From 41c76ad71404bc0b4da83df063e6e10cd4a41e9f Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Mon, 29 Aug 2022 09:04:45 +0200
Subject: [PATCH] Add support for Vagrant packages (#20930)

* Add support for Vagrant boxes.

* Add authentication.

* Add tests.

* Add integration tests.

* Add docs.

* Add icons.

* Update routers/api/packages/api.go

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
---
 docs/content/doc/packages/overview.en-us.md |   1 +
 docs/content/doc/packages/vagrant.en-us.md  |  78 +++++++
 integrations/api_packages_vagrant_test.go   | 170 ++++++++++++++
 models/packages/descriptor.go               |   3 +
 models/packages/package.go                  |   5 +
 modules/packages/vagrant/metadata.go        |  97 ++++++++
 modules/packages/vagrant/metadata_test.go   | 111 +++++++++
 options/locale/locale_en-US.ini             |   2 +
 public/img/svg/gitea-vagrant.svg            |   1 +
 routers/api/packages/api.go                 |  14 ++
 routers/api/packages/vagrant/vagrant.go     | 239 ++++++++++++++++++++
 routers/api/v1/packages/package.go          |   2 +-
 templates/admin/packages/list.tmpl          |   1 +
 templates/package/content/vagrant.tmpl      |  18 ++
 templates/package/metadata/vagrant.tmpl     |   5 +
 templates/package/shared/list.tmpl          |   1 +
 templates/package/view.tmpl                 |   2 +
 templates/swagger/v1_json.tmpl              |   3 +-
 web_src/svg/gitea-vagrant.svg               |   6 +
 19 files changed, 757 insertions(+), 2 deletions(-)
 create mode 100644 docs/content/doc/packages/vagrant.en-us.md
 create mode 100644 integrations/api_packages_vagrant_test.go
 create mode 100644 modules/packages/vagrant/metadata.go
 create mode 100644 modules/packages/vagrant/metadata_test.go
 create mode 100644 public/img/svg/gitea-vagrant.svg
 create mode 100644 routers/api/packages/vagrant/vagrant.go
 create mode 100644 templates/package/content/vagrant.tmpl
 create mode 100644 templates/package/metadata/vagrant.tmpl
 create mode 100644 web_src/svg/gitea-vagrant.svg

diff --git a/docs/content/doc/packages/overview.en-us.md b/docs/content/doc/packages/overview.en-us.md
index 5e03b71017..0abb054b0f 100644
--- a/docs/content/doc/packages/overview.en-us.md
+++ b/docs/content/doc/packages/overview.en-us.md
@@ -37,6 +37,7 @@ The following package managers are currently supported:
 | [Pub]({{< relref "doc/packages/pub.en-us.md" >}}) | Dart | `dart`, `flutter` |
 | [PyPI]({{< relref "doc/packages/pypi.en-us.md" >}}) | Python | `pip`, `twine` |
 | [RubyGems]({{< relref "doc/packages/rubygems.en-us.md" >}}) | Ruby | `gem`, `Bundler` |
+| [Vagrant]({{< relref "doc/packages/vagrant.en-us.md" >}}) | - | `vagrant` |
 
 **The following paragraphs only apply if Packages are not globally disabled!**
 
diff --git a/docs/content/doc/packages/vagrant.en-us.md b/docs/content/doc/packages/vagrant.en-us.md
new file mode 100644
index 0000000000..e846de1a2a
--- /dev/null
+++ b/docs/content/doc/packages/vagrant.en-us.md
@@ -0,0 +1,78 @@
+---
+date: "2022-08-23T00:00:00+00:00"
+title: "Vagrant Packages Repository"
+slug: "packages/vagrant"
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "packages"
+    name: "vagrant"
+    weight: 120
+    identifier: "vagrant"
+---
+
+# Vagrant Packages Repository
+
+Publish [Vagrant](https://www.vagrantup.com/) packages for your user or organization.
+
+**Table of Contents**
+
+{{< toc >}}
+
+## Requirements
+
+To work with the Vagrant package registry, you need [Vagrant](https://www.vagrantup.com/downloads) and a tool to make HTTP requests like `curl`.
+
+## Publish a package
+
+Publish a Vagrant box by performing a HTTP PUT request to the registry:
+
+```
+PUT https://gitea.example.com/api/packages/{owner}/vagrant/{package_name}/{package_version}/{provider}.box
+```
+
+| Parameter         | Description |
+| ----------------- | ----------- |
+| `owner`           | The owner of the package. |
+| `package_name`    | The package name. |
+| `package_version` | The package version, semver compatible. |
+| `provider`        | One of the [supported provider names](https://www.vagrantup.com/docs/providers). |
+
+Example for uploading a Hyper-V box:
+
+```shell
+curl --user your_username:your_password_or_token \
+     --upload-file path/to/your/vagrant.box \
+     https://gitea.example.com/api/packages/testuser/vagrant/test_system/1.0.0/hyperv.box
+```
+
+You cannot publish a box if a box of the same name, version and provider already exists. You must delete the existing package first.
