From 1314ff92f5ac2183eab55190022c762800910450 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 24 May 2017 18:29:24 +0800 Subject: [PATCH 1/2] refactor sync registry API --- src/ui/api/internal.go | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/src/ui/api/internal.go b/src/ui/api/internal.go index d306eb921..1d3c45987 100644 --- a/src/ui/api/internal.go +++ b/src/ui/api/internal.go @@ -16,29 +16,23 @@ package api import ( "net/http" - - "github.com/vmware/harbor/src/common/dao" - "github.com/vmware/harbor/src/common/utils/log" - "github.com/vmware/harbor/src/common/api" ) // InternalAPI handles request of harbor admin... type InternalAPI struct { - api.BaseAPI + BaseController } // Prepare validates the URL and parms func (ia *InternalAPI) Prepare() { - var currentUserID int - currentUserID = ia.ValidateUser() - isAdmin, err := dao.IsAdminRole(currentUserID) - if err != nil { - log.Errorf("Error occurred in IsAdminRole:%v", err) - ia.CustomAbort(http.StatusInternalServerError, "Internal error.") + ia.BaseController.Prepare() + if !ia.SecurityCtx.IsAuthenticated() { + ia.HandleUnauthorized() + return } - if !isAdmin { - log.Error("Guests doesn't have the permisson to request harbor internal API.") - ia.CustomAbort(http.StatusForbidden, "Guests doesn't have the permisson to request harbor internal API.") + if !ia.SecurityCtx.IsSysAdmin() { + ia.HandleForbidden(ia.SecurityCtx.GetUsername()) + return } } From 2e059eb85a6bfc52dc07be2930985e435435cad8 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Thu, 25 May 2017 13:33:51 +0800 Subject: [PATCH 2/2] refactor sync registry API --- src/ui/api/harborapi_test.go | 2 +- src/ui/api/internal.go | 2 +- src/ui/api/utils.go | 18 ++++++++++-------- src/ui/config/config.go | 14 +++++++------- src/ui/filter/security.go | 2 +- src/ui/main.go | 2 +- 6 files changed, 21 insertions(+), 19 deletions(-) diff --git a/src/ui/api/harborapi_test.go b/src/ui/api/harborapi_test.go index 56cc0cf8d..1ce6aa8df 100644 --- a/src/ui/api/harborapi_test.go +++ b/src/ui/api/harborapi_test.go @@ -128,7 +128,7 @@ func init() { _ = updateInitPassword(1, "Harbor12345") //syncRegistry - if err := SyncRegistry(); err != nil { + if err := SyncRegistry(config.GlobalProjectMgr); err != nil { log.Fatalf("failed to sync repositories from registry: %v", err) } diff --git a/src/ui/api/internal.go b/src/ui/api/internal.go index 1d3c45987..266b40e3d 100644 --- a/src/ui/api/internal.go +++ b/src/ui/api/internal.go @@ -38,7 +38,7 @@ func (ia *InternalAPI) Prepare() { // SyncRegistry ... func (ia *InternalAPI) SyncRegistry() { - err := SyncRegistry() + err := SyncRegistry(ia.ProjectMgr) if err != nil { ia.CustomAbort(http.StatusInternalServerError, "internal error") } diff --git a/src/ui/api/utils.go b/src/ui/api/utils.go index 1a90a479d..a4b4974e0 100644 --- a/src/ui/api/utils.go +++ b/src/ui/api/utils.go @@ -31,6 +31,7 @@ import ( "github.com/vmware/harbor/src/common/utils/registry/auth" registry_error "github.com/vmware/harbor/src/common/utils/registry/error" "github.com/vmware/harbor/src/ui/config" + "github.com/vmware/harbor/src/ui/projectmanager" ) //sysadmin has all privileges to all projects @@ -212,7 +213,7 @@ func addAuthentication(req *http.Request) { } // SyncRegistry syncs the repositories of registry with database. -func SyncRegistry() error { +func SyncRegistry(pm projectmanager.ProjectManager) error { log.Infof("Start syncing repositories from registry to DB... ") @@ -236,7 +237,7 @@ func SyncRegistry() error { var reposToAdd []string var reposToDel []string - reposToAdd, reposToDel, err = diffRepos(reposInRegistry, reposInDB) + reposToAdd, reposToDel, err = diffRepos(reposInRegistry, reposInDB, pm) if err != nil { return err } @@ -249,7 +250,7 @@ func SyncRegistry() error { if err != nil { log.Errorf("Error happens when counting pull count from access