Update API endpoints for raw files

changelogs/unreleased/issue_16834.yml

+---
+title: Update API endpoints for raw files
+merge_request:
+author:

doc/api/repositories.md

@@ -72,10 +72,11 @@ Parameters:
 ]
 ```
 
-## Raw file content
+## Get file from repository
 
-Get the raw file contents for a file by commit SHA and path. This endpoint can
-be accessed without authentication if the repository is publicly accessible.
+Allows you to receive information about file in repository like size and
+content. Note that file content is Base64 encoded. This endpoint can be accessed
+without authentication if the repository is publicly accessible.
 
 ```
 GET /projects/:id/repository/blobs/:sha
@@ -85,7 +86,6 @@ Parameters:
 
 - `id` (required) - The ID of a project
 - `sha` (required) - The commit or branch name
-- `filepath` (required) - The path the file
 
 ## Raw blob content
 
@@ -93,7 +93,7 @@ Get the raw file contents for a blob by blob SHA. This endpoint can be accessed
 without authentication if the repository is publicly accessible.
 
 ```
-GET /projects/:id/repository/raw_blobs/:sha
+GET /projects/:id/repository/blobs/:sha/raw
 ```
 
 Parameters:

doc/api/repository_files.md

@@ -11,11 +11,11 @@ content. Note that file content is Base64 encoded. This endpoint can be accessed
 without authentication if the repository is publicly accessible.
 
 ```
-GET /projects/:id/repository/files
+GET /projects/:id/repository/files/:file_path
 ```
 
 ```bash
-curl --request GET --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files?file_path=app/models/key.rb&ref=master'
+curl --request GET --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb?ref=master'
 ```
 
 Example response:
@@ -36,17 +36,32 @@ Example response:
 
 Parameters:
 
-- `file_path` (required) - Full path to new file. Ex. lib/class.rb
+- `file_path` (required) - Url encoded full path to new file. Ex. lib%2Fclass%2Erb
+- `ref` (required) - The name of branch, tag or commit
+
+## Get raw file from repository
+
+```
+GET /projects/:id/repository/files/:file_path/raw
+```
+
+```bash
+curl --request GET --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files/app%2Fmodels%2Fkey%2Erb/raw?ref=master'
+```
+
+Parameters:
+
+- `file_path` (required) - Url encoded full path to new file. Ex. lib%2Fclass%2Erb
 - `ref` (required) - The name of branch, tag or commit
 
 ## Create new file in repository
 
 ```
-POST /projects/:id/repository/files
+POST /projects/:id/repository/files/:file_path
 ```
 
 ```bash
-curl --request POST --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files?file_path=app/project.rb&branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&content=some%20content&commit_message=create%20a%20new%20file'
+curl --request POST --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/app%2Fprojectrb%2E?branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&content=some%20content&commit_message=create%20a%20new%20file'
 ```
 
 Example response:
@@ -60,7 +75,7 @@ Example response:
 
 Parameters:
 
-- `file_path` (required) - Full path to new file. Ex. lib/class.rb
+- `file_path` (required) - Url encoded full path to new file. Ex. lib%2Fclass%2Erb
 - `branch` (required) - The name of branch
 - `encoding` (optional) - Change encoding to 'base64'. Default is text.
 - `author_email` (optional) - Specify the commit author's email address
@@ -71,11 +86,11 @@ Parameters:
 ## Update existing file in repository
 
 ```
-PUT /projects/:id/repository/files
+PUT /projects/:id/repository/files/:file_path
 ```
 
 ```bash
-curl --request PUT --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files?file_path=app/project.rb&branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&content=some%20other%20content&commit_message=update%20file'
+curl --request PUT --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/app%2Fproject%2Erb?branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&content=some%20other%20content&commit_message=update%20file'
 ```
 
 Example response:
@@ -89,7 +104,7 @@ Example response:
 
 Parameters:
 
