Merge remote-tracking branch 'refs/remotes/vmware/master'

2024-11-18 00:05:12 +01:00 · 2016-04-16 15:59:02 +08:00 · 2016-04-16 15:59:02 +08:00 · d4d5b26700
commit d4d5b26700
parent 23170ce806 5414c6f309
10 changed files with 108 additions and 86 deletions
--- a/3
+++ b/3
@ -1,5 +1,6 @@
 # This file lists all individuals having contributed content to the repository.
 Alexander Zeitler <alexander.zeitler at pdmlab.com>
 Amanda Zhang <amzhang at vmware.com>
 Benniu Ji <benniuji at gmail.com>
 Bobby Zhang <junzhang at vmware.com>
@ -9,8 +10,8 @@ Haining Henry Zhang <henryzhang at vmware.com>
 Hao Xia <haox at vmware.com>
 Jack Liu <ljack at vmware.com>
 Kun Wang <kunw at vmware.com>
 Peng Zhao <zhaopeng1988 at gmail.com>
 Shan Zhu <zhus at vmware.com>
 Victoria Zheng <vzheng at vmware.com>
 Wenkai Yin <yinw at vmware.com>
 Yan Wang <wangyan at vmware.com>
--- a/README.md
+++ b/README.md
@ -46,7 +46,7 @@ The host must be connected to the Internet.
 If everything works fine, you can open a browser to visit the admin portal at http://reg.yourdomain.com . The default administrator username and password are admin/Harbor12345 .
-Create a new project, e.g. myproject, in the admin portal. You can then use docker commands to login and push images. The default port of Harbor registry server is 80:
+Log in to the admin portal and create a new project, e.g. myproject. You can then use docker commands to login and push images. The default port of Harbor registry server is 80:
 ```sh
 $ docker login reg.yourdomain.com
 $ docker push reg.yourdomain.com/myproject/myrepo
@ -68,3 +68,6 @@ Harbor is available under the [Apache 2 license](LICENSE).
 ### Users
 <a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>
 ### Supporting Technologies
 <img alt="beego" src="docs/img/beegoLogo.png"> Harbor is powered by <a href="http://beego.me/">Beego</a>, an open source framework to build and develop applications in the Go way.
--- a/api/user.go
+++ b/api/user.go
@ -17,7 +17,9 @@ package api
 import (
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
@ -27,13 +29,35 @@ import (
 // UserAPI handles request to /api/users/{}
 type UserAPI struct {
 	BaseAPI
-	currentUserID int
+	currentUserID    int
-	userID        int
+	userID           int
 	SelfRegistration bool
 	IsAdmin          bool
 	AuthMode         string
 }
 // Prepare validates the URL and parms
 func (ua *UserAPI) Prepare() {
 	authMode := strings.ToLower(os.Getenv("AUTH_MODE"))
 	if authMode == "" {
 		authMode = "db_auth"
 	}
 	ua.AuthMode = authMode
 	selfRegistration := strings.ToLower(os.Getenv("SELF_REGISTRATION"))
 	if selfRegistration == "on" {
 		ua.SelfRegistration = true
 	}
 	if ua.Ctx.Input.IsPost() {
 		sessionUserID := ua.GetSession("userId")
 		_, _, ok := ua.Ctx.Request.BasicAuth()
 		if sessionUserID == nil && !ok {
 			return
 		}
 	}
 	ua.currentUserID = ua.ValidateUser()
 	id := ua.Ctx.Input.Param(":id")
 	if id == "current" {
@ -56,18 +80,20 @@ func (ua *UserAPI) Prepare() {
 			ua.CustomAbort(http.StatusNotFound, "")
 		}
 	}
 	var err error
 	ua.IsAdmin, err = dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
 		log.Errorf("Error occurred in IsAdminRole:%v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 }
 // Get ...
 func (ua *UserAPI) Get() {
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
 		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if ua.userID == 0 { //list users
-		if !exist {
+		if !ua.IsAdmin {
 			log.Errorf("Current user, id: %d does not have admin role, can not list users", ua.currentUserID)
 			ua.RenderError(http.StatusForbidden, "User does not have admin role")
 			return
@ -85,7 +111,7 @@ func (ua *UserAPI) Get() {
 		}
 		ua.Data["json"] = userList
-	} else if ua.userID == ua.currentUserID || exist {
+	} else if ua.userID == ua.currentUserID || ua.IsAdmin {
 		userQuery := models.User{UserID: ua.userID}
 		u, err := dao.GetUser(userQuery)
 		if err != nil {
@ -103,12 +129,7 @@ func (ua *UserAPI) Get() {
 // Put ...
