mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-04 23:17:45 +01:00
Merge pull request #9 from reasonerjt/golint-fix-main-api-auth
fix issues except comments related in main, auth, api packages
This commit is contained in:
commit
413f3cdf71
14
api/base.go
14
api/base.go
@ -36,7 +36,7 @@ func (b *BaseAPI) RenderError(code int, text string) {
|
|||||||
http.Error(b.Ctx.ResponseWriter, text, code)
|
http.Error(b.Ctx.ResponseWriter, text, code)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *BaseAPI) DecodeJsonReq(v interface{}) {
|
func (b *BaseAPI) DecodeJSONReq(v interface{}) {
|
||||||
err := json.Unmarshal(b.Ctx.Input.CopyBody(1<<32), v)
|
err := json.Unmarshal(b.Ctx.Input.CopyBody(1<<32), v)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error while decoding the json request:", err)
|
beego.Error("Error while decoding the json request:", err)
|
||||||
@ -46,20 +46,20 @@ func (b *BaseAPI) DecodeJsonReq(v interface{}) {
|
|||||||
|
|
||||||
func (b *BaseAPI) ValidateUser() int {
|
func (b *BaseAPI) ValidateUser() int {
|
||||||
|
|
||||||
sessionUserId := b.GetSession("userId")
|
sessionUserID := b.GetSession("userId")
|
||||||
if sessionUserId == nil {
|
if sessionUserID == nil {
|
||||||
beego.Warning("No user id in session, canceling request")
|
beego.Warning("No user id in session, canceling request")
|
||||||
b.CustomAbort(http.StatusUnauthorized, "")
|
b.CustomAbort(http.StatusUnauthorized, "")
|
||||||
}
|
}
|
||||||
userId := sessionUserId.(int)
|
userID := sessionUserID.(int)
|
||||||
u, err := dao.GetUser(models.User{UserId: userId})
|
u, err := dao.GetUser(models.User{UserId: userID})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
b.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
b.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if u == nil {
|
if u == nil {
|
||||||
beego.Warning("User was deleted already, user id: ", userId, " canceling request.")
|
beego.Warning("User was deleted already, user id: ", userID, " canceling request.")
|
||||||
b.CustomAbort(http.StatusUnauthorized, "")
|
b.CustomAbort(http.StatusUnauthorized, "")
|
||||||
}
|
}
|
||||||
return userId
|
return userID
|
||||||
}
|
}
|
||||||
|
@ -26,14 +26,14 @@ import (
|
|||||||
|
|
||||||
type ProjectMemberAPI struct {
|
type ProjectMemberAPI struct {
|
||||||
BaseAPI
|
BaseAPI
|
||||||
memberId int
|
memberID int
|
||||||
currentUserId int
|
currentUserID int
|
||||||
project *models.Project
|
project *models.Project
|
||||||
}
|
}
|
||||||
|
|
||||||
type memberReq struct {
|
type memberReq struct {
|
||||||
Username string `json:"user_name"`
|
Username string `json:"user_name"`
|
||||||
UserId int `json:"user_id"`
|
UserID int `json:"user_id"`
|
||||||
Roles []int `json:"roles"`
|
Roles []int `json:"roles"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -55,30 +55,30 @@ func (pma *ProjectMemberAPI) Prepare() {
|
|||||||
pma.CustomAbort(http.StatusNotFound, "Project does not exist")
|
pma.CustomAbort(http.StatusNotFound, "Project does not exist")
|
||||||
}
|
}
|
||||||
pma.project = p
|
pma.project = p
|
||||||
pma.currentUserId = pma.ValidateUser()
|
pma.currentUserID = pma.ValidateUser()
|
||||||
mid := pma.Ctx.Input.Param(":mid")
|
mid := pma.Ctx.Input.Param(":mid")
|
||||||
if mid == "current" {
|
if mid == "current" {
|
||||||
pma.memberId = pma.currentUserId
|
pma.memberID = pma.currentUserID
|
||||||
} else if len(mid) == 0 {
|
} else if len(mid) == 0 {
|
||||||
pma.memberId = 0
|
pma.memberID = 0
|
||||||
} else if len(mid) > 0 {
|
} else if len(mid) > 0 {
|
||||||
memberId, err := strconv.Atoi(mid)
|
memberID, err := strconv.Atoi(mid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Invalid member Id, error:", err)
|
beego.Error("Invalid member Id, error:", err)
|
||||||
pma.CustomAbort(http.StatusBadRequest, "Invalid member id")
|
pma.CustomAbort(http.StatusBadRequest, "Invalid member id")
|
||||||
}
|
}
|
||||||
pma.memberId = memberId
|
pma.memberID = memberID
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pma *ProjectMemberAPI) Get() {
|
func (pma *ProjectMemberAPI) Get() {
|
||||||
pid := pma.project.ProjectId
|
pid := pma.project.ProjectId
|
||||||
if !CheckProjectPermission(pma.currentUserId, pid) {
|
if !CheckProjectPermission(pma.currentUserID, pid) {
|
||||||
beego.Warning("Current user, user id :", pma.currentUserId, "does not have permission for project, id:", pid)
|
beego.Warning("Current user, user id :", pma.currentUserID, "does not have permission for project, id:", pid)
|
||||||
pma.RenderError(http.StatusForbidden, "")
|
pma.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if pma.memberId == 0 { //member id not set return list of the members
|
if pma.memberID == 0 { //member id not set return list of the members
|
||||||
username := pma.GetString("username")
|
username := pma.GetString("username")
|
||||||
queryUser := models.User{Username: "%" + username + "%"}
|
queryUser := models.User{Username: "%" + username + "%"}
|
||||||
userList, err := dao.GetUserByProject(pid, queryUser)
|
userList, err := dao.GetUserByProject(pid, queryUser)
|
||||||
@ -89,20 +89,20 @@ func (pma *ProjectMemberAPI) Get() {
|
|||||||
}
|
}
|
||||||
pma.Data["json"] = userList
|
pma.Data["json"] = userList
|
||||||
} else { //return detail of a member