+
+## Install a package
+
+To install a box from the package registry, execute the following command:
+
+```shell
+vagrant box add "https://gitea.example.com/api/packages/{owner}/vagrant/{package_name}"
+```
+
+| Parameter      | Description |
+| -------------- | ----------- |
+| `owner`        | The owner of the package. |
+| `package_name` | The package name. |
+
+For example:
+
+```shell
+vagrant box add "https://gitea.example.com/api/packages/testuser/vagrant/test_system"
+```
+
+This will install the latest version of the package. To add a specific version, use the `--box-version` parameter.
+If the registry is private you can pass your [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}) in the `VAGRANT_CLOUD_TOKEN` environment variable.
+
+## Supported commands
+
+```
+vagrant box add
+```
diff --git a/integrations/api_packages_vagrant_test.go b/integrations/api_packages_vagrant_test.go
new file mode 100644
index 0000000000..8ce4f24ef5
--- /dev/null
+++ b/integrations/api_packages_vagrant_test.go
@@ -0,0 +1,170 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/json"
+	vagrant_module "code.gitea.io/gitea/modules/packages/vagrant"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPackageVagrant(t *testing.T) {
+	defer prepareTestEnv(t)()
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	token := "Bearer " + getUserToken(t, user.Name)
+
+	packageName := "test_package"
+	packageVersion := "1.0.1"
+	packageDescription := "Test Description"
+	packageProvider := "virtualbox"
+
+	filename := fmt.Sprintf("%s.box", packageProvider)
+
+	infoContent, _ := json.Marshal(map[string]string{
+		"description": packageDescription,
+	})
+
+	var buf bytes.Buffer
+	zw := gzip.NewWriter(&buf)
+	archive := tar.NewWriter(zw)
+	archive.WriteHeader(&tar.Header{
+		Name: "info.json",
+		Mode: 0o600,
+		Size: int64(len(infoContent)),
+	})
+	archive.Write(infoContent)
+	archive.Close()
+	zw.Close()
+	content := buf.Bytes()
+
+	root := fmt.Sprintf("/api/packages/%s/vagrant", user.Name)
+
+	t.Run("Authenticate", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		authenticateURL := fmt.Sprintf("%s/authenticate", root)
+
+		req := NewRequest(t, "GET", authenticateURL)
+		MakeRequest(t, req, http.StatusUnauthorized)
+
+		req = NewRequest(t, "GET", authenticateURL)
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusOK)
+	})
+
+	boxURL := fmt.Sprintf("%s/%s", root, packageName)
+
+	t.Run("Upload", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "HEAD", boxURL)
+		MakeRequest(t, req, http.StatusNotFound)
+
+		uploadURL := fmt.Sprintf("%s/%s/%s", boxURL, packageVersion, filename)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		MakeRequest(t, req, http.StatusUnauthorized)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequest(t, "HEAD", boxURL)
+		resp := MakeRequest(t, req, http.StatusOK)
+		assert.True(t, strings.HasPrefix(resp.HeaderMap.Get("Content-Type"), "application/json"))
+
+		pvs, err := packages.GetVersionsByPackageType(db.DefaultContext, user.ID, packages.TypeVagrant)
+		assert.NoError(t, err)
+		assert.Len(t, pvs, 1)
+
+		pd, err := packages.GetPackageDescriptor(db.DefaultContext, pvs[0])
+		assert.NoError(t, err)
+		assert.NotNil(t, pd.SemVer)
+		assert.IsType(t, &vagrant_module.Metadata{}, pd.Metadata)
+		assert.Equal(t, packageName, pd.Package.Name)
+		assert.Equal(t, packageVersion, pd.Version.Version)
+
+		pfs, err := packages.GetFilesByVersionID(db.DefaultContext, pvs[0].ID)
+		assert.NoError(t, err)
+		assert.Len(t, pfs, 1)
+		assert.Equal(t, filename, pfs[0].Name)
+		assert.True(t, pfs[0].IsLead)
+
+		pb, err := packages.GetBlobByID(db.DefaultContext, pfs[0].BlobID)
+		assert.NoError(t, err)
+		assert.Equal(t, int64(len(content)), pb.Size)
+
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
+		addTokenAuthHeader(req, token)
+		MakeRequest(t, req, http.StatusConflict)
+	})
+
+	t.Run("Download", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/%s/%s", boxURL, packageVersion, filename))
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		assert.Equal(t, content, resp.Body.Bytes())
+	})
+
+	t.Run("EnumeratePackageVersions", func(t *testing.T) {
+		defer PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", boxURL)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		type providerData struct {