 func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
-	exist, err := dao.IsAdminRole(ua.currentUserID)
+	if !ua.IsAdmin {
 	if err != nil {
 		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
 		log.Warningf("current user, id: %d does not have admin role, can not update other user's role", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
@ -117,18 +138,38 @@ func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
 	dao.ToggleUserAdminRole(userQuery)
 }
 // Post ...
 func (ua *UserAPI) Post() {
 	if !(ua.AuthMode == "db_auth") {
 		ua.CustomAbort(http.StatusForbidden, "")
 	}
 	if !(ua.SelfRegistration || ua.IsAdmin) {
 		log.Warning("Registration can only be used by admin role user when self-registration is off.")
 		ua.CustomAbort(http.StatusForbidden, "")
 	}
 	user := models.User{}
 	ua.DecodeJSONReq(&user)
 	_, err := dao.Register(user)
 	if err != nil {
 		log.Errorf("Error occurred in Register: %v", err)
 		ua.RenderError(http.StatusInternalServerError, "Internal error.")
 		return
 	}
 }
 // Delete ...
 func (ua *UserAPI) Delete() {
-	exist, err := dao.IsAdminRole(ua.currentUserID)
+	if !ua.IsAdmin {
 	if err != nil {
 		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
 		log.Warningf("current user, id: %d does not have admin role, can not remove user", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
 	var err error
 	err = dao.DeleteUser(ua.userID)
 	if err != nil {
 		log.Errorf("Failed to delete data from database, error: %v", err)
--- a/controllers/register.go
+++ b/controllers/register.go
@ -17,7 +17,6 @@ package controllers
 import (
 	"net/http"
 	"strings"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
@ -65,33 +64,6 @@ func (ac *AddUserController) Get() {
 	}
 }
 // SignUp insert data into DB based on data in form.
 func (cc *CommonController) SignUp() {
 	if !(cc.AuthMode == "db_auth") {
 		cc.CustomAbort(http.StatusForbidden, "")
 	}
 	if !(cc.SelfRegistration || cc.IsAdmin) {
 		log.Warning("Registration can only be used by admin role user when self-registration is off.")
 		cc.CustomAbort(http.StatusForbidden, "")
 	}
 	username := strings.TrimSpace(cc.GetString("username"))
 	email := strings.TrimSpace(cc.GetString("email"))
 	realname := strings.TrimSpace(cc.GetString("realname"))
 	password := strings.TrimSpace(cc.GetString("password"))
 	comment := strings.TrimSpace(cc.GetString("comment"))
 	user := models.User{Username: username, Email: email, Realname: realname, Password: password, Comment: comment}
 	_, err := dao.Register(user)
 	if err != nil {
 		log.Errorf("Error occurred in Register: %v", err)
 		cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 }
 // UserExists checks if user exists when user input value in sign in form.
 func (cc *CommonController) UserExists() {
 	target := cc.GetString("target")
--- a/docs/configure_https.md
+++ b/docs/configure_https.md
@ -1,8 +1,8 @@
-#Configure Harbor with HTTPS Access 
+#Configuring Harbor with HTTPS Access 
 Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relatively simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https.
-##Get a certificate
+##Getting a certificate
 Assuming that your registry's **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor. You first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
@ -22,7 +22,7 @@ In a test or development environment, you may choose to use a self-signed certif
 ```
 3) Generate the certificate of your registry host:
-You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
+You need to configure openssl first. On Ubuntu, the config file locates at **/etc/ssl/openssl.cnf**. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let's create necessary directories and files:
 ```
  mkdir demoCA
  cd demoCA
@ -40,7 +40,11 @@ After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, cha
 ```
  cd Deploy/config/nginx
 ```
-Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
+Create a new directory cert/, if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/, e.g. :
 ```
  cp yourdomain.com.crt cert/
  cp yourdomain.com.key cert/ 
 ```
 Rename the existing configuration file of Nginx:
 ```
--- a/docs/img/beegoLogo.png
+++ b/docs/img/beegoLogo.png
--- a/docs/installation_guide.md
+++ b/docs/installation_guide.md
@ -28,7 +28,7 @@ Before installing Harbor, you should configure the parameters in the file **harb
 At minimum, you need to change the **hostname** attribute in **harbor.cfg**. The description of each attribute is as follows:  
 **hostname**: The hostname for a user to access the user interface and the registry service. It should be the IP address or the fully qualified domain name (FQDN) of your target machine, for example 192.168.1.10 or reg.yourdomain.com . Do NOT use localhost or 127.0.0.1 for the hostname because the registry service needs to be accessed by external clients.  
