), ApiError> {
         let file_name = build_package_file_path(PathBuf::from(&self.config.location), &metadata.name);
         create_dir_all(file_name.parent().unwrap()).await?;
         let buffer = serde_json::to_vec(metadata)?;
         // write to package file
-        {
+        if is_overwriting {
+            // replace the metadata
+            Self::publish_crate_version_replace(&file_name, metadata).await?;
+        } else {
+            // append the metadata at the end
             let mut file = OpenOptions::new().create(true).append(true).open(file_name).await?;
             file.write_all(&buffer).await?;
             file.write_all(&[0x0A]).await?; // add line end
@@ -217,7 +221,12 @@ impl GitIndexImpl {
         }
         // commit and update
         let location = PathBuf::from(&self.config.location);
-        let message = format!("Publish {}:{}", &metadata.name, &metadata.vers);
+        let message = format!(
+            "Publish{} {}:{}",
+            if is_overwriting { " (overwriting)" } else { "" },
+            &metadata.name,
+            &metadata.vers
+        );
         execute_git(&location, &["add", "."]).await?;
         execute_git(&location, &["commit", "-m", &message]).await?;
         execute_git(&location, &["update-server-info"]).await?;
@@ -245,4 +254,40 @@ impl GitIndexImpl {
         }
         Ok(results)
     }
+
+    /// Replaces the metadata for a version in a file
+    async fn publish_crate_version_replace(file_name: &Path, metadata: &IndexCrateMetadata) -> Result<(), ApiError> {
+        // get the existing versions
+        let mut versions = {
+            // expect the file to be present
+            let file = OpenOptions::new().read(true).open(file_name).await?;
+            let reader = BufReader::new(file);
+            let mut lines = reader.lines();
+            let mut versions = Vec::new();
+            while let Some(line) = lines.next_line().await? {
+                versions.push(serde_json::from_str::<IndexCrateMetadata>(&line)?);
+            }
+            versions
+        };
+        // replace old with the new version
+        let index = versions.iter().position(|e| e.vers == metadata.vers).ok_or_else(|| {
+            specialize(
+                error_not_found(),
+                format!("could not find previous version {}", metadata.vers),
+            )
+        })?;
+        versions[index] = metadata.clone();
+        // write back
+        {
+            let mut file = OpenOptions::new().write(true).truncate(true).open(file_name).await?;
+            for version in versions {
+                let buffer = serde_json::to_vec(&version)?;
+                file.write_all(&buffer).await?;
+                file.write_all(&[0x0A]).await?; // add line end
+            }
+            file.flush().await?;
+            file.sync_all().await?;
+        }
+        Ok(())
+    }
 }
@@ -26,7 +26,7 @@ pub trait Index {
     fn get_upload_pack_for<'a>(&'a self, input: &'a [u8]) -> FaillibleFuture<'a, Vec<u8>>;
 
     /// Publish a new version for a crate
-    fn publish_crate_version<'a>(&'a self, metadata: &'a IndexCrateMetadata) -> FaillibleFuture<'a, ()>;
+    fn publish_crate_version<'a>(&'a self, metadata: &'a IndexCrateMetadata, is_overwriting: bool) -> FaillibleFuture<'a, ()>;
 
     ///  Gets the data for a crate
     fn get_crate_data<'a>(&'a self, package: &'a str) -> FaillibleFuture<'a, Vec<IndexCrateMetadata>>;
 
@@ -96,7 +96,11 @@ impl Index for MockService {
         resolved_default()
     }
 
-    fn publish_crate_version<'a>(&'a self, _metadata: &'a IndexCrateMetadata) -> FaillibleFuture<'a, ()> {
+    fn publish_crate_version<'a>(
+        &'a self,
+        _metadata: &'a IndexCrateMetadata,
+        _is_overwriting: bool,
+    ) -> FaillibleFuture<'a, ()> {
         resolved_default()
     }
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,11 @@ impl Index for MockService {`
`96`	`96`	`resolved_default()`
`97`	`97`	`}`
`98`	`98`
`99`		`- fn publish_crate_version<'a>(&'a self, _metadata: &'a IndexCrateMetadata) -> FaillibleFuture<'a, ()> {`
	`99`	`+ fn publish_crate_version<'a>(`
	`100`	`+ &'a self,`
	`101`	`+ _metadata: &'a IndexCrateMetadata,`
	`102`	`+ _is_overwriting: bool,`
	`103`	`+ ) -> FaillibleFuture<'a, ()> {`
`100`	`104`	`resolved_default()`
`101`	`105`	`}`
`102`	`106`