+			Name         string `json:"name"`
+			URL          string `json:"url"`
+			Checksum     string `json:"checksum"`
+			ChecksumType string `json:"checksum_type"`
+		}
+
+		type versionMetadata struct {
+			Version             string          `json:"version"`
+			Status              string          `json:"status"`
+			DescriptionHTML     string          `json:"description_html,omitempty"`
+			DescriptionMarkdown string          `json:"description_markdown,omitempty"`
+			Providers           []*providerData `json:"providers"`
+		}
+
+		type packageMetadata struct {
+			Name             string             `json:"name"`
+			Description      string             `json:"description,omitempty"`
+			ShortDescription string             `json:"short_description,omitempty"`
+			Versions         []*versionMetadata `json:"versions"`
+		}
+
+		var result packageMetadata
+		DecodeJSON(t, resp, &result)
+
+		assert.Equal(t, packageName, result.Name)
+		assert.Equal(t, packageDescription, result.Description)
+		assert.Len(t, result.Versions, 1)
+		version := result.Versions[0]
+		assert.Equal(t, packageVersion, version.Version)
+		assert.Equal(t, "active", version.Status)
+		assert.Len(t, version.Providers, 1)
+		provider := version.Providers[0]
+		assert.Equal(t, packageProvider, provider.Name)
+		assert.Equal(t, "sha512", provider.ChecksumType)
+		assert.Equal(t, "259bebd6160acad695016d22a45812e26f187aaf78e71a4c23ee3201528346293f991af3468a8c6c5d2a21d7d9e1bdc1bf79b87110b2fddfcc5a0d45963c7c30", provider.Checksum)
+	})
+}
diff --git a/models/packages/descriptor.go b/models/packages/descriptor.go
index dc753421d0..357574a706 100644
--- a/models/packages/descriptor.go
+++ b/models/packages/descriptor.go
@@ -22,6 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/packages/pub"
 	"code.gitea.io/gitea/modules/packages/pypi"
 	"code.gitea.io/gitea/modules/packages/rubygems"
+	"code.gitea.io/gitea/modules/packages/vagrant"
 
 	"github.com/hashicorp/go-version"
 )
@@ -150,6 +151,8 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 		metadata = &pypi.Metadata{}
 	case TypeRubyGems:
 		metadata = &rubygems.Metadata{}
+	case TypeVagrant:
+		metadata = &vagrant.Metadata{}
 	default:
 		panic(fmt.Sprintf("unknown package type: %s", string(p.Type)))
 	}
diff --git a/models/packages/package.go b/models/packages/package.go
index 39b1c83cfa..c203901a2d 100644
--- a/models/packages/package.go
+++ b/models/packages/package.go
@@ -42,6 +42,7 @@ const (
 	TypePub       Type = "pub"
 	TypePyPI      Type = "pypi"
 	TypeRubyGems  Type = "rubygems"
+	TypeVagrant   Type = "vagrant"
 )
 
 // Name gets the name of the package type
@@ -69,6 +70,8 @@ func (pt Type) Name() string {
 		return "PyPI"
 	case TypeRubyGems:
 		return "RubyGems"
+	case TypeVagrant:
+		return "Vagrant"
 	}
 	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
 }
@@ -98,6 +101,8 @@ func (pt Type) SVGName() string {
 		return "gitea-python"
 	case TypeRubyGems:
 		return "gitea-rubygems"
+	case TypeVagrant:
+		return "gitea-vagrant"
 	}
 	panic(fmt.Sprintf("unknown package type: %s", string(pt)))
 }
diff --git a/modules/packages/vagrant/metadata.go b/modules/packages/vagrant/metadata.go
new file mode 100644
index 0000000000..278dfab32e
--- /dev/null
+++ b/modules/packages/vagrant/metadata.go
@@ -0,0 +1,97 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package vagrant
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"io"
+	"strings"
+
+	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/validation"
+)
+
+const (
+	PropertyProvider = "vagrant.provider"
+)
+
+// Metadata represents the metadata of a Vagrant package
+type Metadata struct {
+	Author        string `json:"author,omitempty"`
+	Description   string `json:"description,omitempty"`
+	ProjectURL    string `json:"project_url,omitempty"`
+	RepositoryURL string `json:"repository_url,omitempty"`
+}
+
+// ParseMetadataFromBox parses the metdata of a box file
+func ParseMetadataFromBox(r io.Reader) (*Metadata, error) {
+	gzr, err := gzip.NewReader(r)
+	if err != nil {
+		return nil, err
+	}
+	defer gzr.Close()
+
+	tr := tar.NewReader(gzr)
+	for {
+		hd, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		if hd.Typeflag != tar.TypeReg {
+			continue
+		}
+
+		if hd.Name == "info.json" {
+			return ParseInfoFile(tr)
+		}
+	}
+
+	return &Metadata{}, nil
+}
+
