mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-25 01:58:35 +01:00
filter request for basic auth in integration mode
This commit is contained in:
parent
3ebe1a824b
commit
d2eb8fc8b6
@ -126,11 +126,18 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
|||||||
}
|
}
|
||||||
log.Debug("got user information via basic auth")
|
log.Debug("got user information via basic auth")
|
||||||
|
|
||||||
var securCtx security.Context
|
|
||||||
var pm projectmanager.ProjectManager
|
|
||||||
|
|
||||||
if config.WithAdmiral() {
|
|
||||||
// integration with admiral
|
// integration with admiral
|
||||||
|
if config.WithAdmiral() {
|
||||||
|
// Can't get a token from Admiral's login API, we can only
|
||||||
|
// create a project manager with the token of the solution user.
|
||||||
|
// That way may cause some wrong permission promotion in some API
|
||||||
|
// calls, so we just handle the requests which are necessary
|
||||||
|
if !filterReq(ctx.Request) {
|
||||||
|
log.Debugf("basic auth is not supported for request %s %s, skip",
|
||||||
|
ctx.Request.Method, ctx.Request.URL.Path)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
authCtx, err := authcontext.Login(config.AdmiralClient,
|
authCtx, err := authcontext.Login(config.AdmiralClient,
|
||||||
config.AdmiralEndpoint(), username, password)
|
config.AdmiralEndpoint(), username, password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -139,10 +146,14 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
log.Debug("using glocal project manager...")
|
log.Debug("using glocal project manager...")
|
||||||
pm = config.GlobalProjectMgr
|
pm := config.GlobalProjectMgr
|
||||||
log.Debug("creating admiral security context...")
|
log.Debug("creating admiral security context...")
|
||||||
securCtx = admiral.NewSecurityContext(authCtx, pm)
|
securCtx := admiral.NewSecurityContext(authCtx, pm)
|
||||||
} else {
|
|
||||||
|
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// standalone
|
// standalone
|
||||||
user, err := auth.Login(models.AuthModel{
|
user, err := auth.Login(models.AuthModel{
|
||||||
Principal: username,
|
Principal: username,
|
||||||
@ -157,16 +168,23 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
log.Debug("using local database project manager")
|
log.Debug("using local database project manager")
|
||||||
pm = config.GlobalProjectMgr
|
pm := config.GlobalProjectMgr
|
||||||
log.Debug("creating local database security context...")
|
log.Debug("creating local database security context...")
|
||||||
securCtx = local.NewSecurityContext(user, pm)
|
securCtx := local.NewSecurityContext(user, pm)
|
||||||
}
|
|
||||||
|
|
||||||
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
setSecurCtxAndPM(ctx.Request, securCtx, pm)
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func filterReq(req *http.Request) bool {
|
||||||
|
path := req.URL.Path
|
||||||
|
if path == "/api/projects" && req.Method == http.MethodPost ||
|
||||||
|
path == "/service/token" && req.Method == http.MethodGet {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
type sessionReqCtxModifier struct{}
|
type sessionReqCtxModifier struct{}
|
||||||
|
|
||||||
func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
|
||||||
|
Loading…
Reference in New Issue
Block a user