|
} else { //return detail of a member
|
||||||
roleList, err := dao.GetUserProjectRoles(models.User{UserId: pma.memberId}, pid)
|
roleList, err := dao.GetUserProjectRoles(models.User{UserId: pma.memberID}, pid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
||||||
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
//return empty role list to indicate if a user is not a member
|
//return empty role list to indicate if a user is not a member
|
||||||
result := make(map[string]interface{})
|
result := make(map[string]interface{})
|
||||||
user, err := dao.GetUser(models.User{UserId: pma.memberId})
|
user, err := dao.GetUser(models.User{UserId: pma.memberID})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
result["user_name"] = user.Username
|
result["user_name"] = user.Username
|
||||||
result["user_id"] = pma.memberId
|
result["user_id"] = pma.memberID
|
||||||
result["roles"] = roleList
|
result["roles"] = roleList
|
||||||
pma.Data["json"] = result
|
pma.Data["json"] = result
|
||||||
}
|
}
|
||||||
@ -111,41 +111,41 @@ func (pma *ProjectMemberAPI) Get() {
|
|||||||
|
|
||||||
func (pma *ProjectMemberAPI) Post() {
|
func (pma *ProjectMemberAPI) Post() {
|
||||||
pid := pma.project.ProjectId
|
pid := pma.project.ProjectId
|
||||||
userQuery := models.User{UserId: pma.currentUserId, RoleId: models.PROJECTADMIN}
|
userQuery := models.User{UserId: pma.currentUserID, RoleId: models.PROJECTADMIN}
|
||||||
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
||||||
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if len(rolelist) == 0 {
|
if len(rolelist) == 0 {
|
||||||
beego.Warning("Current user, id:", pma.currentUserId, "does not have project admin role for project, id:", pid)
|
beego.Warning("Current user, id:", pma.currentUserID, "does not have project admin role for project, id:", pid)
|
||||||
pma.RenderError(http.StatusForbidden, "")
|
pma.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var req memberReq
|
var req memberReq
|
||||||
pma.DecodeJsonReq(&req)
|
pma.DecodeJSONReq(&req)
|
||||||
username := req.Username
|
username := req.Username
|
||||||
userId := CheckUserExists(username)
|
userID := CheckUserExists(username)
|
||||||
if userId <= 0 {
|
if userID <= 0 {
|
||||||
beego.Warning("User does not exist, user name:", username)
|
beego.Warning("User does not exist, user name:", username)
|
||||||
pma.RenderError(http.StatusNotFound, "User does not exist")
|
pma.RenderError(http.StatusNotFound, "User does not exist")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
rolelist, err = dao.GetUserProjectRoles(models.User{UserId: userId}, pid)
|
rolelist, err = dao.GetUserProjectRoles(models.User{UserId: userID}, pid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
||||||
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if len(rolelist) > 0 {
|
if len(rolelist) > 0 {
|
||||||
beego.Warning("user is already added to project, user id:", userId, ", project id:", pid)
|
beego.Warning("user is already added to project, user id:", userID, ", project id:", pid)
|
||||||
pma.RenderError(http.StatusConflict, "user is ready in project")
|
pma.RenderError(http.StatusConflict, "user is ready in project")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, rid := range req.Roles {
|
for _, rid := range req.Roles {
|
||||||
err = dao.AddUserProjectRole(userId, pid, int(rid))
|
err = dao.AddUserProjectRole(userID, pid, int(rid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", userId, ", role id:", rid)
|
beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", userID, ", role id:", rid)
|
||||||
pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
|
pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -154,20 +154,20 @@ func (pma *ProjectMemberAPI) Post() {
|
|||||||
|
|
||||||
func (pma *ProjectMemberAPI) Put() {
|
func (pma *ProjectMemberAPI) Put() {
|
||||||
pid := pma.project.ProjectId
|
pid := pma.project.ProjectId
|
||||||
mid := pma.memberId
|
mid := pma.memberID
|
||||||
userQuery := models.User{UserId: pma.currentUserId, RoleId: models.PROJECTADMIN}
|
userQuery := models.User{UserId: pma.currentUserID, RoleId: models.PROJECTADMIN}
|
||||||
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
||||||
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if len(rolelist) == 0 {
|
if len(rolelist) == 0 {
|
||||||
beego.Warning("Current user, id:", pma.currentUserId, ", does not have project admin role for project, id:", pid)
|
beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
|
||||||
pma.RenderError(http.StatusForbidden, "")
|
pma.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var req memberReq
|
var req memberReq
|
||||||
pma.DecodeJsonReq(&req)
|
pma.DecodeJSONReq(&req)
|
||||||
roleList, err := dao.GetUserProjectRoles(models.User{UserId: mid}, pid)
|
roleList, err := dao.GetUserProjectRoles(models.User{UserId: mid}, pid)
|
||||||
if len(roleList) == 0 {
|
if len(roleList) == 0 {
|
||||||
beego.Warning("User is not in project, user id:", mid, ", project id:", pid)
|
beego.Warning("User is not in project, user id:", mid, ", project id:", pid)
|
||||||
@ -195,11 +195,11 @@ func (pma *ProjectMemberAPI) Put() {
|
|||||||
|
|
||||||
func (pma *ProjectMemberAPI) Delete() {
|
func (pma *ProjectMemberAPI) Delete() {