-- `file_path` (required) - Full path to file. Ex. lib/class.rb
+- `file_path` (required) - Url encoded full path to new file. Ex. lib%2Fclass%2Erb
 - `branch` (required) - The name of branch
 - `encoding` (optional) - Change encoding to 'base64'. Default is text.
 - `author_email` (optional) - Specify the commit author's email address
@@ -109,11 +124,11 @@ Currently gitlab-shell has a boolean return code, preventing GitLab from specify
 ## Delete existing file in repository
 
 ```
-DELETE /projects/:id/repository/files
+DELETE /projects/:id/repository/files/:file_path
 ```
 
 ```bash
-curl --request DELETE --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/files?file_path=app/project.rb&branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&commit_message=delete%20file'
+curl --request DELETE --header 'PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK' 'https://gitlab.example.com/api/v4/projects/13083/repository/app%2Fproject%2Erb?branch=master&author_email=author%40example.com&author_name=Firstname%20Lastname&commit_message=delete%20file'
 ```
 
 Example response:
@@ -127,7 +142,7 @@ Example response:
 
 Parameters:
 
-- `file_path` (required) - Full path to file. Ex. lib/class.rb
+- `file_path` (required) - Url encoded full path to new file. Ex. lib%2Fclass%2Erb
 - `branch` (required) - The name of branch
 - `author_email` (optional) - Specify the commit author's email address
 - `author_name` (optional) - Specify the commit author's name

doc/api/v3_to_v4.md

@@ -71,3 +71,7 @@ changes are in V4:
 - Simplify project payload exposed on Environment endpoints [!9675](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9675)
 - API uses merge request `IID`s (internal ID, as in the web UI) rather than `ID`s. This affects the merge requests, award emoji, todos, and time tracking APIs. [!9530](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9530)
 - API uses issue `IID`s (internal ID, as in the web UI) rather than `ID`s. This affects the issues, award emoji, todos, and time tracking APIs. [!9530](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9530)
+- Update endpoints for repository files [!9637](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9637)
+  - Moved `/projects/:id/repository/files` to `/projects/:id/repository/files/:filepath` (`:filepath` should be URL-encoded)
+  - Moved `/projects/:id/repository/blobs/:sha` to `/projects/:id/repository/files/:filepath/raw`
+  - Moved `/projects/:id/repository/raw_blobs/:sha` to `/projects/:id/repository/blobs/:sha/raw`

lib/api/files.rb

@@ -14,6 +14,19 @@ module API
         }
       end
 
+      def assign_file_vars!
+        @commit = user_project.commit(params[:ref])
+        not_found!('Commit') unless @commit
+
+        @repo      = user_project.repository
+        @file_path = params[:file_path]
+        @file_path = [params[:file_path], params[:format]].join('.') if params[:format].present?
+        @blob      = @repo.blob_at(@commit.sha, @file_path)
+
+        not_found!('File') unless @blob
+        @blob.load_all_data!(@repo)
+      end
+
       def commit_response(attrs)
         {
           file_path: attrs[:file_path],
@@ -22,7 +35,7 @@ module API
       end
 
       params :simple_file_params do
-        requires :file_path, type: String, desc: 'The path to new file. Ex. lib/class.rb'
+        requires :file_path, type: String, desc: 'The path to the file. Ex. lib/class.rb'
         requires :branch, type: String, desc: 'The name of branch'
         requires :commit_message, type: String, desc: 'Commit Message'
         optional :author_email, type: String, desc: 'The email of the author'
@@ -40,34 +53,41 @@ module API
       requires :id, type: String, desc: 'The project ID'
     end
     resource :projects do
-      desc 'Get a file from repository'
+      desc 'Get a file from repository in raw format'
       params do
-        requires :file_path, type: String, desc: 'The path to the file. Ex. lib/class.rb'
         requires :ref, type: String, desc: 'The name of branch, tag, or commit'
       end
-      get ":id/repository/files" do
+      get ":id/repository/files/:file_path/raw" do
         authorize! :download_code, user_project
 
