search

ethpm / py-ethpm

This library is deprecated. ethPM python tooling is now located in web3.py
MIT License
24 stars 13 forks source link

Write registry uri validation utils #45

Closed njgheorghita closed 6 years ago

njgheorghita commented 6 years ago

What was wrong?

Fetching a manifest content-addressed URI from a package requires a registry URI scheme. These are the utils to validate whether or not a URI has been properly formatted.

How was it fixed?

A lot of the rules imposed here are followed by convention set by the dependent libraries. i.e.

Cute Animal Picture

image

davesque commented 6 years ago

scheme://package-name@authority/version scheme://package-name@authority?version=version (less easy to type out by hand because of query parameter escaping) scheme://authority/package-name?version=version (less easy to type out by hand because of query parameter escaping)

The only alternative option I really want to get behind is the third one, which has the version as a query param. The others seem to violate the generic syntax conventions of URIs and place non-auth data in the "userinfo" component (https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Generic_syntax).

The query param option seems maybe the most correct since a version number really does act like a filter. Although that sort of implies that you'd specify version ranges with something like this:

scheme://authority/<package-name>?version_gte=1.0.2&version_lt=2

Otherwise, you'd end up with something pretty ugly when you try to encode a version range in a single param:

scheme://authority/<package-name>?version=%3E%3D1.0.2%2C%3C2

">=1.0.2,<2" is "%3E%3D1.0.2%2C%3C2" when URI encoded

Would it make sense to say that the URI just doesn't include any version information? Then, it would be up to the package library to figure out what version you want:

pkg = w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter', '1.0.0')
pkg = w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter', '>=1.0.2,<2')
njgheorghita commented 6 years ago

I'm a fan of enforcing versions to be submitted as params (not crazy about the param names (i.e. version_gte,version_lt, ...) but I can't think of anything better.

scheme://authority/package-name?version_gte=1.0.2&version_lt=2

Would it make sense to say that the URI just doesn't include any version information?

I'm not sure about this - I feel like i might want to be able to copy&paste a URI and send it to somebody and be sure it's resolving to the right package - so i'd like to see all the data contained in the URI.

pipermerriam commented 6 years ago

We could support both.

# we pick one of these as shorthand
w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter', params={'version': '>=1.0.2,<2'})
w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter', version='>=1.0.2,<2')
w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter', '>=1.0.2,<2')

# which ends up equivalent to
w3.pm.get_package_from_uri('ens://packages.ethereum.eth/greeter?version=%3E%3D1.0.2%2C%3C2`)

That should be very easy to both support and validate.