+// ParseInfoFile parses a info.json file to retrieve the metadata of a Vagrant package
+func ParseInfoFile(r io.Reader) (*Metadata, error) {
+	var values map[string]string
+	if err := json.NewDecoder(r).Decode(&values); err != nil {
+		return nil, err
+	}
+
+	m := &Metadata{}
+
+	// There is no defined format for this file, just try the common keys
+	for k, v := range values {
+		switch strings.ToLower(k) {
+		case "description":
+			fallthrough
+		case "short_description":
+			m.Description = v
+		case "website":
+			fallthrough
+		case "homepage":
+			fallthrough
+		case "url":
+			if validation.IsValidURL(v) {
+				m.ProjectURL = v
+			}
+		case "repository":
+			fallthrough
+		case "source":
+			if validation.IsValidURL(v) {
+				m.RepositoryURL = v
+			}
+		case "author":
+			fallthrough
+		case "authors":
+			m.Author = v
+		}
+	}
+
+	return m, nil
+}
diff --git a/modules/packages/vagrant/metadata_test.go b/modules/packages/vagrant/metadata_test.go
new file mode 100644
index 0000000000..9720c945ae
--- /dev/null
+++ b/modules/packages/vagrant/metadata_test.go
@@ -0,0 +1,111 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package vagrant
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"io"
+	"testing"
+
+	"code.gitea.io/gitea/modules/json"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	author        = "gitea"
+	description   = "Package Description"
+	projectURL    = "https://gitea.io"
+	repositoryURL = "https://gitea.io/gitea/gitea"
+)
+
+func TestParseMetadataFromBox(t *testing.T) {
+	createArchive := func(files map[string][]byte) io.Reader {
+		var buf bytes.Buffer
+		zw := gzip.NewWriter(&buf)
+		tw := tar.NewWriter(zw)
+		for filename, content := range files {
+			hdr := &tar.Header{
+				Name: filename,
+				Mode: 0o600,
+				Size: int64(len(content)),
+			}
+			tw.WriteHeader(hdr)
+			tw.Write(content)
+		}
+		tw.Close()
+		zw.Close()
+		return &buf
+	}
+
+	t.Run("MissingInfoFile", func(t *testing.T) {
+		data := createArchive(map[string][]byte{"dummy.txt": {}})
+
+		metadata, err := ParseMetadataFromBox(data)
+		assert.NotNil(t, metadata)
+		assert.NoError(t, err)
+	})
+
+	t.Run("Valid", func(t *testing.T) {
+		content, err := json.Marshal(map[string]string{
+			"description": description,
+			"author":      author,
+			"website":     projectURL,
+			"repository":  repositoryURL,
+		})
+		assert.NoError(t, err)
+
+		data := createArchive(map[string][]byte{"info.json": content})
+
+		metadata, err := ParseMetadataFromBox(data)
+		assert.NotNil(t, metadata)
+		assert.NoError(t, err)
+
+		assert.Equal(t, author, metadata.Author)
+		assert.Equal(t, description, metadata.Description)
+		assert.Equal(t, projectURL, metadata.ProjectURL)
+		assert.Equal(t, repositoryURL, metadata.RepositoryURL)
+	})
+}
+
+func TestParseInfoFile(t *testing.T) {
+	t.Run("UnknownKeys", func(t *testing.T) {
+		content, err := json.Marshal(map[string]string{
+			"package": "",
+			"dummy":   "",
+		})
+		assert.NoError(t, err)
+
+		metadata, err := ParseInfoFile(bytes.NewReader(content))
+		assert.NotNil(t, metadata)
+		assert.NoError(t, err)
+
+		assert.Empty(t, metadata.Author)
+		assert.Empty(t, metadata.Description)
+		assert.Empty(t, metadata.ProjectURL)
+		assert.Empty(t, metadata.RepositoryURL)
+	})
+
+	t.Run("Valid", func(t *testing.T) {
+		content, err := json.Marshal(map[string]string{
+			"description": description,
+			"author":      author,
+			"website":     projectURL,
+			"repository":  repositoryURL,
+		})
+		assert.NoError(t, err)
+
+		metadata, err := ParseInfoFile(bytes.NewReader(content))
+		assert.NotNil(t, metadata)
+		assert.NoError(t, err)
+
+		assert.Equal(t, author, metadata.Author)
+		assert.Equal(t, description, metadata.Description)
+		assert.Equal(t, projectURL, metadata.ProjectURL)
+		assert.Equal(t, repositoryURL, metadata.RepositoryURL)
+	})
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index e87ee34441..f900e90e7f 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3131,6 +3131,8 @@ rubygems.dependencies.development = Development Dependencies
 rubygems.required.ruby = Requires Ruby version
 rubygems.required.rubygems = Requires RubyGem version
 rubygems.documentation = For more information on the RubyGems registry, see <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/rubygems/">the documentation</a>.