|
||||||
pid := pma.project.ProjectId
|
pid := pma.project.ProjectId
|
||||||
mid := pma.memberId
|
mid := pma.memberID
|
||||||
userQuery := models.User{UserId: pma.currentUserId, RoleId: models.PROJECTADMIN}
|
userQuery := models.User{UserId: pma.currentUserID, RoleId: models.PROJECTADMIN}
|
||||||
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
||||||
if len(rolelist) == 0 {
|
if len(rolelist) == 0 {
|
||||||
beego.Warning("Current user, id:", pma.currentUserId, ", does not have project admin role for project, id:", pid)
|
beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
|
||||||
pma.RenderError(http.StatusForbidden, "")
|
pma.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
@ -30,8 +30,8 @@ import (
|
|||||||
|
|
||||||
type ProjectAPI struct {
|
type ProjectAPI struct {
|
||||||
BaseAPI
|
BaseAPI
|
||||||
userId int
|
userID int
|
||||||
projectId int64
|
projectID int64
|
||||||
}
|
}
|
||||||
|
|
||||||
type projectReq struct {
|
type projectReq struct {
|
||||||
@ -39,25 +39,25 @@ type projectReq struct {
|
|||||||
Public bool `json:"public"`
|
Public bool `json:"public"`
|
||||||
}
|
}
|
||||||
|
|
||||||
const PROJECT_NAME_MAX_LEN int = 30
|
const projectNameMaxLen int = 30
|
||||||
|
|
||||||
func (p *ProjectAPI) Prepare() {
|
func (p *ProjectAPI) Prepare() {
|
||||||
p.userId = p.ValidateUser()
|
p.userID = p.ValidateUser()
|
||||||
id_str := p.Ctx.Input.Param(":id")
|
idStr := p.Ctx.Input.Param(":id")
|
||||||
if len(id_str) > 0 {
|
if len(idStr) > 0 {
|
||||||
var err error
|
var err error
|
||||||
p.projectId, err = strconv.ParseInt(id_str, 10, 64)
|
p.projectID, err = strconv.ParseInt(idStr, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error parsing project id: %s, error: %v", id_str, err)
|
log.Printf("Error parsing project id: %s, error: %v", idStr, err)
|
||||||
p.CustomAbort(http.StatusBadRequest, "invalid project id")
|
p.CustomAbort(http.StatusBadRequest, "invalid project id")
|
||||||
}
|
}
|
||||||
exist, err := dao.ProjectExists(p.projectId)
|
exist, err := dao.ProjectExists(p.projectID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error occurred in ProjectExists: %v", err)
|
log.Printf("Error occurred in ProjectExists: %v", err)
|
||||||
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if !exist {
|
if !exist {
|
||||||
p.CustomAbort(http.StatusNotFound, fmt.Sprintf("project does not exist, id: %v", p.projectId))
|
p.CustomAbort(http.StatusNotFound, fmt.Sprintf("project does not exist, id: %v", p.projectID))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -65,7 +65,7 @@ func (p *ProjectAPI) Prepare() {
|
|||||||
func (p *ProjectAPI) Post() {
|
func (p *ProjectAPI) Post() {
|
||||||
var req projectReq
|
var req projectReq
|
||||||
var public int
|
var public int
|
||||||
p.DecodeJsonReq(&req)
|
p.DecodeJSONReq(&req)
|
||||||
if req.Public {
|
if req.Public {
|
||||||
public = 1
|
public = 1
|
||||||
}
|
}
|
||||||
@ -84,7 +84,7 @@ func (p *ProjectAPI) Post() {
|
|||||||
p.RenderError(http.StatusConflict, "")
|
p.RenderError(http.StatusConflict, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
project := models.Project{OwnerId: p.userId, Name: projectName, CreationTime: time.Now(), Public: public}
|
project := models.Project{OwnerId: p.userID, Name: projectName, CreationTime: time.Now(), Public: public}
|
||||||
err = dao.AddProject(project)
|
err = dao.AddProject(project)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Failed to add project, error: %v", err)
|
beego.Error("Failed to add project, error: %v", err)
|
||||||
@ -107,7 +107,7 @@ func (p *ProjectAPI) Head() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *ProjectAPI) Get() {
|
func (p *ProjectAPI) Get() {
|
||||||
queryProject := models.Project{UserId: p.userId}
|
queryProject := models.Project{UserId: p.userID}
|
||||||
projectName := p.GetString("project_name")
|
projectName := p.GetString("project_name")
|
||||||
if len(projectName) > 0 {
|
if len(projectName) > 0 {
|
||||||
queryProject.Name = "%" + projectName + "%"
|
queryProject.Name = "%" + projectName + "%"
|
||||||
@ -121,7 +121,7 @@ func (p *ProjectAPI) Get() {
|
|||||||
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
for i := 0; i < len(projectList); i++ {
|
for i := 0; i < len(projectList); i++ {
|
||||||
if isProjectAdmin(p.userId, projectList[i].ProjectId) {
|
if isProjectAdmin(p.userID, projectList[i].ProjectId) {
|
||||||
projectList[i].Togglable = true
|
projectList[i].Togglable = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -133,25 +133,25 @@ func (p *ProjectAPI) Put() {
|
|||||||
var req projectReq
|
var req projectReq
|
||||||
var public int
|
var public int
|
||||||
|
|
||||||
projectId, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64)
|
projectID, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error parsing project id:", projectId, ", error: ", err)
|
beego.Error("Error parsing project id:", projectID, ", error: ", err)
|
||||||
p.RenderError(http.StatusBadRequest, "invalid project id")
|
p.RenderError(http.StatusBadRequest, "invalid project id")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
p.DecodeJsonReq(&req)
|
p.DecodeJSONReq(&req)
|
||||||
if req.Public {
|
if req.Public {
|
||||||
public = 1
|
public = 1
|