-        commit = user_project.commit(params[:ref])
-        not_found!('Commit') unless commit
+        assign_file_vars!
+
+        status(200)
+
+        send_git_blob @repo, @blob
+      end
+
+      desc 'Get a file from repository in base64 format'
+      params do
+        requires :ref, type: String, desc: 'The name of branch, tag, or commit'
+      end
+      get ":id/repository/files/:file_path" do
+        authorize! :download_code, user_project
 
-        repo = user_project.repository
-        blob = repo.blob_at(commit.sha, params[:file_path])
-        not_found!('File') unless blob
+        assign_file_vars!
 
-        blob.load_all_data!(repo)
         status(200)
 
         {
-          file_name: blob.name,
-          file_path: blob.path,
-          size: blob.size,
+          file_name: @blob.name,
+          file_path: @blob.path,
+          size: @blob.size,
           encoding: "base64",
-          content: Base64.strict_encode64(blob.data),
+          content: Base64.strict_encode64(@blob.data),
           ref: params[:ref],
-          blob_id: blob.id,
-          commit_id: commit.id,
-          last_commit_id: repo.last_commit_id_for_path(commit.sha, params[:file_path])
+          blob_id: @blob.id,
+          commit_id: @commit.id,
+          last_commit_id: @repo.last_commit_id_for_path(@commit.sha, @file_path)
         }
       end
 
@@ -75,7 +95,7 @@ module API
       params do
         use :extended_file_params
       end
-      post ":id/repository/files" do
+      post ":id/repository/files/:file_path", requirements: { file_path: /.+/ } do
         authorize! :push_code, user_project
 
         file_params = declared_params(include_missing: false)
@@ -93,7 +113,7 @@ module API
       params do
         use :extended_file_params
       end
-      put ":id/repository/files" do
+      put ":id/repository/files/:file_path", requirements: { file_path: /.+/ } do
         authorize! :push_code, user_project
 
         file_params = declared_params(include_missing: false)
@@ -112,7 +132,7 @@ module API
       params do
         use :simple_file_params
       end
-      delete ":id/repository/files" do
+      delete ":id/repository/files/:file_path", requirements: { file_path: /.+/ } do
         authorize! :push_code, user_project
 
         file_params = declared_params(include_missing: false)

lib/api/repositories.rb

@@ -17,6 +17,18 @@ module API
           end
           not_found!
         end
+
+        def assign_blob_vars!
+          @repo = user_project.repository
+
+          begin
+            @blob = Gitlab::Git::Blob.raw(@repo, params[:sha])
+          rescue
+            not_found! 'Blob'
+          end
+
+          not_found! 'Blob' unless @blob
+        end
       end
 
       desc 'Get a project repository tree' do
@@ -45,7 +57,7 @@ module API
         requires :sha, type: String, desc: 'The commit, branch name, or tag name'
         requires :filepath, type: String, desc: 'The path to the file to display'
       end
-      get [":id/repository/blobs/:sha", ":id/repository/commits/:sha/blob"] do
+      get ":id/repository/commits/:sha/blob" do
         repo = user_project.repository
 
         commit = repo.commit(params[:sha])
@@ -57,22 +69,33 @@ module API
         send_git_blob repo, blob
       end
 
-      desc 'Get a raw blob contents by blob sha'
+      desc 'Get raw blob by sha'
       params do
         requires :sha, type: String, desc: 'The commit, branch name, or tag name'
       end
-      get ':id/repository/raw_blobs/:sha' do
-        repo = user_project.repository
+      get ':id/repository/blobs/:sha/:raw' do
+        assign_blob_vars!
 