+vagrant.install = To add a Vagrant box, run the following command:
+vagrant.documentation = For more information on the Vagrant registry, see <a target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io/en-us/packages/vagrant/">the documentation</a>.
 settings.link = Link this package to a repository
 settings.link.description = If you link a package with a repository, the package is listed in the repository's package list.
 settings.link.select = Select Repository
diff --git a/public/img/svg/gitea-vagrant.svg b/public/img/svg/gitea-vagrant.svg
new file mode 100644
index 0000000000..4c1b78cab5
--- /dev/null
+++ b/public/img/svg/gitea-vagrant.svg
@@ -0,0 +1 @@
+<svg preserveAspectRatio="xMidYMid" viewBox="0 0 255 263" class="svg gitea-vagrant" width="16" height="16" aria-hidden="true"><path fill="#1159CC" d="M254.22 20.234 196.03 53.47l-1.64 20.618-44.19 99.772-26.27 17.34 3.18 71.6 49.53-28.55 77.58-189.946zM92.45 56.933V34.051l-.238-.136-38.483 19.102 1.642 23.034L103.4 180.6l26.02-14.71-2.31-28.09z"/><path fill="#127EFF" d="m219.56 0-57.75 33.814h-.04v23.119L127.11 137.8v27.02l-23.12 13.41L57.788 74.146V53.81L92.45 33.848 34.668 0 .006 20.234v24.783L78.022 234.49l49.088 28.31v-71.16l23.09-13.41-.27-.17 46.51-103.914V53.81l57.78-33.576z"/></svg>
\ No newline at end of file
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 0761cacdf2..93f9afca7b 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -25,6 +25,7 @@ import (
 	"code.gitea.io/gitea/routers/api/packages/pub"
 	"code.gitea.io/gitea/routers/api/packages/pypi"
 	"code.gitea.io/gitea/routers/api/packages/rubygems"
+	"code.gitea.io/gitea/routers/api/packages/vagrant"
 	"code.gitea.io/gitea/services/auth"
 	context_service "code.gitea.io/gitea/services/context"
 )
@@ -266,6 +267,19 @@ func Routes(ctx gocontext.Context) *web.Route {
 				r.Delete("/yank", rubygems.DeletePackage)
 			}, reqPackageAccess(perm.AccessModeWrite))
 		})
+		r.Group("/vagrant", func() {
+			r.Group("/authenticate", func() {
+				r.Get("", vagrant.CheckAuthenticate)
+			})
+			r.Group("/{name}", func() {
+				r.Head("", vagrant.CheckBoxAvailable)
+				r.Get("", vagrant.EnumeratePackageVersions)
+				r.Group("/{version}/{provider}", func() {
+					r.Get("", vagrant.DownloadPackageFile)
+					r.Put("", reqPackageAccess(perm.AccessModeWrite), vagrant.UploadPackageFile)
+				})
+			})
+		})
 	}, context_service.UserAssignmentWeb(), context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
 
 	return r
diff --git a/routers/api/packages/vagrant/vagrant.go b/routers/api/packages/vagrant/vagrant.go
new file mode 100644
index 0000000000..7750e5dc4b
--- /dev/null
+++ b/routers/api/packages/vagrant/vagrant.go
@@ -0,0 +1,239 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package vagrant
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"sort"
+	"strings"
+
+	packages_model "code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/modules/context"
+	packages_module "code.gitea.io/gitea/modules/packages"
+	vagrant_module "code.gitea.io/gitea/modules/packages/vagrant"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/routers/api/packages/helper"
+	packages_service "code.gitea.io/gitea/services/packages"
+
+	"github.com/hashicorp/go-version"
+)
+
+func apiError(ctx *context.Context, status int, obj interface{}) {
+	helper.LogAndProcessError(ctx, status, obj, func(message string) {
+		ctx.JSON(status, struct {
+			Errors []string `json:"errors"`
+		}{
+			Errors: []string{
+				message,
+			},
+		})
+	})
+}
+
+func CheckAuthenticate(ctx *context.Context) {
+	if ctx.Doer == nil {
+		apiError(ctx, http.StatusUnauthorized, "Invalid access token")
+		return
+	}
+
+	ctx.Status(http.StatusOK)
+}
+
+func CheckBoxAvailable(ctx *context.Context) {
+	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeVagrant, ctx.Params("name"))
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	if len(pvs) == 0 {