||||||
}
|
}
|
||||||
if !isProjectAdmin(p.userId, projectId) {
|
if !isProjectAdmin(p.userID, projectID) {
|
||||||
beego.Warning("Current user, id:", p.userId, ", does not have project admin role for project, id:", projectId)
|
beego.Warning("Current user, id:", p.userID, ", does not have project admin role for project, id:", projectID)
|
||||||
p.RenderError(http.StatusForbidden, "")
|
p.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = dao.ToggleProjectPublicity(p.projectId, public)
|
err = dao.ToggleProjectPublicity(p.projectID, public)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error while updating project, project id:", projectId, ", error:", err)
|
beego.Error("Error while updating project, project id:", projectID, ", error:", err)
|
||||||
p.RenderError(http.StatusInternalServerError, "Failed to update project")
|
p.RenderError(http.StatusInternalServerError, "Failed to update project")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -159,7 +159,7 @@ func (p *ProjectAPI) Put() {
|
|||||||
func (p *ProjectAPI) FilterAccessLog() {
|
func (p *ProjectAPI) FilterAccessLog() {
|
||||||
|
|
||||||
var filter models.AccessLog
|
var filter models.AccessLog
|
||||||
p.DecodeJsonReq(&filter)
|
p.DecodeJSONReq(&filter)
|
||||||
|
|
||||||
username := filter.Username
|
username := filter.Username
|
||||||
keywords := filter.Keywords
|
keywords := filter.Keywords
|
||||||
@ -167,7 +167,7 @@ func (p *ProjectAPI) FilterAccessLog() {
|
|||||||
beginTime := time.Unix(filter.BeginTimestamp, 0)
|
beginTime := time.Unix(filter.BeginTimestamp, 0)
|
||||||
endTime := time.Unix(filter.EndTimestamp, 0)
|
endTime := time.Unix(filter.EndTimestamp, 0)
|
||||||
|
|
||||||
query := models.AccessLog{ProjectId: p.projectId, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp}
|
query := models.AccessLog{ProjectId: p.projectID, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp}
|
||||||
|
|
||||||
log.Printf("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
|
log.Printf("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
|
||||||
|
|
||||||
@ -180,8 +180,8 @@ func (p *ProjectAPI) FilterAccessLog() {
|
|||||||
p.ServeJSON()
|
p.ServeJSON()
|
||||||
}
|
}
|
||||||
|
|
||||||
func isProjectAdmin(userId int, pid int64) bool {
|
func isProjectAdmin(userID int, pid int64) bool {
|
||||||
userQuery := models.User{UserId: userId, RoleId: models.PROJECTADMIN}
|
userQuery := models.User{UserId: userID, RoleId: models.PROJECTADMIN}
|
||||||
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
rolelist, err := dao.GetUserProjectRoles(userQuery, pid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err, ", returning false")
|
beego.Error("Error occurred in GetUserProjectRoles:", err, ", returning false")
|
||||||
@ -195,7 +195,7 @@ func validateProjectReq(req projectReq) error {
|
|||||||
if len(pn) == 0 {
|
if len(pn) == 0 {
|
||||||
return fmt.Errorf("Project name can not be empty")
|
return fmt.Errorf("Project name can not be empty")
|
||||||
}
|
}
|
||||||
if len(pn) > PROJECT_NAME_MAX_LEN {
|
if len(pn) > projectNameMaxLen {
|
||||||
return fmt.Errorf("Project name is too long")
|
return fmt.Errorf("Project name is too long")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -33,16 +33,16 @@ import (
|
|||||||
|
|
||||||
type RepositoryAPI struct {
|
type RepositoryAPI struct {
|
||||||
BaseAPI
|
BaseAPI
|
||||||
userId int
|
userID int
|
||||||
username string
|
username string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ra *RepositoryAPI) Prepare() {
|
func (ra *RepositoryAPI) Prepare() {
|
||||||
userId, ok := ra.GetSession("userId").(int)
|
userID, ok := ra.GetSession("userId").(int)
|
||||||
if !ok {
|
if !ok {
|
||||||
ra.userId = dao.NON_EXIST_USER_ID
|
ra.userID = dao.NON_EXIST_USER_ID
|
||||||
} else {
|
} else {
|
||||||
ra.userId = userId
|
ra.userID = userID
|
||||||
}
|
}
|
||||||
username, ok := ra.GetSession("username").(string)
|
username, ok := ra.GetSession("username").(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
@ -54,23 +54,23 @@ func (ra *RepositoryAPI) Prepare() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (ra *RepositoryAPI) Get() {
|
func (ra *RepositoryAPI) Get() {
|
||||||
projectId, err0 := ra.GetInt64("project_id")
|
projectID, err0 := ra.GetInt64("project_id")
|
||||||
if err0 != nil {
|
if err0 != nil {
|
||||||
beego.Error("Failed to get project id, error:", err0)
|
beego.Error("Failed to get project id, error:", err0)
|
||||||
ra.RenderError(http.StatusBadRequest, "Invalid project id")
|
ra.RenderError(http.StatusBadRequest, "Invalid project id")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
p, err := dao.GetProjectById(projectId)
|
p, err := dao.GetProjectById(projectID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetProjectById:", err)
|
beego.Error("Error occurred in GetProjectById:", err)
|
||||||
ra.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
ra.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if p == nil {
|
if p == nil {
|
||||||
beego.Warning("Project with Id:", projectId, ", does not exist", projectId)
|
beego.Warning("Project with Id:", projectID, ", does not exist")
|
||||||
ra.RenderError(http.StatusNotFound, "")
|