-        begin
-          blob = Gitlab::Git::Blob.raw(repo, params[:sha])
-        rescue
-          not_found! 'Blob'
+        status(200)
+
+        send_git_blob @repo, @blob
       end
 
-        not_found! 'Blob' unless blob
+      desc 'Get blob base4 encoded content by sha'
+      params do
+        requires :sha, type: String, desc: 'The commit, branch name, or tag name'
+      end
+      get ':id/repository/blobs/:sha' do
+        assign_blob_vars!
 
-        send_git_blob repo, blob
+        status(200)
+
+        {
+          size: @blob.size,
+          encoding: "base64",
+          content: Base64.strict_encode64(@blob.data),
+          sha: @blob.id
+        }
       end
 
       desc 'Get an archive of the repository'

spec/requests/api/files_spec.rb

@@ -5,10 +5,9 @@ describe API::Files, api: true  do
   let(:user) { create(:user) }
   let!(:project) { create(:project, :repository, namespace: user.namespace ) }
   let(:guest) { create(:user) { |u| project.add_guest(u) } }
-  let(:file_path) { 'files/ruby/popen.rb' }
+  let(:file_path) { "files%2Fruby%2Fpopen%2Erb" }
   let(:params) do
     {
-      file_path: file_path,
       ref: 'master'
     }
   end
@@ -30,36 +29,42 @@ describe API::Files, api: true  do
 
   before { project.team << [user, :developer] }
 
-  describe "GET /projects/:id/repository/files" do
-    let(:route) { "/projects/#{project.id}/repository/files" }
+  def route(file_path = nil)
+    "/projects/#{project.id}/repository/files/#{file_path}"
+  end
 
+  describe "GET /projects/:id/repository/files/:file_path" do
     shared_examples_for 'repository files' do
-      it "returns file info" do
-        get api(route, current_user), params
+      it 'returns file attributes as json' do
+        get api(route(file_path), current_user), params
 
         expect(response).to have_http_status(200)
-        expect(json_response['file_path']).to eq(file_path)
+        expect(json_response['file_path']).to eq(CGI.unescape(file_path))
         expect(json_response['file_name']).to eq('popen.rb')
         expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
         expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
       end
 
-      context 'when no params are given' do
+      it 'returns raw file info' do
+        url = route(file_path) + "/raw"
+        expect(Gitlab::Workhorse).to receive(:send_git_blob)
+
+        get api(url, current_user), params
+
+        expect(response).to have_http_status(200)
+      end
+
+      context 'when mandatory params are not given' do
         it_behaves_like '400 response' do
-          let(:request) { get api(route, current_user) }
+          let(:request) { get api(route("any%2Ffile"), current_user) }
         end
       end
 
       context 'when file_path does not exist' do
-        let(:params) do
-          {
-            file_path: 'app/models/application.rb',
-            ref: 'master',
-          }
-        end
+        let(:params) { { ref: 'master' } }
 
         it_behaves_like '404 response' do
-          let(:request) { get api(route, current_user), params }
+          let(:request) { get api(route('app%2Fmodels%2Fapplication%2Erb'), current_user), params }
           let(:message) { '404 File Not Found' }
         end
       end
@@ -68,7 +73,7 @@ describe API::Files, api: true  do
         include_context 'disabled repository'
 
         it_behaves_like '403 response' do
-          let(:request) { get api(route, current_user), params }
+          let(:request) { get api(route(file_path), current_user), params }
         end
       end
     end
@@ -82,7 +87,7 @@ describe API::Files, api: true  do
 
     context 'when unauthenticated', 'and project is private' do
       it_behaves_like '404 response' do
-        let(:request) { get api(route), params }
+        let(:request) { get api(route(file_path)), params }
         let(:message) { '404 Project Not Found' }
       end
     end
@@ -95,33 +100,95 @@ describe API::Files, api: true  do
 