+		apiError(ctx, http.StatusNotFound, err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, nil) // needs to be Content-Type: application/json
+}
+
+type packageMetadata struct {
+	Name             string             `json:"name"`
+	Description      string             `json:"description,omitempty"`
+	ShortDescription string             `json:"short_description,omitempty"`
+	Versions         []*versionMetadata `json:"versions"`
+}
+
+type versionMetadata struct {
+	Version             string          `json:"version"`
+	Status              string          `json:"status"`
+	DescriptionHTML     string          `json:"description_html,omitempty"`
+	DescriptionMarkdown string          `json:"description_markdown,omitempty"`
+	Providers           []*providerData `json:"providers"`
+}
+
+type providerData struct {
+	Name         string `json:"name"`
+	URL          string `json:"url"`
+	Checksum     string `json:"checksum"`
+	ChecksumType string `json:"checksum_type"`
+}
+
+func packageDescriptorToMetadata(baseURL string, pd *packages_model.PackageDescriptor) *versionMetadata {
+	versionURL := baseURL + "/" + url.PathEscape(pd.Version.Version)
+
+	providers := make([]*providerData, 0, len(pd.Files))
+
+	for _, f := range pd.Files {
+		providers = append(providers, &providerData{
+			Name:         f.Properties.GetByName(vagrant_module.PropertyProvider),
+			URL:          versionURL + "/" + url.PathEscape(f.File.Name),
+			Checksum:     f.Blob.HashSHA512,
+			ChecksumType: "sha512",
+		})
+	}
+
+	return &versionMetadata{
+		Status:    "active",
+		Version:   pd.Version.Version,
+		Providers: providers,
+	}
+}
+
+func EnumeratePackageVersions(ctx *context.Context) {
+	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypeVagrant, ctx.Params("name"))
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	if len(pvs) == 0 {
+		apiError(ctx, http.StatusNotFound, err)
+		return
+	}
+
+	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	sort.Slice(pds, func(i, j int) bool {
+		return pds[i].SemVer.LessThan(pds[j].SemVer)
+	})
+
+	baseURL := fmt.Sprintf("%sapi/packages/%s/vagrant/%s", setting.AppURL, url.PathEscape(ctx.Package.Owner.Name), url.PathEscape(pds[0].Package.Name))
+
+	versions := make([]*versionMetadata, 0, len(pds))
+	for _, pd := range pds {
+		versions = append(versions, packageDescriptorToMetadata(baseURL, pd))
+	}
+
+	ctx.JSON(http.StatusOK, &packageMetadata{
+		Name:        pds[0].Package.Name,
+		Description: pds[len(pds)-1].Metadata.(*vagrant_module.Metadata).Description,
+		Versions:    versions,
+	})
+}
+
+func UploadPackageFile(ctx *context.Context) {
+	boxName := ctx.Params("name")
+	boxVersion := ctx.Params("version")
+	_, err := version.NewSemver(boxVersion)
+	if err != nil {
+		apiError(ctx, http.StatusBadRequest, err)
+		return
+	}
+	boxProvider := ctx.Params("provider")
+	if !strings.HasSuffix(boxProvider, ".box") {
+		apiError(ctx, http.StatusBadRequest, err)
+		return
+	}
+
+	upload, needsClose, err := ctx.UploadStream()
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	if needsClose {
+		defer upload.Close()
+	}
+
+	buf, err := packages_module.CreateHashedBufferFromReader(upload, 32*1024*1024)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	defer buf.Close()
+
+	metadata, err := vagrant_module.ParseMetadataFromBox(buf)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	if _, err := buf.Seek(0, io.SeekStart); err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	_, _, err = packages_service.CreatePackageOrAddFileToExisting(
+		&packages_service.PackageCreationInfo{
+			PackageInfo: packages_service.PackageInfo{
+				Owner:       ctx.Package.Owner,
+				PackageType: packages_model.TypeVagrant,
+				Name:        boxName,
+				Version:     boxVersion,
+			},
+			SemverCompatible: true,
+			Creator:          ctx.Doer,
+			Metadata:         metadata,
+		},
