mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-25 01:58:35 +01:00
300 lines
8.5 KiB
Go
300 lines
8.5 KiB
Go
/*
|
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package api
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/vmware/harbor/dao"
|
|
"github.com/vmware/harbor/models"
|
|
"github.com/vmware/harbor/utils/log"
|
|
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
// ProjectAPI handles request to /api/projects/{} /api/projects/{}/logs
|
|
type ProjectAPI struct {
|
|
BaseAPI
|
|
userID int
|
|
projectID int64
|
|
}
|
|
|
|
type projectReq struct {
|
|
ProjectName string `json:"project_name"`
|
|
Public bool `json:"public"`
|
|
}
|
|
|
|
const projectNameMaxLen int = 30
|
|
|
|
// Prepare validates the URL and the user
|
|
func (p *ProjectAPI) Prepare() {
|
|
idStr := p.Ctx.Input.Param(":id")
|
|
if len(idStr) > 0 {
|
|
var err error
|
|
p.projectID, err = strconv.ParseInt(idStr, 10, 64)
|
|
if err != nil {
|
|
log.Errorf("Error parsing project id: %s, error: %v", idStr, err)
|
|
p.CustomAbort(http.StatusBadRequest, "invalid project id")
|
|
}
|
|
exist, err := dao.ProjectExists(p.projectID)
|
|
if err != nil {
|
|
log.Errorf("Error occurred in ProjectExists, error: %v", err)
|
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
|
}
|
|
if !exist {
|
|
p.CustomAbort(http.StatusNotFound, fmt.Sprintf("project does not exist, id: %v", p.projectID))
|
|
}
|
|
}
|
|
}
|
|
|
|
// Post ...
|
|
func (p *ProjectAPI) Post() {
|
|
p.userID = p.ValidateUser()
|
|
|
|
var req projectReq
|
|
var public int
|
|
p.DecodeJSONReq(&req)
|
|
if req.Public {
|
|
public = 1
|
|
}
|
|
err := validateProjectReq(req)
|
|
if err != nil {
|
|
log.Errorf("Invalid project request, error: %v", err)
|
|
p.RenderError(http.StatusBadRequest, "Invalid request for creating project")
|
|
return
|
|
}
|
|
projectName := req.ProjectName
|
|
exist, err := dao.ProjectExists(projectName)
|
|
if err != nil {
|
|
log.Errorf("Error happened checking project existence in db, error: %v, project name: %s", err, projectName)
|
|
}
|
|
if exist {
|
|
p.RenderError(http.StatusConflict, "")
|
|
return
|
|
}
|
|
project := models.Project{OwnerID: p.userID, Name: projectName, CreationTime: time.Now(), Public: public}
|
|
projectID, err := dao.AddProject(project)
|
|
if err != nil {
|
|
log.Errorf("Failed to add project, error: %v", err)
|
|
p.RenderError(http.StatusInternalServerError, "Failed to add project")
|
|
}
|
|
|
|
p.Redirect(http.StatusCreated, strconv.FormatInt(projectID, 10))
|
|
}
|
|
|
|
// Head ...
|
|
func (p *ProjectAPI) Head() {
|
|
projectName := p.GetString("project_name")
|
|
if len(projectName) == 0 {
|
|
p.CustomAbort(http.StatusBadRequest, "project_name is needed")
|
|
}
|
|
|
|
project, err := dao.GetProjectByName(projectName)
|
|
if err != nil {
|
|
log.Errorf("error occurred in GetProjectByName: %v", err)
|
|
p.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
|
|
}
|
|
|
|
// only public project can be Headed by user without login
|
|
if project != nil && project.Public == 1 {
|
|
return
|
|
}
|
|
|
|
userID := p.ValidateUser()
|
|
if project == nil {
|
|
p.CustomAbort(http.StatusNotFound, http.StatusText(http.StatusNotFound))
|
|
}
|
|
|
|
if !checkProjectPermission(userID, project.ProjectID) {
|
|
p.CustomAbort(http.StatusForbidden, http.StatusText(http.StatusForbidden))
|
|
}
|
|
}
|
|
|
|
// Get ...
|
|
func (p *ProjectAPI) Get() {
|
|
project, err := dao.GetProjectByID(p.projectID)
|
|
if err != nil {
|
|
log.Errorf("failed to get project %d: %v", p.projectID, err)
|
|
p.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
|
|
}
|
|
|
|
if project.Public == 0 {
|
|
userID := p.ValidateUser()
|
|
if !checkProjectPermission(userID, p.projectID) {
|
|
p.CustomAbort(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
|
|
}
|
|
}
|
|
|
|
p.Data["json"] = project
|
|
p.ServeJSON()
|
|
}
|
|
|
|
// List ...
