From 54a1155140d95301f436618c10d62e7316e0509a Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Fri, 17 Jul 2020 15:24:18 +0800 Subject: [PATCH] Prevent copying artifact to a proxy cache project Prevent copying artifact to a proxy cache project Signed-off-by: Wenkai Yin --- api/v2.0/swagger.yaml | 10 ++++++++++ src/server/v2.0/handler/artifact.go | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml index bc41ce028..b4774d8ed 100644 --- a/api/v2.0/swagger.yaml +++ b/api/v2.0/swagger.yaml @@ -228,6 +228,8 @@ paths: $ref: '#/responses/403' '404': $ref: '#/responses/404' + '405': + $ref: '#/responses/405' '500': $ref: '#/responses/500' /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}: @@ -1323,6 +1325,14 @@ responses: type: string schema: $ref: '#/definitions/Errors' + '405': + description: Method not allowed + headers: + X-Request-Id: + description: The ID of the corresponding request for the response + type: string + schema: + $ref: '#/definitions/Errors' '409': description: Conflict headers: diff --git a/src/server/v2.0/handler/artifact.go b/src/server/v2.0/handler/artifact.go index 8609a04c7..7818b6fa3 100644 --- a/src/server/v2.0/handler/artifact.go +++ b/src/server/v2.0/handler/artifact.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "github.com/goharbor/harbor/src/controller/event/metadata" + "github.com/goharbor/harbor/src/controller/project" "github.com/goharbor/harbor/src/pkg/notification" "net/http" "strings" @@ -48,6 +49,7 @@ const ( func newArtifactAPI() *artifactAPI { return &artifactAPI{ artCtl: artifact.Ctl, + proCtl: project.Ctl, repoCtl: repository.Ctl, scanCtl: scan.DefaultController, tagCtl: tag.Ctl, @@ -57,6 +59,7 @@ func newArtifactAPI() *artifactAPI { type artifactAPI struct { BaseAPI artCtl artifact.Controller + proCtl project.Controller repoCtl repository.Controller scanCtl scan.Controller tagCtl tag.Controller @@ -152,6 +155,15 @@ func (a *artifactAPI) CopyArtifact(ctx context.Context, params operation.CopyArt return a.SendError(ctx, err) } + pro, err := a.proCtl.GetByName(ctx, params.ProjectName) + if err != nil { + return a.SendError(ctx, err) + } + if pro.RegistryID > 0 { + return a.SendError(ctx, errors.New(nil).WithCode(errors.MethodNotAllowedCode). + WithMessage("cannot copy the artifact to a proxy cache project")) + } + srcRepo, ref, err := parse(params.From) if err != nil { return a.SendError(ctx, err)