+		&packages_service.PackageFileCreationInfo{
+			PackageFileInfo: packages_service.PackageFileInfo{
+				Filename: strings.ToLower(boxProvider),
+			},
+			Data:   buf,
+			IsLead: true,
+			Properties: map[string]string{
+				vagrant_module.PropertyProvider: strings.TrimSuffix(boxProvider, ".box"),
+			},
+		},
+	)
+	if err != nil {
+		if err == packages_model.ErrDuplicatePackageFile {
+			apiError(ctx, http.StatusConflict, err)
+			return
+		}
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	ctx.Status(http.StatusCreated)
+}
+
+func DownloadPackageFile(ctx *context.Context) {
+	s, pf, err := packages_service.GetFileStreamByPackageNameAndVersion(
+		ctx,
+		&packages_service.PackageInfo{
+			Owner:       ctx.Package.Owner,
+			PackageType: packages_model.TypeVagrant,
+			Name:        ctx.Params("name"),
+			Version:     ctx.Params("version"),
+		},
+		&packages_service.PackageFileInfo{
+			Filename: ctx.Params("provider"),
+		},
+	)
+	if err != nil {
+		if err == packages_model.ErrPackageNotExist || err == packages_model.ErrPackageFileNotExist {
+			apiError(ctx, http.StatusNotFound, err)
+			return
+		}
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	defer s.Close()
+
+	ctx.ServeContent(pf.Name, s, pf.CreatedUnix.AsLocalTime())
+}
diff --git a/routers/api/v1/packages/package.go b/routers/api/v1/packages/package.go
index 2c02389102..29fa6c85a5 100644
--- a/routers/api/v1/packages/package.go
+++ b/routers/api/v1/packages/package.go
@@ -41,7 +41,7 @@ func ListPackages(ctx *context.APIContext) {
 	//   in: query
 	//   description: package type filter
 	//   type: string
-	//   enum: [composer, conan, container, generic, helm, maven, npm, nuget, pub, pypi, rubygems]
+	//   enum: [composer, conan, container, generic, helm, maven, npm, nuget, pub, pypi, rubygems, vagrant]
 	// - name: q
 	//   in: query
 	//   description: name filter
diff --git a/templates/admin/packages/list.tmpl b/templates/admin/packages/list.tmpl
index 61721532a4..06d6163476 100644
--- a/templates/admin/packages/list.tmpl
+++ b/templates/admin/packages/list.tmpl
@@ -24,6 +24,7 @@
 						<option value="pub" {{if eq .PackageType "pub"}}selected="selected"{{end}}>Pub</option>
 						<option value="pypi" {{if eq .PackageType "pypi"}}selected="selected"{{end}}>PyPi</option>
 						<option value="rubygems" {{if eq .PackageType "rubygems"}}selected="selected"{{end}}>RubyGems</option>
+						<option value="vagrant" {{if eq .PackageType "vagrant"}}selected="selected"{{end}}>Vagrant</option>
 					</select>
 					<button class="ui primary button">{{.locale.Tr "explore.search"}}</button>
 				</div>
diff --git a/templates/package/content/vagrant.tmpl b/templates/package/content/vagrant.tmpl
new file mode 100644
index 0000000000..7bd686e6ab
--- /dev/null
+++ b/templates/package/content/vagrant.tmpl
@@ -0,0 +1,18 @@
+{{if eq .PackageDescriptor.Package.Type "vagrant"}}
+	<h4 class="ui top attached header">{{.locale.Tr "packages.installation"}}</h4>
+	<div class="ui attached segment">
+		<div class="ui form">
+			<div class="field">
+				<label>{{svg "octicon-terminal"}} {{.locale.Tr "packages.vagrant.install"}}</label>
+				<div class="markup"><pre class="code-block"><code>vagrant box add --box-version {{.PackageDescriptor.Version.Version}} "{{AppUrl}}api/packages/{{.PackageDescriptor.Owner.Name}}/vagrant/{{.PackageDescriptor.Package.Name}}"</code></pre></div>
+			</div>
+			<div class="field">
+				<label>{{.locale.Tr "packages.vagrant.documentation" | Safe}}</label>
+			</div>
+		</div>
+	</div>
+	{{if .PackageDescriptor.Metadata.Description}}
+		<h4 class="ui top attached header">{{.locale.Tr "packages.about"}}</h4>
+		<div class="ui attached segment">{{.PackageDescriptor.Metadata.Description}}</div>
+	{{end}}
+{{end}}
diff --git a/templates/package/metadata/vagrant.tmpl b/templates/package/metadata/vagrant.tmpl
new file mode 100644
index 0000000000..344e417b77