ra.RenderError(http.StatusNotFound, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if p.Public == 0 && !CheckProjectPermission(ra.userId, projectId) {
|
if p.Public == 0 && !CheckProjectPermission(ra.userID, projectID) {
|
||||||
ra.RenderError(http.StatusForbidden, "")
|
ra.RenderError(http.StatusForbidden, "")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -148,14 +148,14 @@ func (ra *RepositoryAPI) GetManifests() {
|
|||||||
beego.Error("Failed to get manifests for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
|
beego.Error("Failed to get manifests for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
|
||||||
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
||||||
return
|
return
|
||||||
} else {
|
}
|
||||||
mani := Manifest{}
|
mani := Manifest{}
|
||||||
err = json.Unmarshal(result, &mani)
|
err = json.Unmarshal(result, &mani)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Failed to decode json from response for manifests, repo name:", repoName, ", tag:", tag, ", error:", err)
|
beego.Error("Failed to decode json from response for manifests, repo name:", repoName, ", tag:", tag, ", error:", err)
|
||||||
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
||||||
return
|
return
|
||||||
} else {
|
}
|
||||||
v1Compatibility := mani.History[0].V1Compatibility
|
v1Compatibility := mani.History[0].V1Compatibility
|
||||||
|
|
||||||
err = json.Unmarshal([]byte(v1Compatibility), &item)
|
err = json.Unmarshal([]byte(v1Compatibility), &item)
|
||||||
@ -163,12 +163,9 @@ func (ra *RepositoryAPI) GetManifests() {
|
|||||||
beego.Error("Failed to decode V1 field for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
|
beego.Error("Failed to decode V1 field for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
|
||||||
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
|
||||||
return
|
return
|
||||||
} else {
|
}
|
||||||
item.CreatedStr = item.Created.Format("2006-01-02 15:04:05")
|
item.CreatedStr = item.Created.Format("2006-01-02 15:04:05")
|
||||||
item.DurationDays = strconv.Itoa(int(time.Since(item.Created).Hours()/24)) + " days"
|
item.DurationDays = strconv.Itoa(int(time.Since(item.Created).Hours()/24)) + " days"
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ra.Data["json"] = item
|
ra.Data["json"] = item
|
||||||
ra.ServeJSON()
|
ra.ServeJSON()
|
||||||
|
@ -37,14 +37,14 @@ type SearchResult struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (n *SearchAPI) Get() {
|
func (n *SearchAPI) Get() {
|
||||||
userId, ok := n.GetSession("userId").(int)
|
userID, ok := n.GetSession("userId").(int)
|
||||||
if !ok {
|
if !ok {
|
||||||
userId = dao.NON_EXIST_USER_ID
|
userID = dao.NON_EXIST_USER_ID
|
||||||
}
|
}
|
||||||
keyword := n.GetString("q")
|
keyword := n.GetString("q")
|
||||||
projects, err := dao.QueryRelevantProjects(userId)
|
projects, err := dao.QueryRelevantProjects(userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Failed to get projects of user id:", userId, ", error:", err)
|
beego.Error("Failed to get projects of user id:", userID, ", error:", err)
|
||||||
n.CustomAbort(http.StatusInternalServerError, "Failed to get project search result")
|
n.CustomAbort(http.StatusInternalServerError, "Failed to get project search result")
|
||||||
}
|
}
|
||||||
projectSorter := &utils.ProjectSorter{Projects: projects}
|
projectSorter := &utils.ProjectSorter{Projects: projects}
|
||||||
|
38
api/user.go
38
api/user.go
@ -26,46 +26,46 @@ import (
|
|||||||
|
|
||||||
type UserAPI struct {
|
type UserAPI struct {
|
||||||
BaseAPI
|
BaseAPI
|
||||||
currentUid int
|
currentUserID int
|
||||||
userId int
|
userID int
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ua *UserAPI) Prepare() {
|
func (ua *UserAPI) Prepare() {
|
||||||
|
|
||||||
ua.currentUid = ua.ValidateUser()
|
ua.currentUserID = ua.ValidateUser()
|
||||||
id := ua.Ctx.Input.Param(":id")
|
id := ua.Ctx.Input.Param(":id")
|
||||||
if id == "current" {
|
if id == "current" {
|
||||||
ua.userId = ua.currentUid
|
ua.userID = ua.currentUserID
|
||||||
} else if len(id) > 0 {
|
} else if len(id) > 0 {
|
||||||
var err error
|
var err error
|
||||||
ua.userId, err = strconv.Atoi(id)
|
ua.userID, err = strconv.Atoi(id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Invalid user id, error:", err)
|
beego.Error("Invalid user id, error:", err)
|
||||||
ua.CustomAbort(http.StatusBadRequest, "Invalid user Id")
|
ua.CustomAbort(http.StatusBadRequest, "Invalid user Id")
|
||||||
}
|
}
|
||||||
userQuery := models.User{UserId: ua.userId}
|
userQuery := models.User{UserId: ua.userID}
|
||||||
u, err := dao.GetUser(userQuery)
|
u, err := dao.GetUser(userQuery)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if u == nil {
|
if u == nil {
|
||||||
beego.Error("User with Id:", ua.userId, "does not exist")
|
beego.Error("User with Id:", ua.userID, "does not exist")
|
||||||
ua.CustomAbort(http.StatusNotFound, "")
|
ua.CustomAbort(http.StatusNotFound, "")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ua *UserAPI) Get() {
|
func (ua *UserAPI) Get() {
|
||||||
exist, err := dao.IsAdminRole(ua.currentUid)
|
exist, err := dao.IsAdminRole(ua.currentUserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in IsAdminRole:", err)
|
beego.Error("Error occurred in IsAdminRole:", err)
|
||||||
