mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-01 22:54:20 +01:00
Update APIs to only accept encoded repository name that contains slash
Update APIs to only accept encoded repository name that contains slash Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit is contained in:
parent
42801b76e2
commit
7188e01569
@ -53,11 +53,7 @@ paths:
|
|||||||
$ref: '#/responses/404'
|
$ref: '#/responses/404'
|
||||||
'500':
|
'500':
|
||||||
$ref: '#/responses/500'
|
$ref: '#/responses/500'
|
||||||
# the _self suffix here is used to avoid the conflict of repository name and URL path
|
/projects/{project_name}/repositories/{repository_name}:
|
||||||
# e.g. the repository name can be "library/artifacts", we cannot distinguish the URL
|
|
||||||
# "GET /projects/{project_name}/repositories/library/artifacts" is getting repository
|
|
||||||
# or listing artifacts
|
|
||||||
/projects/{project_name}/repositories/{repository_name}/_self:
|
|
||||||
get:
|
get:
|
||||||
summary: Get repository
|
summary: Get repository
|
||||||
description: Get the repository specified by name
|
description: Get the repository specified by name
|
||||||
@ -671,7 +667,7 @@ parameters:
|
|||||||
repositoryName:
|
repositoryName:
|
||||||
name: repository_name
|
name: repository_name
|
||||||
in: path
|
in: path
|
||||||
description: The name of the repository
|
description: The name of the repository. If it contains slash, encode it with URL encoding. e.g. a/b -> a%252Fb
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
reference:
|
reference:
|
||||||
|
@ -16,12 +16,13 @@ package artifact
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/goharbor/harbor/src/server/v2.0/models"
|
"net/url"
|
||||||
|
|
||||||
cmodels "github.com/goharbor/harbor/src/common/models"
|
cmodels "github.com/goharbor/harbor/src/common/models"
|
||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
"github.com/goharbor/harbor/src/controller/tag"
|
"github.com/goharbor/harbor/src/controller/tag"
|
||||||
"github.com/goharbor/harbor/src/pkg/artifact"
|
"github.com/goharbor/harbor/src/pkg/artifact"
|
||||||
|
"github.com/goharbor/harbor/src/server/v2.0/models"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Artifact is the overall view of artifact
|
// Artifact is the overall view of artifact
|
||||||
@ -39,6 +40,8 @@ func (artifact *Artifact) SetAdditionLink(addition, version string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
projectName, repo := utils.ParseRepository(artifact.RepositoryName)
|
projectName, repo := utils.ParseRepository(artifact.RepositoryName)
|
||||||
|
// encode slash as %252F
|
||||||
|
repo = url.PathEscape(url.PathEscape(repo))
|
||||||
href := fmt.Sprintf("/api/%s/projects/%s/repositories/%s/artifacts/%s/additions/%s", version, projectName, repo, artifact.Digest, addition)
|
href := fmt.Sprintf("/api/%s/projects/%s/repositories/%s/artifacts/%s/additions/%s", version, projectName, repo, artifact.Digest, addition)
|
||||||
|
|
||||||
artifact.AdditionLinks[addition] = &AdditionLink{HREF: href, Absolute: false}
|
artifact.AdditionLinks[addition] = &AdditionLink{HREF: href, Absolute: false}
|
||||||
|
@ -1,100 +0,0 @@
|
|||||||
// Copyright Project Harbor Authors
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package path
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
"net/url"
|
|
||||||
"regexp"
|
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common/api"
|
|
||||||
"github.com/goharbor/harbor/src/server/middleware"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
defaultRegexps = []*regexp.Regexp{
|
|
||||||
regexp.MustCompile(`^/api/` + api.APIVersion + `/projects/.*/repositories/(.*)/_self/?$`),
|
|
||||||
regexp.MustCompile(`^/api/` + api.APIVersion + `/projects/.*/repositories/(.*)/artifacts/?$`),
|
|
||||||
regexp.MustCompile(`^/api/` + api.APIVersion + `/projects/.*/repositories/(.*)/artifacts/.*$`),
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
// EscapeMiddleware middleware which escape path parameters for swagger APIs
|
|
||||||
func EscapeMiddleware() func(http.Handler) http.Handler {
|
|
||||||
return middleware.New(func(w http.ResponseWriter, r *http.Request, next http.Handler) {
|
|
||||||
for _, re := range defaultRegexps {
|
|
||||||
if re.MatchString(r.URL.Path) {
|
|
||||||
r.URL.Path = escape(re, r.URL.Path)
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
next.ServeHTTP(w, r)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func escape(re *regexp.Regexp, path string) string {
|
|
||||||
return replaceAllSubmatchFunc(re, path, func(groups []string) []string {
|
|
||||||
var results []string
|
|
||||||
for _, group := range groups {
|
|
||||||
results = append(results, url.PathEscape(group))
|
|
||||||
}
|
|
||||||
return results
|
|
||||||
}, -1)
|
|
||||||
}
|
|
||||||
|
|
||||||
func replaceAllSubmatchFunc(re *regexp.Regexp, src string, repl func([]string) []string, n int) string {
|
|
||||||
var result string
|
|
||||||
|
|
||||||
last := 0
|
|
||||||
for _, match := range re.FindAllSubmatchIndex([]byte(src), n) {
|
|
||||||
// Append string between our last match and this one (i.e. non-matched string).