--- /dev/null
+++ b/templates/package/metadata/vagrant.tmpl
@@ -0,0 +1,5 @@
+{{if eq .PackageDescriptor.Package.Type "vagrant"}}
+	{{if .PackageDescriptor.Metadata.Author}}<div class="item" title="{{.locale.Tr "packages.details.author"}}">{{svg "octicon-person" 16 "mr-3"}} {{.PackageDescriptor.Metadata.Author}}</div>{{end}}
+	{{if .PackageDescriptor.Metadata.ProjectURL}}<div class="item">{{svg "octicon-link-external" 16 "mr-3"}} <a href="{{.PackageDescriptor.Metadata.ProjectURL}}" target="_blank" rel="noopener noreferrer me">{{.locale.Tr "packages.details.project_site"}}</a></div>{{end}}
+	{{if .PackageDescriptor.Metadata.RepositoryURL}}<div class="item">{{svg "octicon-link-external" 16 "mr-3"}} <a href="{{.PackageDescriptor.Metadata.RepositoryURL}}" target="_blank" rel="noopener noreferrer me">{{.locale.Tr "packages.conan.details.repository"}}</a></div>{{end}}
+{{end}}
diff --git a/templates/package/shared/list.tmpl b/templates/package/shared/list.tmpl
index 020acba9d7..b48f772f39 100644
--- a/templates/package/shared/list.tmpl
+++ b/templates/package/shared/list.tmpl
@@ -17,6 +17,7 @@
 				<option value="pub" {{if eq .PackageType "pub"}}selected="selected"{{end}}>Pub</option>
 				<option value="pypi" {{if eq .PackageType "pypi"}}selected="selected"{{end}}>PyPi</option>
 				<option value="rubygems" {{if eq .PackageType "rubygems"}}selected="selected"{{end}}>RubyGems</option>
+				<option value="vagrant" {{if eq .PackageType "vagrant"}}selected="selected"{{end}}>Vagrant</option>
 			</select>
 			<button class="ui primary button">{{.locale.Tr "explore.search"}}</button>
 		</div>
diff --git a/templates/package/view.tmpl b/templates/package/view.tmpl
index 254d1ff840..a5b2a2ef68 100644
--- a/templates/package/view.tmpl
+++ b/templates/package/view.tmpl
@@ -30,6 +30,7 @@
 					{{template "package/content/pub" .}}
 					{{template "package/content/pypi" .}}
 					{{template "package/content/rubygems" .}}
+					{{template "package/content/vagrant" .}}
 				</div>
 				<div class="four wide column">
 					<div class="ui segment metas">
@@ -52,6 +53,7 @@
 							{{template "package/metadata/pub" .}}
 							{{template "package/metadata/pypi" .}}
 							{{template "package/metadata/rubygems" .}}
+							{{template "package/metadata/vagrant" .}}
 							<div class="item">{{svg "octicon-database" 16 "mr-3"}} {{FileSize .PackageDescriptor.CalculateBlobSize}}</div>
 						</div>
 						{{if not (eq .PackageDescriptor.Package.Type "container")}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 8a8ca9a924..5dcb4787e0 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -1962,7 +1962,8 @@
               "nuget",
               "pub",
               "pypi",
-              "rubygems"
+              "rubygems",
+              "vagrant"
             ],
             "type": "string",
             "description": "package type filter",
diff --git a/web_src/svg/gitea-vagrant.svg b/web_src/svg/gitea-vagrant.svg
new file mode 100644
index 0000000000..37bc1673cb
--- /dev/null
+++ b/web_src/svg/gitea-vagrant.svg
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg preserveAspectRatio="xMidYMid" version="1.1" viewBox="0 0 255 263" xmlns="http://www.w3.org/2000/svg">
+<polygon points="254.22 20.234 196.03 53.47 194.39 74.088 150.2 173.86 123.93 191.2 127.11 262.8 176.64 234.25 254.22 44.304" fill="#1159CC"/>
+<polygon points="92.45 56.933 92.45 34.051 92.212 33.915 53.729 53.017 55.371 76.051 103.4 180.6 129.42 165.89 127.11 137.8" fill="#1159CC"/>
+<polygon points="219.56 0 161.81 33.814 161.77 33.814 161.77 33.848 161.77 33.848 161.77 33.848 161.77 56.933 127.11 137.8 127.11 164.82 103.99 178.23 57.788 74.146 57.788 53.81 92.45 33.848 34.668 0 0.0057522 20.234 0.0057522 45.017 78.022 234.49 127.11 262.8 127.11 191.64 150.2 178.23 149.93 178.06 196.44 74.146 196.44 53.844 196.44 53.81 254.22 20.234" fill="#127EFF"/>
+</svg>