Add read only mode (loic-sharma#236)

Author: loic-sharma

src/BaGet.Core.Server/Controllers/PackagePublishController.cs

@@ -1,10 +1,12 @@
 using System;
 using System.Threading;
 using System.Threading.Tasks;
+using BaGet.Core.Configuration;
 using BaGet.Core.Services;
 using BaGet.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using NuGet.Versioning;
 
 namespace BaGet.Controllers
@@ -15,26 +17,30 @@ public class PackagePublishController : Controller
         private readonly IPackageIndexingService _indexer;
         private readonly IPackageService _packages;
         private readonly IPackageDeletionService _deleteService;
+        private readonly IOptionsSnapshot<BaGetOptions> _options;
         private readonly ILogger<PackagePublishController> _logger;
 
         public PackagePublishController(
             IAuthenticationService authentication,
             IPackageIndexingService indexer,
             IPackageService packages,
             IPackageDeletionService deletionService,
+            IOptionsSnapshot<BaGetOptions> options,
             ILogger<PackagePublishController> logger)
         {
             _authentication = authentication ?? throw new ArgumentNullException(nameof(authentication));
             _indexer = indexer ?? throw new ArgumentNullException(nameof(indexer));
             _packages = packages ?? throw new ArgumentNullException(nameof(packages));
             _deleteService = deletionService ?? throw new ArgumentNullException(nameof(deletionService));
+            _options = options ?? throw new ArgumentNullException(nameof(options));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
         // See: https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#push-a-package
         public async Task Upload(CancellationToken cancellationToken)
         {
-            if (!await _authentication.AuthenticateAsync(Request.GetApiKey()))
+            if (_options.Value.IsReadOnlyMode ||
+                !await _authentication.AuthenticateAsync(Request.GetApiKey()))
             {
                 HttpContext.Response.StatusCode = 401;
                 return;
@@ -79,6 +85,11 @@ public async Task Upload(CancellationToken cancellationToken)
         [HttpDelete]
         public async Task<IActionResult> Delete(string id, string version, CancellationToken cancellationToken)
         {
+            if (_options.Value.IsReadOnlyMode)
+            {
+                return Unauthorized();
+            }
+
             if (!NuGetVersion.TryParse(version, out var nugetVersion))
             {
                 return NotFound();
@@ -102,6 +113,11 @@ public async Task<IActionResult> Delete(string id, string version, CancellationT
         [HttpPost]
         public async Task<IActionResult> Relist(string id, string version)
         {
+            if (_options.Value.IsReadOnlyMode)
+            {
+                return Unauthorized();
+            }
+
             if (!NuGetVersion.TryParse(version, out var nugetVersion))
             {
                 return NotFound();

src/BaGet.Core.Server/Controllers/SymbolController.cs

@@ -1,10 +1,12 @@
-using System;
+using System;
 using System.Threading;
 using System.Threading.Tasks;
+using BaGet.Core.Configuration;
 using BaGet.Core.Services;
 using BaGet.Extensions;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace BaGet.Controllers
 {
@@ -13,24 +15,27 @@ public class SymbolController : Controller
         private readonly IAuthenticationService _authentication;
         private readonly ISymbolIndexingService _indexer;
         private readonly ISymbolStorageService _storage;
+        private readonly IOptionsSnapshot<BaGetOptions> _options;
         private readonly ILogger<SymbolController> _logger;
 
         public SymbolController(
             IAuthenticationService authentication,
             ISymbolIndexingService indexer,
             ISymbolStorageService storage,
+            IOptionsSnapshot<BaGetOptions> options,
             ILogger<SymbolController> logger)
         {
             _authentication = authentication ?? throw new ArgumentNullException(nameof(authentication));
             _indexer = indexer ?? throw new ArgumentNullException(nameof(indexer));
             _storage = storage ?? throw new ArgumentNullException(nameof(storage));
+            _options = options ?? throw new ArgumentNullException(nameof(options));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
         // See: https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#push-a-package
         public async Task Upload(CancellationToken cancellationToken)
         {
-            if (!await _authentication.AuthenticateAsync(Request.GetApiKey()))
+            if (_options.Value.IsReadOnlyMode || !await _authentication.AuthenticateAsync(Request.GetApiKey()))
             {
                 HttpContext.Response.StatusCode = 401;
                 return;

src/BaGet.Core/Configuration/BaGetOptions.cs

@@ -32,6 +32,11 @@ public class BaGetOptions
         /// </summary>
         public bool AllowPackageOverwrites { get; set; } = false;
 
+        /// <summary>
+        /// If true, disables package pushing, deleting, and relisting.
+        /// </summary>
+        public bool IsReadOnlyMode { get; set; } = false;
+
         [Required]
         public DatabaseOptions Database { get; set; }