|
|
||||||
matchStart := match[0]
|
|
||||||
matchEnd := match[1]
|
|
||||||
result = result + src[last:matchStart]
|
|
||||||
last = matchEnd
|
|
||||||
|
|
||||||
// Determine the groups / submatch string and indices.
|
|
||||||
groups := []string{}
|
|
||||||
indices := [][2]int{}
|
|
||||||
for i := 2; i < len(match); i += 2 {
|
|
||||||
start := match[i]
|
|
||||||
end := match[i+1]
|
|
||||||
groups = append(groups, src[start:end])
|
|
||||||
indices = append(indices, [2]int{start, end})
|
|
||||||
}
|
|
||||||
|
|
||||||
// Replace the groups
|
|
||||||
groups = repl(groups)
|
|
||||||
|
|
||||||
// Append match data.
|
|
||||||
lastGroup := matchStart
|
|
||||||
for i, newValue := range groups {
|
|
||||||
// Append string between our last group match and this one (i.e. non-group-matched string)
|
|
||||||
groupStart := indices[i][0]
|
|
||||||
groupEnd := indices[i][1]
|
|
||||||
result = result + src[lastGroup:groupStart]
|
|
||||||
lastGroup = groupEnd
|
|
||||||
|
|
||||||
// Append the new group value.
|
|
||||||
result = result + newValue
|
|
||||||
}
|
|
||||||
result = result + src[lastGroup:matchEnd] // remaining
|
|
||||||
}
|
|
||||||
|
|
||||||
result = result + src[last:] // remaining
|
|
||||||
|
|
||||||
return result
|
|
||||||
}
|
|
@ -1,84 +0,0 @@
|
|||||||
// Copyright Project Harbor Authors
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package path
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net/http"
|
|
||||||
"net/http/httptest"
|
|
||||||
"regexp"
|
|
||||||
"testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
func Test_escape(t *testing.T) {
|
|
||||||
re := regexp.MustCompile(`/api/v2.0/projects/.*/repositories/(.*)/artifacts`)
|
|
||||||
|
|
||||||
type args struct {
|
|
||||||
re *regexp.Regexp
|
|
||||||
path string
|
|
||||||
}
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
args args
|
|
||||||
want string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
"/api/v2.0/projects/library/repositories/photon/artifacts",
|
|
||||||
args{re, "/api/v2.0/projects/library/repositories/photon/artifacts"},
|
|
||||||
"/api/v2.0/projects/library/repositories/photon/artifacts",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"/api/v2.0/projects/library/repositories/photon/hello-world/artifacts",
|
|
||||||
args{re, "/api/v2.0/projects/library/repositories/photon/hello-world/artifacts"},
|
|
||||||
"/api/v2.0/projects/library/repositories/photon%2Fhello-world/artifacts",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"/api/v2.0/projects/library/repositories/photon/hello-world/artifacts/digest/scan",
|
|
||||||
args{re, "/api/v2.0/projects/library/repositories/photon/hello-world/artifacts/digest/scan"},
|
|
||||||
"/api/v2.0/projects/library/repositories/photon%2Fhello-world/artifacts/digest/scan",
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"/api/v2.0/projects/library/repositories",
|
|
||||||
args{re, "/api/v2.0/projects/library/repositories"},
|
|
||||||
"/api/v2.0/projects/library/repositories",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"/api/v2.0/projects/library/repositories/hello/mariadb/_self",
|
|
||||||
args{regexp.MustCompile(`^/api/v2.0/projects/.*/repositories/(.*)/_self`), "/api/v2.0/projects/library/repositories/hello/mariadb/_self"},
|
|
||||||
"/api/v2.0/projects/library/repositories/hello%2Fmariadb/_self",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
for _, tt := range tests {
|
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
|
||||||
if got := escape(tt.args.re, tt.args.path); got != tt.want {
|
|
||||||
t.Errorf("escape() = %v, want %v", got, tt.want)