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
|
|
||||||
if ua.userId == 0 { //list users
|
if ua.userID == 0 { //list users
|
||||||
if !exist {
|
if !exist {
|
||||||
beego.Error("Current user, id:", ua.currentUid, ", does not have admin role, can not list users")
|
beego.Error("Current user, id:", ua.currentUserID, ", does not have admin role, can not list users")
|
||||||
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -82,8 +82,8 @@ func (ua *UserAPI) Get() {
|
|||||||
}
|
}
|
||||||
ua.Data["json"] = userList
|
ua.Data["json"] = userList
|
||||||
|
|
||||||
} else if ua.userId == ua.currentUid || exist {
|
} else if ua.userID == ua.currentUserID || exist {
|
||||||
userQuery := models.User{UserId: ua.userId}
|
userQuery := models.User{UserId: ua.userID}
|
||||||
u, err := dao.GetUser(userQuery)
|
u, err := dao.GetUser(userQuery)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
@ -91,7 +91,7 @@ func (ua *UserAPI) Get() {
|
|||||||
}
|
}
|
||||||
ua.Data["json"] = u
|
ua.Data["json"] = u
|
||||||
} else {
|
} else {
|
||||||
beego.Error("Current user, id:", ua.currentUid, "does not have admin role, can not view other user's detail")
|
beego.Error("Current user, id:", ua.currentUserID, "does not have admin role, can not view other user's detail")
|
||||||
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -99,32 +99,32 @@ func (ua *UserAPI) Get() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
|
func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
|
||||||
exist, err := dao.IsAdminRole(ua.currentUid)
|
exist, err := dao.IsAdminRole(ua.currentUserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in IsAdminRole:", err)
|
beego.Error("Error occurred in IsAdminRole:", err)
|
||||||
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if !exist {
|
if !exist {
|
||||||
beego.Warning("current user, id:", ua.currentUid, ", does not have admin role, can not update other user's role")
|
beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not update other user's role")
|
||||||
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
userQuery := models.User{UserId: ua.userId}
|
userQuery := models.User{UserId: ua.userID}
|
||||||
dao.ToggleUserAdminRole(userQuery)
|
dao.ToggleUserAdminRole(userQuery)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ua *UserAPI) Delete() {
|
func (ua *UserAPI) Delete() {
|
||||||
exist, err := dao.IsAdminRole(ua.currentUid)
|
exist, err := dao.IsAdminRole(ua.currentUserID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in IsAdminRole:", err)
|
beego.Error("Error occurred in IsAdminRole:", err)
|
||||||
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
}
|
}
|
||||||
if !exist {
|
if !exist {
|
||||||
beego.Warning("current user, id:", ua.currentUid, ", does not have admin role, can not remove user")
|
beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not remove user")
|
||||||
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
ua.RenderError(http.StatusForbidden, "User does not have admin role")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = dao.DeleteUser(ua.userId)
|
err = dao.DeleteUser(ua.userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Failed to delete data from database, error:", err)
|
beego.Error("Failed to delete data from database, error:", err)
|
||||||
ua.RenderError(http.StatusInternalServerError, "Failed to delete User")
|
ua.RenderError(http.StatusInternalServerError, "Failed to delete User")
|
||||||
|
@ -21,8 +21,8 @@ import (
|
|||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
)
|
)
|
||||||
|
|
||||||
func CheckProjectPermission(userId int, projectId int64) bool {
|
func CheckProjectPermission(userID int, projectID int64) bool {
|
||||||
exist, err := dao.IsAdminRole(userId)
|
exist, err := dao.IsAdminRole(userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in IsAdminRole:", err)
|
beego.Error("Error occurred in IsAdminRole:", err)
|
||||||
return false
|
return false
|
||||||
@ -30,7 +30,7 @@ func CheckProjectPermission(userId int, projectId int64) bool {
|
|||||||
if exist {
|
if exist {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
roleList, err := dao.GetUserProjectRoles(models.User{UserId: userId}, projectId)
|
roleList, err := dao.GetUserProjectRoles(models.User{UserId: userID}, projectID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
beego.Error("Error occurred in GetUserProjectRoles:", err)
|
||||||
return false
|
return false
|
||||||
|
@ -12,10 +12,11 @@
|
|||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
package opt_auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
@ -23,31 +24,31 @@ import (
|
|||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
)
|
)
|
||||||
|
|
||||||
type OptAuth interface {
|
type Authenticator interface {
|
||||||
Validate(auth models.AuthModel) (*models.User, error)
|
Authenticate(m models.AuthModel) (*models.User, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
var registry = make(map[string]OptAuth)
|
var registry = make(map[string]Authenticator)
|
||||||
|
|
||||||
func Register(name string, optAuth OptAuth) {
|
func Register(name string, authenticator Authenticator) {
|
||||||
if _, dup := registry[name]; dup {
|
if _, dup := registry[name]; dup {
|
||||||
panic(name + " already exist.")