-**ui_url_protocol**: The protocol for accessing the user interface and the token/notification service, by default it is http.  
+**ui_url_protocol**: The protocol for accessing the user interface and the token/notification service, by default it is http. To set up the https protocol, refer to [Configuring Harbor with HTTPS Access](configure_https.md).  
 **Email settings**: the following 5 attributes are used to send an email to reset a user's password,  they are not mandatory unless the password reset function is needed in Harbor.  
 * email_server = smtp.mydomain.com 
 * email_server_port = 25
@ -40,8 +40,9 @@ At minimum, you need to change the **hostname** attribute in **harbor.cfg**. The
 **auth_mode**: The authentication mode of Harbor. By default it is *db_auth*, i.e. the credentials are stored in a database. Please set it to *ldap_auth* if you want to verify user's credentials against an LDAP server.  
 **ldap_url**: The URL for LDAP endpoint, for example ldaps://ldap.mydomain.com. It is only used when **auth_mode** is set to *ldap_auth*.    
 **ldap_basedn**: The basedn template for verifying the user's credentials against LDAP, for example uid=%s,ou=people,dc=mydomain,dc=com.  It is only used when **auth_mode** is set to *ldap_auth*.  
-**db_password**: The password of root user of mySQL database.  
+**db_password**: The password of root user of mySQL database. Change this password for any production use.  
 **self_registration**: The flag to turn on or off the user self-registration function. If this flag is turned off, only an admin user can create new users in Harbor. The default value is on. 
 NOTE: When **auth_mode** is *ldap_auth*, the self-registration feature is always disabled, therefore, this flag is ignored.  
 #### Building and starting Harbor
 After configuring harbor.cfg, build and start Harbor by the following commands. Because it requires downloading necessary files from the Internet, it may take a while for the docker-compose process to finish.  
@ -61,7 +62,7 @@ After configuring harbor.cfg, build and start Harbor by the following commands.
 If everything works fine, you can open a browser to visit the admin portal at http://reg.yourdomain.com . The default administrator username and password are admin/Harbor12345 .
-Create a new project, e.g. myproject, in the admin portal. You can then use docker commands to login and push images. The default port of Harbor registry server is 80:
+Log in to the admin portal and create a new project, e.g. myproject. You can then use docker commands to login and push images. The default port of Harbor registry server is 80:
 ```sh
 $ docker login reg.yourdomain.com
 $ docker push reg.yourdomain.com/myproject/myrepo
@ -96,7 +97,7 @@ $ sudo docker-compose up -d
 ......
 ```
-### Deploying Harbor to a target machine that does not have Internet access
+### Deploying Harbor to a host which does not have Internet access
 When you run *docker-compose up* to start Harbor, it will pull base images from Docker Hub and build new images for the containers. This process requires accessing the Internet. If you want to deploy Harbor to a host that is not connected to the Internet, you need to prepare Harbor on a machine that has access to the Internet. After that, you export the images as tgz files and transfer them to the target machine. Then load the tgz file into Docker's local image repo.
 #### Building and saving images for offline installation
@ -121,8 +122,10 @@ $ cd ../
 $ tar -cvzf harbor_offline-0.1.1.tgz harbor
 ```
-The file **harbor_offline-0.1.1.tgz** contains the images saved by previously steps and the files required to start Harbor.
+The file **harbor_offline-0.1.1.tgz** contains the images saved by previous steps and the other files required to start Harbor.
-You can use tools such as scp to transfer the file **harbor_offline-0.1.1.tgz** to the target machine that does not have Internet connection. On the target machine, you can execute the following commands to start Harbor. Again, before running the **prepare** script, be sure to update **harbor.cfg** to reflect the right configuration of the target machine. (Refer to Section [Configure Harbor](#configuring-harbor) .)
+You can use tools such as scp to transfer the file **harbor_offline-0.1.1.tgz** to the target machine that does not have Internet connection. 