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestEscapeMiddleware(t *testing.T) {
|
|
||||||
r := httptest.NewRequest(http.MethodGet, "/api/v2.0/projects/library/repositories/hello/mariadb/_self", nil)
|
|
||||||
w := httptest.NewRecorder()
|
|
||||||
|
|
||||||
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
if r.URL.Path != "/api/v2.0/projects/library/repositories/hello%2Fmariadb/_self" {
|
|
||||||
t.Errorf("escape middleware failed")
|
|
||||||
}
|
|
||||||
w.WriteHeader(http.StatusOK)
|
|
||||||
})
|
|
||||||
|
|
||||||
EscapeMiddleware()(next).ServeHTTP(w, r)
|
|
||||||
}
|
|
@ -139,12 +139,6 @@ func (b *BaseAPI) Links(ctx context.Context, u *url.URL, total, pageNumber, page
|
|||||||
return links
|
return links
|
||||||
}
|
}
|
||||||
ul := *u
|
ul := *u
|
||||||
// try to unescape the repository name which contains escaped slashes
|
|
||||||
if escapedPath, err := url.PathUnescape(ul.Path); err == nil {
|
|
||||||
ul.Path = escapedPath
|
|
||||||
} else {
|
|
||||||
log.Errorf("failed to unescape the path %s: %v", ul.Path, err)
|
|
||||||
}
|
|
||||||
// prev
|
// prev
|
||||||
if pageNumber > 1 && (pageNumber-1)*pageSize < total {
|
if pageNumber > 1 && (pageNumber-1)*pageSize < total {
|
||||||
q := ul.Query()
|
q := ul.Query()
|
||||||
|
@ -100,9 +100,9 @@ func (b *baseHandlerTestSuite) TestLinks() {
|
|||||||
links = b.base.Links(nil, url, 3, 2, 1)
|
links = b.base.Links(nil, url, 3, 2, 1)
|
||||||
b.Require().Len(links, 2)
|
b.Require().Len(links, 2)
|
||||||
b.Equal("prev", links[0].Rel)
|
b.Equal("prev", links[0].Rel)
|
||||||
b.Equal("http://localhost/api/library/hello-world/artifacts?page=1&page_size=1&q=a=~b", links[0].URL)
|
b.Equal("http://localhost/api/library%252Fhello-world/artifacts?page=1&page_size=1&q=a=~b", links[0].URL)
|
||||||
b.Equal("next", links[1].Rel)
|
b.Equal("next", links[1].Rel)
|
||||||
b.Equal("http://localhost/api/library/hello-world/artifacts?page=3&page_size=1&q=a=~b", links[1].URL)
|
b.Equal("http://localhost/api/library%252Fhello-world/artifacts?page=3&page_size=1&q=a=~b", links[1].URL)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBaseHandler(t *testing.T) {
|
func TestBaseHandler(t *testing.T) {
|
||||||
|
@ -21,7 +21,6 @@ import (
|
|||||||
serror "github.com/goharbor/harbor/src/server/error"
|
serror "github.com/goharbor/harbor/src/server/error"
|
||||||
"github.com/goharbor/harbor/src/server/middleware"
|
"github.com/goharbor/harbor/src/server/middleware"
|
||||||
"github.com/goharbor/harbor/src/server/middleware/blob"
|
"github.com/goharbor/harbor/src/server/middleware/blob"
|
||||||
"github.com/goharbor/harbor/src/server/middleware/path"
|
|
||||||
"github.com/goharbor/harbor/src/server/middleware/quota"
|
"github.com/goharbor/harbor/src/server/middleware/quota"
|
||||||
"github.com/goharbor/harbor/src/server/v2.0/restapi"
|
"github.com/goharbor/harbor/src/server/v2.0/restapi"
|
||||||
)
|
)
|
||||||
@ -45,9 +44,7 @@ func New() http.Handler {
|
|||||||
|
|
||||||
api.ServeError = serveError
|
api.ServeError = serveError
|
||||||
|
|
||||||
// HACK: Use path.EscapeMiddleware to escape same patterns of the URL before the swagger handler
|
return h
|
||||||
// eg /api/v2.0/projects/library/repositories/hello/world/artifacts to /api/v2.0/projects/library/repositories/hello%2Fworld/artifacts
|
|
||||||
return path.EscapeMiddleware()(h)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Before executing operation handler, go-swagger will bind a parameters object to a request and validate the request,
|
// Before executing operation handler, go-swagger will bind a parameters object to a request and validate the request,
|
||||||
|
Loading…
Reference in New Issue
Block a user