|
log.Printf("authenticator: %s has been registered", name)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
registry[name] = optAuth
|
registry[name] = authenticator
|
||||||
}
|
}
|
||||||
|
|
||||||
func Login(auth models.AuthModel) (*models.User, error) {
|
func Login(m models.AuthModel) (*models.User, error) {
|
||||||
|
|
||||||
var authMode string = os.Getenv("AUTH_MODE")
|
var authMode string = os.Getenv("AUTH_MODE")
|
||||||
if authMode == "" || auth.Principal == "admin" {
|
if authMode == "" || m.Principal == "admin" {
|
||||||
authMode = "db_auth"
|
authMode = "db_auth"
|
||||||
}
|
}
|
||||||
beego.Debug("Current AUTH_MODE is ", authMode)
|
beego.Debug("Current AUTH_MODE is ", authMode)
|
||||||
|
|
||||||
optAuth := registry[authMode]
|
authenticator, ok := registry[authMode]
|
||||||
if optAuth == nil {
|
if !ok {
|
||||||
return nil, fmt.Errorf("Unrecognized auth_mode: %s", authMode)
|
return nil, fmt.Errorf("Unrecognized auth_mode: %s", authMode)
|
||||||
}
|
}
|
||||||
return optAuth.Validate(auth)
|
return authenticator.Authenticate(m)
|
||||||
}
|
}
|
@ -15,15 +15,15 @@
|
|||||||
package db
|
package db
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/vmware/harbor/auth"
|
||||||
"github.com/vmware/harbor/dao"
|
"github.com/vmware/harbor/dao"
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/opt_auth"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type DbAuth struct{}
|
type Auth struct{}
|
||||||
|
|
||||||
func (d *DbAuth) Validate(auth models.AuthModel) (*models.User, error) {
|
func (d *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
|
||||||
u, err := dao.LoginByDb(auth)
|
u, err := dao.LoginByDb(m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -31,5 +31,5 @@ func (d *DbAuth) Validate(auth models.AuthModel) (*models.User, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
opt_auth.Register("db_auth", &DbAuth{})
|
auth.Register("db_auth", &Auth{})
|
||||||
}
|
}
|
@ -21,35 +21,34 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/vmware/harbor/auth"
|
||||||
"github.com/vmware/harbor/dao"
|
"github.com/vmware/harbor/dao"
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/opt_auth"
|
|
||||||
|
|
||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
"github.com/mqu/openldap"
|
"github.com/mqu/openldap"
|
||||||
)
|
)
|
||||||
|
|
||||||
type LdapAuth struct{}
|
type Auth struct{}
|
||||||
|
|
||||||
const META_CHARS = "&|!=~*<>()"
|
const metaChars = "&|!=~*<>()"
|
||||||
|
|
||||||
func (l *LdapAuth) Validate(auth models.AuthModel) (*models.User, error) {
|
func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
|
||||||
|
|
||||||
ldapUrl := os.Getenv("LDAP_URL")
|
ldapURL := os.Getenv("LDAP_URL")
|
||||||
if ldapUrl == "" {
|
if ldapURL == "" {
|
||||||
return nil, errors.New("Can not get any available LDAP_URL.")
|
return nil, errors.New("Can not get any available LDAP_URL.")
|
||||||
}
|
}
|
||||||
beego.Debug("ldapUrl:", ldapUrl)
|
beego.Debug("ldapURL:", ldapURL)
|
||||||
|
|
||||||
p := auth.Principal
|
p := m.Principal
|
||||||
for _, c := range META_CHARS {
|
for _, c := range metaChars {
|
||||||
if strings.ContainsRune(p, c) {
|
if strings.ContainsRune(p, c) {
|
||||||
log.Printf("The principal contains meta char: %q", c)
|
return nil, fmt.Errorf("the principal contains meta char: %q", c)
|
||||||
return nil, nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap, err := openldap.Initialize(ldapUrl)
|
ldap, err := openldap.Initialize(ldapURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -62,10 +61,10 @@ func (l *LdapAuth) Validate(auth models.AuthModel) (*models.User, error) {
|
|||||||
return nil, errors.New("Can not get any available LDAP_BASE_DN.")
|
return nil, errors.New("Can not get any available LDAP_BASE_DN.")
|
||||||
}
|
}
|
||||||
|
|
||||||
baseDn := fmt.Sprintf(ldapBaseDn, auth.Principal)
|
baseDn := fmt.Sprintf(ldapBaseDn, m.Principal)
|
||||||
beego.Debug("baseDn:", baseDn)
|
beego.Debug("baseDn:", baseDn)
|
||||||
|
|
||||||
err = ldap.Bind(baseDn, auth.Password)
|
err = ldap.Bind(baseDn, m.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -112,15 +111,15 @@ func (l *LdapAuth) Validate(auth models.AuthModel) (*models.User, error) {
|
|||||||
} else {
|
} else {
|
||||||
u.Password = "12345678AbC"
|
u.Password = "12345678AbC"
|
||||||
u.Comment = "registered from LDAP."