 On the target machine, you can execute the following commands to start Harbor. Again, before running the **prepare** script, 
 be sure to update **harbor.cfg** to reflect the right configuration of the target machine. (Refer to Section [Configuring Harbor](#configuring-harbor) .)
 ```
 $ tar -xzvf harbor_offline-0.1.1.tgz  
 $ cd harbor  
--- a/models/user.go
+++ b/models/user.go
@ -22,11 +22,11 @@ import (
 // User holds the details of a user.
 type User struct {
 	UserID       int    `orm:"column(user_id)" json:"UserId"`
-	Username     string `orm:"column(username)"`
+	Username     string `orm:"column(username)" json:"username"`
-	Email        string `orm:"column(email)"`
+	Email        string `orm:"column(email)" json:"email"`
-	Password     string `orm:"column(password)"`
+	Password     string `orm:"column(password)" json:"password"`
-	Realname     string `orm:"column(realname)"`
+	Realname     string `orm:"column(realname)" json:"realname"`
-	Comment      string `orm:"column(comment)"`
+	Comment      string `orm:"column(comment)" json:"comment"`
 	Deleted      int    `orm:"column(deleted)"`
 	Rolename     string
 	RoleID       int `json:"RoleId"`
--- a/static/resources/js/register.js
+++ b/static/resources/js/register.js
@ -38,14 +38,25 @@ jQuery(function(){
            var comment  = $.trim($("#Comment").val());
            var isAdmin = $("#isAdmin").val();
-			$.ajax({
+			new AjaxUtil({
-				url : '/signUp',
+				url : "/api/users",
-				data:{username: username, password: password, realname: realname, comment: comment, email: email},
+				data: {"username": username, "password": password, "realname": realname, "comment": comment, "email": email},
 				type: "POST",
 				beforeSend: function(e){
 					$("#btnPageSignUp").prop("disabled", true);
 				},
-				success: function(data, status, xhr){
+				error:function(jqxhr, status, error){
 					$("#dlgModal")
 							.dialogModal({
 								"title": i18n.getMessage("title_sign_up"), 
 								"content": i18n.getMessage("internal_error"),
 								"callback": function(){ 								
 									return;
 								}
 							});
 				},
 				complete: function(xhr, status){
 					$("#btnPageSignUp").prop("disabled", false);
 					if(xhr && xhr.status == 200){
 						$("#dlgModal")
 							.dialogModal({
@ -60,21 +71,8 @@ jQuery(function(){
 								}
 							});
 					}
 				},
 				error:function(jqxhr, status, error){
 					$("#dlgModal")
 							.dialogModal({
 								"title": i18n.getMessage("title_sign_up"), 
 								"content": i18n.getMessage("internal_error"),
 								"callback": function(){ 								
 									return;
 								}
 							});
 				},
 				complete: function(){
 					$("#btnPageSignUp").prop("disabled", false);
 				}
-			});
+			}).exec();
 		});
 	});
 });
--- a/ui/router.go
+++ b/ui/router.go
@ -32,7 +32,6 @@ func initRouters() {
 	beego.Router("/login", &controllers.CommonController{}, "post:Login")
 	beego.Router("/logout", &controllers.CommonController{}, "get:Logout")
 	beego.Router("/language", &controllers.CommonController{}, "get:SwitchLanguage")
 	beego.Router("/signUp", &controllers.CommonController{}, "post:SignUp")
 	beego.Router("/userExists", &controllers.CommonController{}, "post:UserExists")
 	beego.Router("/reset", &controllers.CommonController{}, "post:ResetPassword")
 	beego.Router("/sendEmail", &controllers.CommonController{}, "get:SendEmail")
@ -56,6 +55,7 @@ func initRouters() {
 	beego.Router("/api/projects/:pid/members/?:mid", &api.ProjectMemberAPI{})
 	beego.Router("/api/projects/?:id", &api.ProjectAPI{})
 	beego.Router("/api/projects/:id/logs/filter", &api.ProjectAPI{}, "post:FilterAccessLog")
 	beego.Router("/api/users", &api.UserAPI{})
 	beego.Router("/api/users/?:id", &api.UserAPI{})
 	beego.Router("/api/repositories", &api.RepositoryAPI{})
 	beego.Router("/api/repositories/tags", &api.RepositoryAPI{}, "get:GetTags")