     context 'when authenticated', 'as a guest' do
       it_behaves_like '403 response' do
-        let(:request) { get api(route, guest), params }
+        let(:request) { get api(route(file_path), guest), params }
+      end
+    end
+  end
+
+  describe "GET /projects/:id/repository/files/:file_path/raw" do
+    shared_examples_for 'repository raw files' do
+      it 'returns raw file info' do
+        url = route(file_path) + "/raw"
+        expect(Gitlab::Workhorse).to receive(:send_git_blob)
+
+        get api(url, current_user), params
+
+        expect(response).to have_http_status(200)
+      end
+
+      context 'when mandatory params are not given' do
+        it_behaves_like '400 response' do
+          let(:request) { get api(route("any%2Ffile"), current_user) }
+        end
+      end
+
+      context 'when file_path does not exist' do
+        let(:params) { { ref: 'master' } }
+
+        it_behaves_like '404 response' do
+          let(:request) { get api(route('app%2Fmodels%2Fapplication%2Erb'), current_user), params }
+          let(:message) { '404 File Not Found' }
+        end
+      end
+
+      context 'when repository is disabled' do
+        include_context 'disabled repository'
+
+        it_behaves_like '403 response' do
+          let(:request) { get api(route(file_path), current_user), params }
+        end
+      end
+    end
+
+    context 'when unauthenticated', 'and project is public' do
+      it_behaves_like 'repository raw files' do
+        let(:project) { create(:project, :public) }
+        let(:current_user) { nil }
+      end
+    end
+
+    context 'when unauthenticated', 'and project is private' do
+      it_behaves_like '404 response' do
+        let(:request) { get api(route(file_path)), params }
+        let(:message) { '404 Project Not Found' }
+      end
+    end
+
+    context 'when authenticated', 'as a developer' do
+      it_behaves_like 'repository raw files' do
+        let(:current_user) { user }
+      end
+    end
+
+    context 'when authenticated', 'as a guest' do
+      it_behaves_like '403 response' do
+        let(:request) { get api(route(file_path), guest), params }
       end
     end
   end
 
-  describe "POST /projects/:id/repository/files" do
+  describe "POST /projects/:id/repository/files/:file_path" do
+    let!(:file_path) { "new_subfolder%2Fnewfile%2Erb" }
     let(:valid_params) do
       {
-        file_path: 'newfile.rb',
-        branch: 'master',
-        content: 'puts 8',
-        commit_message: 'Added newfile'
+        branch: "master",
+        content: "puts 8",
+        commit_message: "Added newfile"
       }
     end
 
     it "creates a new file in project repo" do
-      post api("/projects/#{project.id}/repository/files", user), valid_params
+      post api(route(file_path), user), valid_params
 
       expect(response).to have_http_status(201)
-      expect(json_response['file_path']).to eq('newfile.rb')
+      expect(json_response["file_path"]).to eq(CGI.unescape(file_path))
       last_commit = project.repository.commit.raw
       expect(last_commit.author_email).to eq(user.email)
       expect(last_commit.author_name).to eq(user.name)
     end
 
-    it "returns a 400 bad request if no params given" do
-      post api("/projects/#{project.id}/repository/files", user)
+    it "returns a 400 bad request if no mandatory params given" do
+      post api(route("any%2Etxt"), user)
 
       expect(response).to have_http_status(400)
     end
@@ -130,7 +197,7 @@ describe API::Files, api: true  do
       allow_any_instance_of(Repository).to receive(:create_file).
         and_return(false)
 
-      post api("/projects/#{project.id}/repository/files", user), valid_params
+      post api(route("any%2Etxt"), user), valid_params
 
       expect(response).to have_http_status(400)
     end
@@ -139,7 +206,7 @@ describe API::Files, api: true  do
       it "creates a new file with the specified author" do
         valid_params.merge!(author_email: author_email, author_name: author_name)
 
