From 3a9d68a32af4426fb8cba84aa896a5a96bb0afaa Mon Sep 17 00:00:00 2001 From: "stonezdj(Daojun Zhang)" Date: Fri, 10 Nov 2023 13:08:31 +0800 Subject: [PATCH] Allow POST method to request service/token in readonly mode (#19556) fixes #18243 Signed-off-by: stonezdj --- src/core/middlewares/middlewares.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/core/middlewares/middlewares.go b/src/core/middlewares/middlewares.go index 2d3486a0b..0ae29bb02 100644 --- a/src/core/middlewares/middlewares.go +++ b/src/core/middlewares/middlewares.go @@ -39,8 +39,9 @@ import ( ) var ( - match = regexp.MustCompile - numericRegexp = match(`[0-9]+`) + match = regexp.MustCompile + numericRegexp = match(`[0-9]+`) + serviceTokenRegexp = match(`^/service/token`) // The ping endpoint will be blocked when DB conns reach the max open conns of the sql.DB // which will make ping request timeout, so skip the middlewares which will require DB conn. @@ -72,6 +73,10 @@ var ( middleware.MethodAndPathSkipper(http.MethodPost, match("^/service/notifications/jobs/replication/task/"+numericRegexp.String())), middleware.MethodAndPathSkipper(http.MethodPost, match("^/service/notifications/jobs/retention/task/"+numericRegexp.String())), middleware.MethodAndPathSkipper(http.MethodPost, match("^/service/notifications/jobs/schedules/"+numericRegexp.String())), + // Harbor doesn't handle the POST request to /service/token. beego framework return 405 for the POST request + // some client, such as containerd, may send the POST request to /service/token and depends on 405/404/401/400 return code to determine continue or not + // the read only middleware returns 403 before the beego framework, so skip this request to make the client continue + middleware.MethodAndPathSkipper(http.MethodPost, serviceTokenRegexp), pingSkipper, } )