log: %v", err) } - pro, err := dao.GetProjectByName(project) + pro, err := pm.Get(project) if err != nil { log.Errorf("failed to get project %s: %v", project, err) continue @@ -299,7 +300,8 @@ func catalog() ([]string, error) { return repositories, nil } -func diffRepos(reposInRegistry []string, reposInDB []string) ([]string, []string, error) { +func diffRepos(reposInRegistry []string, reposInDB []string, + pm projectmanager.ProjectManager) ([]string, []string, error) { var needsAdd []string var needsDel []string @@ -314,7 +316,7 @@ func diffRepos(reposInRegistry []string, reposInDB []string) ([]string, []string d := strings.Compare(repoInR, repoInD) if d < 0 { i++ - exist, err := projectExists(repoInR) + exist, err := projectExists(pm, repoInR) if err != nil { log.Errorf("failed to check the existence of project %s: %v", repoInR, err) continue @@ -377,7 +379,7 @@ func diffRepos(reposInRegistry []string, reposInDB []string) ([]string, []string for i < len(reposInRegistry) { repoInR = reposInRegistry[i] i++ - exist, err := projectExists(repoInR) + exist, err := projectExists(pm, repoInR) if err != nil { log.Errorf("failed to check whether project of %s exists: %v", repoInR, err) continue @@ -397,9 +399,9 @@ func diffRepos(reposInRegistry []string, reposInDB []string) ([]string, []string return needsAdd, needsDel, nil } -func projectExists(repository string) (bool, error) { +func projectExists(pm projectmanager.ProjectManager, repository string) (bool, error) { project, _ := utils.ParseRepository(repository) - return dao.ProjectExists(project) + return pm.Exist(project) } // TODO need a registry client which accept a raw token as param diff --git a/src/ui/config/config.go b/src/ui/config/config.go index f123d186f..50e5add79 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -40,9 +40,8 @@ var ( SecretStore *secret.Store // AdminserverClient is a client for adminserver AdminserverClient client.Client - // DBProjectManager is the project manager based on database, - // it is initialized only the deploy mode is standalone - DBProjectManager projectmanager.ProjectManager + // GlobalProjectMgr is initialized based on the deploy mode + GlobalProjectMgr projectmanager.ProjectManager mg *comcfg.Manager keyProvider comcfg.KeyProvider ) @@ -73,8 +72,8 @@ func Init() error { // init secret store initSecretStore() - // init project manager based on database - initDBProjectManager() + // init project manager based on deploy mode + initProjectManager() return nil } @@ -95,12 +94,13 @@ func initSecretStore() { SecretStore = secret.NewStore(m) } -func initDBProjectManager() { +func initProjectManager() { if len(DeployMode()) == 0 || DeployMode() == common.DeployModeStandAlone { log.Info("initializing the project manager based on database...") - DBProjectManager = &db.ProjectManager{} + GlobalProjectMgr = &db.ProjectManager{} } + // TODO create project manager based on pms } // Load configurations diff --git a/src/ui/filter/security.go b/src/ui/filter/security.go index ad2f39e07..b50803d99 100644 --- a/src/ui/filter/security.go +++ b/src/ui/filter/security.go @@ -136,7 +136,7 @@ func getProjectManager(ctx *beegoctx.Context) projectmanager.ProjectManager { if len(config.DeployMode()) == 0 || config.DeployMode() == common.DeployModeStandAlone { log.Info("filling a project manager based on database...") - return config.DBProjectManager + return config.GlobalProjectMgr } // TODO create project manager based on pms diff --git a/src/ui/main.go b/src/ui/main.go index 6b9912024..eae509f1c 100644 --- a/src/ui/main.go +++ b/src/ui/main.go @@ -101,7 +101,7 @@ func main() { beego.InsertFilter("/*", beego.BeforeRouter, filter.SecurityFilter) initRouters() - if err := api.SyncRegistry(); err != nil { + if err := api.SyncRegistry(config.GlobalProjectMgr); err != nil { log.Error(err) } log.Info("Init proxy")