Cargo registry:
- Sparse index with config.json, prefix-based lookup (1/2/3/4+ char rules)
- cargo publish wire format (LE u32 lengths + JSON metadata + tarball)
- Version immutability with Cargo-compatible JSON error responses
- Dependency field mapping (version_req->req, explicit_name_in_toml->package)
- Case-insensitive crate name normalization across all endpoints
- Cache-Control headers on index (max-age=300) and downloads (immutable)
PyPI registry:
- twine upload via multipart/form-data with SHA-256 verification
- PEP 691 JSON API with Accept header content negotiation
- Hash fragment preservation in proxied links (PEP 503)
- Package name normalization per PEP 503
577 tests (up from 504), 0 failures, clippy clean.
detect_registry() in metrics.rs was missing branches for /go/ and /raw/
paths, causing all requests to those registries to be labeled "other" in
Prometheus metrics. dashboard_metrics.rs already lists all seven
registries, so this was an oversight.
Also adds go and raw fields to RegistriesHealth so the /health endpoint
reports all seven registries consistently.
Fixes the test_detect_registry_go_path test which previously asserted
the wrong behavior ("other" instead of "go"), and adds tests for raw
path detection and prefix collision safety.
// ticktockbent
Co-authored-by: DevITWay | Pavel Volkov <devitway@gmail.com>
Rate limits now configurable via config.toml and ENV variables:
- New [rate_limit] config section with auth/upload/general settings
- ENV: NORA_RATE_LIMIT_{AUTH|UPLOAD|GENERAL}_{RPS|BURST}
- Rate limit configuration logged at startup
- Functions accept &RateLimitConfig instead of hardcoded values
