mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-04 16:13:35 +01:00
do not add the authentication header to requests which are not sent to registry
This commit is contained in:
parent
68ab0e5efc
commit
fb9aa78f75
@ -18,6 +18,8 @@ package auth
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
au "github.com/docker/distribution/registry/client/auth"
|
au "github.com/docker/distribution/registry/client/auth"
|
||||||
@ -37,6 +39,7 @@ type Authorizer interface {
|
|||||||
// And it implements interface Modifier
|
// And it implements interface Modifier
|
||||||
type AuthorizerStore struct {
|
type AuthorizerStore struct {
|
||||||
authorizers []Authorizer
|
authorizers []Authorizer
|
||||||
|
ping *url.URL
|
||||||
challenges []au.Challenge
|
challenges []au.Challenge
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -49,15 +52,21 @@ func NewAuthorizerStore(endpoint string, insecure bool, authorizers ...Authorize
|
|||||||
Timeout: 30 * time.Second,
|
Timeout: 30 * time.Second,
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := client.Get(buildPingURL(endpoint))
|
pingURL := buildPingURL(endpoint)
|
||||||
|
resp, err := client.Get(pingURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
challenges := ParseChallengeFromResponse(resp)
|
challenges := ParseChallengeFromResponse(resp)
|
||||||
|
ping, err := url.Parse(pingURL)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &AuthorizerStore{
|
return &AuthorizerStore{
|
||||||
authorizers: authorizers,
|
authorizers: authorizers,
|
||||||
|
ping: ping,
|
||||||
challenges: challenges,
|
challenges: challenges,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -68,6 +77,23 @@ func buildPingURL(endpoint string) string {
|
|||||||
|
|
||||||
// Modify adds authorization to the request
|
// Modify adds authorization to the request
|
||||||
func (a *AuthorizerStore) Modify(req *http.Request) error {
|
func (a *AuthorizerStore) Modify(req *http.Request) error {
|
||||||
|
//only handle the requests sent to registry
|
||||||
|
v2Index := strings.Index(req.URL.Path, "/v2/")
|
||||||
|
if v2Index == -1 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
ping := url.URL{
|
||||||
|
Host: req.URL.Host,
|
||||||
|
Scheme: req.URL.Scheme,
|
||||||
|
Path: req.URL.Path[:v2Index+4],
|
||||||
|
}
|
||||||
|
|
||||||
|
if ping.Host != a.ping.Host || ping.Scheme != a.ping.Scheme ||
|
||||||
|
ping.Path != a.ping.Path {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
for _, challenge := range a.challenges {
|
for _, challenge := range a.challenges {
|
||||||
for _, authorizer := range a.authorizers {
|
for _, authorizer := range a.authorizers {
|
||||||
if authorizer.Scheme() == challenge.Scheme {
|
if authorizer.Scheme() == challenge.Scheme {
|
||||||
|
Loading…
Reference in New Issue
Block a user