-        post api("/projects/#{project.id}/repository/files", user), valid_params
+        post api(route("new_file_with_author%2Etxt"), user), valid_params
 
         expect(response).to have_http_status(201)
         last_commit = project.repository.commit.raw
@@ -152,7 +219,7 @@ describe API::Files, api: true  do
       let!(:project) { create(:project_empty_repo, namespace: user.namespace ) }
 
       it "creates a new file in project repo" do
-        post api("/projects/#{project.id}/repository/files", user), valid_params
+        post api(route("newfile%2Erb"), user), valid_params
 
         expect(response).to have_http_status(201)
         expect(json_response['file_path']).to eq('newfile.rb')
@@ -166,7 +233,6 @@ describe API::Files, api: true  do
   describe "PUT /projects/:id/repository/files" do
     let(:valid_params) do
       {
-        file_path: file_path,
         branch: 'master',
         content: 'puts 8',
         commit_message: 'Changed file'
@@ -174,17 +240,17 @@ describe API::Files, api: true  do
     end
 
     it "updates existing file in project repo" do
-      put api("/projects/#{project.id}/repository/files", user), valid_params
+      put api(route(file_path), user), valid_params
 
       expect(response).to have_http_status(200)
-      expect(json_response['file_path']).to eq(file_path)
+      expect(json_response['file_path']).to eq(CGI.unescape(file_path))
       last_commit = project.repository.commit.raw
       expect(last_commit.author_email).to eq(user.email)
       expect(last_commit.author_name).to eq(user.name)
     end
 
     it "returns a 400 bad request if no params given" do
-      put api("/projects/#{project.id}/repository/files", user)
+      put api(route(file_path), user)
 
       expect(response).to have_http_status(400)
     end
@@ -193,7 +259,7 @@ describe API::Files, api: true  do
       it "updates a file with the specified author" do
         valid_params.merge!(author_email: author_email, author_name: author_name, content: "New content")
 
-        put api("/projects/#{project.id}/repository/files", user), valid_params
+        put api(route(file_path), user), valid_params
 
         expect(response).to have_http_status(200)
         last_commit = project.repository.commit.raw
@@ -206,20 +272,19 @@ describe API::Files, api: true  do
   describe "DELETE /projects/:id/repository/files" do
     let(:valid_params) do
       {
-        file_path: file_path,
         branch: 'master',
         commit_message: 'Changed file'
       }
     end
 
     it "deletes existing file in project repo" do
-      delete api("/projects/#{project.id}/repository/files", user), valid_params
+      delete api(route(file_path), user), valid_params
 
       expect(response).to have_http_status(204)
     end
 
     it "returns a 400 bad request if no params given" do
-      delete api("/projects/#{project.id}/repository/files", user)
+      delete api(route(file_path), user)
 
       expect(response).to have_http_status(400)
     end
@@ -227,7 +292,7 @@ describe API::Files, api: true  do
     it "returns a 400 if fails to create file" do
       allow_any_instance_of(Repository).to receive(:delete_file).and_return(false)
 
-      delete api("/projects/#{project.id}/repository/files", user), valid_params
+      delete api(route(file_path), user), valid_params
 
       expect(response).to have_http_status(400)
     end
@@ -236,7 +301,7 @@ describe API::Files, api: true  do
       it "removes a file with the specified author" do
         valid_params.merge!(author_email: author_email, author_name: author_name)
 
-        delete api("/projects/#{project.id}/repository/files", user), valid_params
+        delete api(route(file_path), user), valid_params
 
         expect(response).to have_http_status(204)
       end
@@ -244,10 +309,9 @@ describe API::Files, api: true  do
   end
 
   describe "POST /projects/:id/repository/files with binary file" do
-    let(:file_path) { 'test.bin' }
+    let(:file_path) { 'test%2Ebin' }
     let(:put_params) do
       {
-        file_path: file_path,
         branch: 'master',
         content: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAAACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=',
         commit_message: 'Binary file with a \n should not be touched',
@@ -256,21 +320,20 @@ describe API::Files, api: true  do
     end
     let(:get_params) do
       {
-        file_path: file_path,
         ref: 'master',
       }
     end
 