|
u.Comment = "registered from LDAP."
|
||||||
userId, err := dao.Register(u)
|
userID, err := dao.Register(u)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
u.UserId = int(userId)
|
u.UserId = int(userID)
|
||||||
}
|
}
|
||||||
return &u, nil
|
return &u, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
opt_auth.Register("ldap_auth", &LdapAuth{})
|
auth.Register("ldap_auth", &Auth{})
|
||||||
}
|
}
|
@ -17,8 +17,8 @@ package controllers
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/vmware/harbor/auth"
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/opt_auth"
|
|
||||||
|
|
||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
)
|
)
|
||||||
@ -44,7 +44,7 @@ func (c *CommonController) Login() {
|
|||||||
principal := c.GetString("principal")
|
principal := c.GetString("principal")
|
||||||
password := c.GetString("password")
|
password := c.GetString("password")
|
||||||
|
|
||||||
user, err := opt_auth.Login(models.AuthModel{principal, password})
|
user, err := auth.Login(models.AuthModel{principal, password})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in UserLogin:", err)
|
beego.Error("Error occurred in UserLogin:", err)
|
||||||
c.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
c.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
||||||
|
25
main.go
25
main.go
@ -15,14 +15,13 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
|
_ "github.com/vmware/harbor/auth/db"
|
||||||
|
_ "github.com/vmware/harbor/auth/ldap"
|
||||||
"github.com/vmware/harbor/dao"
|
"github.com/vmware/harbor/dao"
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
_ "github.com/vmware/harbor/opt_auth/db"
|
|
||||||
_ "github.com/vmware/harbor/opt_auth/ldap"
|
|
||||||
_ "github.com/vmware/harbor/routers"
|
_ "github.com/vmware/harbor/routers"
|
||||||
|
|
||||||
"os"
|
"os"
|
||||||
@ -31,19 +30,19 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
ADMIN_USER_ID = 1
|
adminUserID = 1
|
||||||
)
|
)
|
||||||
|
|
||||||
func updateInitPassword(userId int, password string) error {
|
func updateInitPassword(userID int, password string) error {
|
||||||
queryUser := models.User{UserId: userId}
|
queryUser := models.User{UserId: userID}
|
||||||
user, err := dao.GetUser(queryUser)
|
user, err := dao.GetUser(queryUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Failed to get user, userId:", userId)
|
log.Println("Failed to get user, userID:", userID)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if user == nil {
|
if user == nil {
|
||||||
log.Printf("User id: %d does not exist.", userId)
|
log.Printf("User id: %d does not exist.", userID)
|
||||||
return errors.New(fmt.Sprintf("User id: %s does not exist.", userId))
|
return fmt.Errorf("User id: %s does not exist.", userID)
|
||||||
} else if user.Salt == "" {
|
} else if user.Salt == "" {
|
||||||
salt, err := dao.GenerateRandomString()
|
salt, err := dao.GenerateRandomString()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -54,12 +53,12 @@ func updateInitPassword(userId int, password string) error {
|
|||||||
user.Password = password
|
user.Password = password
|
||||||
err = dao.ChangeUserPassword(*user)
|
err = dao.ChangeUserPassword(*user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Failed to update user encrypted password, userId: %d, err: %v", userId, err)
|
log.Printf("Failed to update user encrypted password, userID: %d, err: %v", userID, err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
log.Printf("User id: %d updated its encypted password successfully.", userId)
|
log.Printf("User id: %d updated its encypted password successfully.", userID)
|
||||||
} else {
|
} else {
|
||||||
log.Printf("User id: %d already has its encrypted password.", userId)
|
log.Printf("User id: %d already has its encrypted password.", userID)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -68,6 +67,6 @@ func main() {
|
|||||||
|
|
||||||
beego.BConfig.WebConfig.Session.SessionOn = true
|
beego.BConfig.WebConfig.Session.SessionOn = true
|
||||||
dao.InitDB()
|
dao.InitDB()
|
||||||
updateInitPassword(ADMIN_USER_ID, os.Getenv("HARBOR_ADMIN_PASSWORD"))
|
updateInitPassword(adminUserID, os.Getenv("HARBOR_ADMIN_PASSWORD"))
|
||||||
beego.Run()
|
beego.Run()
|
||||||
}
|
}
|
||||||
|
@ -18,8 +18,8 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/vmware/harbor/auth"
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/opt_auth"
|
|
||||||
svc_utils "github.com/vmware/harbor/service/utils"
|
svc_utils "github.com/vmware/harbor/service/utils"
|
||||||
"github.com/vmware/harbor/utils"
|
"github.com/vmware/harbor/utils"
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ func (a *AuthController) serveToken(username, service string, access []*token.Re
|
|||||||
}
|
}
|
||||||
|
|
||||||
func authenticate(principal, password string) bool {
|
func authenticate(principal, password string) bool {
|
||||||
user, err := opt_auth.Login(models.AuthModel{principal, password})
|
user, err := auth.Login(models.AuthModel{principal, password})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error occurred in UserLogin: %v", err)
|
log.Printf("Error occurred in UserLogin: %v", err)
|
||||||
return false
|
return false
|
||||||
|
Loading…
Reference in New Issue
Block a user