Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-23 10:45:45 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #618 from ywk253100/security_check_on_jobservice

Browse Source 
add security check on job service
This commit is contained in:
Daniel Jiang 2016-08-05 14:53:38 +08:00 committed by GitHub
commit 4fc9373fec
3 changed files with 57 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
api/jobs/replication.go
View File

@ -46,6 +46,27 @@ type ReplicationReq struct {
TagList []string `json:"tags"` TagList []string `json:"tags"`
} }
// Prepare ...
func (rj *ReplicationJob) Prepare() {
rj.authenticate()
}
func (rj *ReplicationJob) authenticate() {
cookie, err := rj.Ctx.Request.Cookie(models.UISecretCookie)
if err != nil && err != http.ErrNoCookie {
log.Errorf("failed to get cookie %s: %v", models.UISecretCookie, err)
rj.CustomAbort(http.StatusInternalServerError, "")
}
if err == http.ErrNoCookie {
rj.CustomAbort(http.StatusUnauthorized, "")
}
if cookie.Value != config.UISecret() {
rj.CustomAbort(http.StatusForbidden, "")
}
}
// Post creates replication jobs according to the policy. // Post creates replication jobs according to the policy.
func (rj *ReplicationJob) Post() { func (rj *ReplicationJob) Post() {
var data ReplicationReq var data ReplicationReq

9
api/replication_job.go
View File

@ -147,7 +147,14 @@ func (ra *RepJobAPI) GetLog() {
ra.CustomAbort(http.StatusBadRequest, "id is nil") ra.CustomAbort(http.StatusBadRequest, "id is nil")
} }
resp, err := http.Get(buildJobLogURL(strconv.FormatInt(ra.jobID, 10))) req, err := http.NewRequest("GET", buildJobLogURL(strconv.FormatInt(ra.jobID, 10)), nil)
if err != nil {
log.Errorf("failed to create a request: %v", err)
ra.CustomAbort(http.StatusInternalServerError, "")
}
addAuthentication(req)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil { if err != nil {
log.Errorf("failed to get log for job %d: %v", ra.jobID, err) log.Errorf("failed to get log for job %d: %v", ra.jobID, err)
ra.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError)) ra.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))

30
api/utils.go
View File

@ -115,7 +115,14 @@ func TriggerReplication(policyID int64, repository string,
url := buildReplicationURL() url := buildReplicationURL()
resp, err := http.DefaultClient.Post(url, "application/json", bytes.NewBuffer(b)) req, err := http.NewRequest("POST", url, bytes.NewBuffer(b))
if err != nil {
return err
}
addAuthentication(req)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil { if err != nil {
return err return err
} }
@ -188,7 +195,16 @@ func postReplicationAction(policyID int64, acton string) error {
url := buildReplicationActionURL() url := buildReplicationActionURL()
resp, err := http.DefaultClient.Post(url, "application/json", bytes.NewBuffer(b)) req, err := http.NewRequest("POST", url, bytes.NewBuffer(b))
if err != nil {
return err
}
addAuthentication(req)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil { if err != nil {
return err return err
} }
@ -207,6 +223,16 @@ func postReplicationAction(policyID int64, acton string) error {
return fmt.Errorf("%d %s", resp.StatusCode, string(b)) return fmt.Errorf("%d %s", resp.StatusCode, string(b))
} }
func addAuthentication(req *http.Request) {
if req != nil {
req.AddCookie(&http.Cookie{
Name: models.UISecretCookie,
// TODO read secret from config
Value: os.Getenv("UI_SECRET"),
})
}
}
func buildReplicationURL() string { func buildReplicationURL() string {
url := getJobServiceURL() url := getJobServiceURL()
return fmt.Sprintf("%s/api/jobs/replication", url) return fmt.Sprintf("%s/api/jobs/replication", url)