     before do
-      post api("/projects/#{project.id}/repository/files", user), put_params
+      post api(route(file_path), user), put_params
     end
 
     it "remains unchanged" do
-      get api("/projects/#{project.id}/repository/files", user), get_params
+      get api(route(file_path), user), get_params
 
       expect(response).to have_http_status(200)
-      expect(json_response['file_path']).to eq(file_path)
-      expect(json_response['file_name']).to eq(file_path)
+      expect(json_response['file_path']).to eq(CGI.unescape(file_path))
+      expect(json_response['file_name']).to eq(CGI.unescape(file_path))
       expect(json_response['content']).to eq(put_params[:content])
     end
   end

spec/requests/api/repositories_spec.rb

@@ -100,12 +100,8 @@ describe API::Repositories, api: true  do
     end
   end
 
-  {
-    'blobs/:sha' => 'blobs/master',
-    'commits/:sha/blob' => 'commits/master/blob'
-  }.each do |desc_path, example_path|
-    describe "GET /projects/:id/repository/#{desc_path}" do
-      let(:route) { "/projects/#{project.id}/repository/#{example_path}?filepath=README.md" }
+  describe "GET /projects/:id/repository/commits/:sha/blob" do
+    let(:route) { "/projects/#{project.id}/repository/commits/master/blob?filepath=README.md" }
 
     shared_examples_for 'repository blob' do
       it 'returns the repository blob' do
@@ -169,13 +165,71 @@ describe API::Repositories, api: true  do
       end
     end
   end
+
+  describe "GET /projects/:id/repository/blobs/:sha" do
+    let(:route) { "/projects/#{project.id}/repository/blobs/#{sample_blob.oid}" }
+
+    shared_examples_for 'repository blob' do
+      it 'returns blob attributes as json' do
+        get api(route, current_user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response['size']).to eq(111)
+        expect(json_response['encoding']).to eq("base64")
+        expect(Base64.decode64(json_response['content']).lines.first).to eq("class Commit\n")
+        expect(json_response['sha']).to eq(sample_blob.oid)
+      end
+
+      context 'when sha does not exist' do
+        it_behaves_like '404 response' do
+          let(:request) { get api(route.sub(sample_blob.oid, '123456'), current_user) }
+          let(:message) { '404 Blob Not Found' }
+        end
+      end
+
+      context 'when repository is disabled' do
+        include_context 'disabled repository'
+
+        it_behaves_like '403 response' do
+          let(:request) { get api(route, current_user) }
+        end
+      end
+    end
+
+    context 'when unauthenticated', 'and project is public' do
+      it_behaves_like 'repository blob' do
+        let(:project) { create(:project, :public, :repository) }
+        let(:current_user) { nil }
+      end
     end
 
-  describe "GET /projects/:id/repository/raw_blobs/:sha" do
-    let(:route) { "/projects/#{project.id}/repository/raw_blobs/#{sample_blob.oid}" }
+    context 'when unauthenticated', 'and project is private' do
+      it_behaves_like '404 response' do
+        let(:request) { get api(route) }
+        let(:message) { '404 Project Not Found' }
+      end
+    end
+
+    context 'when authenticated', 'as a developer' do
+      it_behaves_like 'repository blob' do
+        let(:current_user) { user }
+      end
+    end
+
+    context 'when authenticated', 'as a guest' do
+      it_behaves_like '403 response' do
+        let(:request) { get api(route, guest) }
+      end
+    end
+  end
+
+  describe "GET /projects/:id/repository/blobs/:sha/raw" do
+    let(:route) { "/projects/#{project.id}/repository/blobs/#{sample_blob.oid}/raw" }
 
     shared_examples_for 'repository raw blob' do
       it 'returns the repository raw blob' do
+        expect(Gitlab::Workhorse).to receive(:send_git_blob)
+
         get api(route, current_user)
 
         expect(response).to have_http_status(200)