github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

404 when viewing npm packages #9674

New Issue
Closed
opened 2025-11-02 08:46:17 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-02 08:46:17 -06:00
Owner
Copy Link

Originally created by @hendrikbl on GitHub (Oct 11, 2022).

Description

After publishing a scoped npm package to gitea, it appears in the list of the organization but when I click on the package to assign it to a repository, I get an 404 not found page.

I investigated the logs a little bit and found the sql query when clicking the package:

SELECT * FROM `package_version` INNER JOIN `package` ON package.id = package_version.package_id WHERE package_version.is_internal=? AND package.owner_id=? AND package.type=? AND package.lower_name=? AND package_version.lower_version=? ORDER BY `package_version`.`created_unix` DESC LIMIT 1 [false 13 npm @test%2ften-forty-six 1.3.1]

The / in the package name is escaped. When I run this exact query directly on my sql server, I get 0 results. Only when not escaping the / I get a result. So this is propably a configuration or database problem?

I'm not sure if it's only escaped in the logs or if that even makes a difference on the go side of things.

I'm not allowed to publish anything on try.gitea so i can't check if the problem occurs there but I guess someone would have notices this by now.

Gitea Version

1.17.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.27.0

Operating System

Debian Stretch

How are you running Gitea?

I'm using the prbuild binary and set everything up following the docks From binary and Linux service.

Database

MySQL

Originally created by @hendrikbl on GitHub (Oct 11, 2022). ### Description After publishing a scoped npm package to gitea, it appears in the list of the organization but when I click on the package to assign it to a repository, I get an 404 not found page. I investigated the logs a little bit and found the sql query when clicking the package: ``` SELECT * FROM `package_version` INNER JOIN `package` ON package.id = package_version.package_id WHERE package_version.is_internal=? AND package.owner_id=? AND package.type=? AND package.lower_name=? AND package_version.lower_version=? ORDER BY `package_version`.`created_unix` DESC LIMIT 1 [false 13 npm @test%2ften-forty-six 1.3.1] ``` The `/` in the package name is escaped. When I run this exact query directly on my sql server, I get 0 results. Only when not escaping the `/` I get a result. So this is propably a configuration or database problem? I'm not sure if it's only escaped in the logs or if that even makes a difference on the go side of things. I'm not allowed to publish anything on try.gitea so i can't check if the problem occurs there but I guess someone would have notices this by now. ### Gitea Version 1.17.2 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version 2.27.0 ### Operating System Debian Stretch ### How are you running Gitea? I'm using the prbuild binary and set everything up following the docks `From binary` and `Linux service`. ### Database MySQL
GiteaMirror added the topic/packagesissue/needs-feedback labels 2025-11-02 08:46:17 -06:00
GiteaMirror commented 2025-11-02 08:46:18 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Oct 11, 2022):

If it's not cased by the reversed proxy, then it might be a bug on Gitea side.

@wxiaoguang commented on GitHub (Oct 11, 2022): * https://github.com/go-gitea/gitea/issues/21093 * https://github.com/go-gitea/gitea/issues/20890 ---- If it's not cased by the reversed proxy, then it might be a bug on Gitea side.
GiteaMirror commented 2025-11-02 08:46:18 -06:00
Author
Owner
Copy Link

@hendrikbl commented on GitHub (Oct 11, 2022):

This doesn't seem to be the issue. I get a 404 response from gitea with content. I would expect a 404 from apache if yout linked issues would be the problem. Or am I missing something?

git-error

@hendrikbl commented on GitHub (Oct 11, 2022): This doesn't seem to be the issue. I get a 404 response from gitea with content. I would expect a 404 from apache if yout linked issues would be the problem. Or am I missing something? ![git-error](https://user-images.githubusercontent.com/9558391/195026661-8d69ca24-1fb2-4134-9653-c3b25a97ac11.png)
GiteaMirror commented 2025-11-02 08:46:18 -06:00
Author
Owner
Copy Link

@KN4CK3R commented on GitHub (Oct 11, 2022):

The tests use a name with a slash:
c540ee08d3/tests/integration/api_packages_npm_test.go (L32)

And the swagger call works too on my end:
grafik

So it must be your setup. What reverse proxy do you use?

@KN4CK3R commented on GitHub (Oct 11, 2022): The tests use a name with a slash: https://github.com/go-gitea/gitea/blob/c540ee08d322c5de41c014330434351fbd885d74/tests/integration/api_packages_npm_test.go#L32 And the swagger call works too on my end: ![grafik](https://user-images.githubusercontent.com/1666336/195032486-3ca477aa-54b2-4593-bce7-8295f3ad4608.png) So it must be your setup. What reverse proxy do you use?
GiteaMirror commented 2025-11-02 08:46:19 -06:00
Author
Owner
Copy Link

@hendrikbl commented on GitHub (Oct 11, 2022):

I'm using apache as a reverse proxy and just found the solution.

I've set up my reverse proxy as follows:

   AllowEncodedSlashes NoDecode

    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass / https://server:3000/ nocanon <--- here
    ProxyPassReverse / https://server:3000/ nocanon <--- and here

What I was missing was the nocanon to pass the raw url through the proxy.

Thank you for looking into it even if I was beeing a dummy :)

@hendrikbl commented on GitHub (Oct 11, 2022): I'm using apache as a reverse proxy and just found the solution. I've set up my reverse proxy as follows: ``` AllowEncodedSlashes NoDecode SSLProxyEngine On ProxyPreserveHost On ProxyRequests off ProxyPass / https://server:3000/ nocanon <--- here ProxyPassReverse / https://server:3000/ nocanon <--- and here ``` What I was missing was the `nocanon` to pass the raw url through the proxy. Thank you for looking into it even if I was beeing a dummy :)
GiteaMirror commented 2025-11-02 08:46:19 -06:00
Author
Owner
Copy Link

@lenaschimmel commented on GitHub (Feb 7, 2023):

FYI, if you experience the same problem, but your reverse proxy is not Apache but nginx, the common solution is to change proxy_pass http://server:3000/; to proxy_pass http://server:3000; (note the removed slash at the end), as this makes the difference between "with a URI" and "without a URI" in the terms of the nginx proxy_pass documentation.

@lenaschimmel commented on GitHub (Feb 7, 2023): FYI, if you experience the same problem, but your reverse proxy is **not Apache but nginx**, the common solution is to change `proxy_pass http://server:3000/;` to `proxy_pass http://server:3000;` (note the removed slash at the end), as this makes the difference between "with a URI" and "without a URI" in the terms of the [nginx proxy_pass documentation](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback topic/packages
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9674
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?