Staging instance, all changes can be removed at any time

Skip to content

api_raw_object: Apply mailmaps and remove auth restriction

vlorentz requested to merge raw-api into master

This endpoint bypassed mailmaps in order to return the original raw object to the IPFS bridge.

This information is privileged, hence the special permission required to return it. However, we do not want to want to return objects without their display names to the bridge either, so this is a moot.

Instead, this returns the object with mailmaps/display names applied. This means checksums won't match, making the IPFS bridge (or client?) error when they check it. This isn't great, but better than displaying private information. And IPFS bridge/clients need to support objects not matching their checksums anyway, because we have plenty of those.

As a consequence, the permission is no longer required, because this only returns public data, now.

The swh.web.api.raw_object had a secondary effect: removing throttling on this endpoint. This effect is removed; regular throttle scopes should be used instead (this endpoint's scope is swh_raw_object).

If we need to return objects without mailmaps applied in the future, we could introduce a parameter to this endpoint (gated behind a similar permission)

Required by https://gitlab.softwareheritage.org/swh/infra/sysadm-environment/-/issues/4850

Edited by vlorentz

Merge request reports

Loading