|
|
func (p *ProjectAPI) List() {
|
|
var projectList []models.Project
|
|
projectName := p.GetString("project_name")
|
|
if len(projectName) > 0 {
|
|
projectName = "%" + projectName + "%"
|
|
}
|
|
var public int
|
|
var err error
|
|
isPublic := p.GetString("is_public")
|
|
if len(isPublic) > 0 {
|
|
public, err = strconv.Atoi(isPublic)
|
|
if err != nil {
|
|
log.Errorf("Error parsing public property: %d, error: %v", isPublic, err)
|
|
p.CustomAbort(http.StatusBadRequest, "invalid project Id")
|
|
}
|
|
}
|
|
isAdmin := false
|
|
if public == 1 {
|
|
projectList, err = dao.GetPublicProjects(projectName)
|
|
} else {
|
|
//if the request is not for public projects, user must login or provide credential
|
|
p.userID = p.ValidateUser()
|
|
isAdmin, err = dao.IsAdminRole(p.userID)
|
|
if err != nil {
|
|
log.Errorf("Error occured in check admin, error: %v", err)
|
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
|
}
|
|
if isAdmin {
|
|
projectList, err = dao.GetAllProjects(projectName)
|
|
} else {
|
|
projectList, err = dao.GetUserRelevantProjects(p.userID, projectName)
|
|
}
|
|
}
|
|
if err != nil {
|
|
log.Errorf("Error occured in get projects info, error: %v", err)
|
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
|
}
|
|
for i := 0; i < len(projectList); i++ {
|
|
if public != 1 {
|
|
if isAdmin {
|
|
projectList[i].Role = models.PROJECTADMIN
|
|
}
|
|
if projectList[i].Role == models.PROJECTADMIN {
|
|
projectList[i].Togglable = true
|
|
}
|
|
}
|
|
projectList[i].RepoCount = getRepoCountByProject(projectList[i].Name)
|
|
}
|
|
p.Data["json"] = projectList
|
|
p.ServeJSON()
|
|
}
|
|
|
|
// ToggleProjectPublic handles request POST /api/projects/:id/toggle_project_public
|
|
func (p *ProjectAPI) ToggleProjectPublic() {
|
|
p.userID = p.ValidateUser()
|
|
var req projectReq
|
|
var public int
|
|
|
|
projectID, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64)
|
|
if err != nil {
|
|
log.Errorf("Error parsing project id: %d, error: %v", projectID, err)
|
|
p.RenderError(http.StatusBadRequest, "invalid project id")
|
|
return
|
|
}
|
|
|
|
p.DecodeJSONReq(&req)
|
|
if req.Public {
|
|
public = 1
|
|
}
|
|
if !isProjectAdmin(p.userID, projectID) {
|
|
log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", p.userID, projectID)
|
|
p.RenderError(http.StatusForbidden, "")
|
|
return
|
|
}
|
|
err = dao.ToggleProjectPublicity(p.projectID, public)
|
|
if err != nil {
|
|
log.Errorf("Error while updating project, project id: %d, error: %v", projectID, err)
|
|
p.RenderError(http.StatusInternalServerError, "Failed to update project")
|
|
}
|
|
}
|
|
|
|
// FilterAccessLog handles GET to /api/projects/{}/logs
|
|
func (p *ProjectAPI) FilterAccessLog() {
|
|
p.userID = p.ValidateUser()
|
|
|
|
var filter models.AccessLog
|
|
p.DecodeJSONReq(&filter)
|
|
|
|
username := filter.Username
|
|
keywords := filter.Keywords
|
|
|
|
beginTime := time.Unix(filter.BeginTimestamp, 0)
|
|
endTime := time.Unix(filter.EndTimestamp, 0)
|
|
|
|
query := models.AccessLog{ProjectID: p.projectID, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp}
|
|
|
|
log.Infof("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
|
|
|
|
accessLogList, err := dao.GetAccessLogs(query)
|
|
if err != nil {
|
|
log.Errorf("Error occurred in GetAccessLogs, error: %v", err)
|
|
p.CustomAbort(http.StatusInternalServerError, "Internal error.")
|
|
}
|
|
p.Data["json"] = accessLogList
|
|
|
|
p.ServeJSON()
|
|
}
|
|
|
|
func isProjectAdmin(userID int, pid int64) bool {
|
|
isSysAdmin, err := dao.IsAdminRole(userID)
|
|
if err != nil {
|
|
log.Errorf("Error occurred in IsAdminRole, returning false, error: %v", err)
|
|
return false
|
|
}
|
|
|
|
if isSysAdmin {
|
|
return true
|
|
}
|
|
|
|
rolelist, err := dao.GetUserProjectRoles(userID, pid)
|
|
if err != nil {
|
|
log.Errorf("Error occurred in GetUserProjectRoles, returning false, error: %v", err)
|
|
return false
|
|
}
|
|
|
|
hasProjectAdminRole := false
|
|
for _, role := range rolelist {
|
|
if role.RoleID == models.PROJECTADMIN {
|
|
hasProjectAdminRole = true
|
|
break
|
|
}
|
|
}
|
|
|
|
return hasProjectAdminRole
|
|
}
|
|
|
|
func validateProjectReq(req projectReq) error {
|
|
pn := req.ProjectName
|
|
if len(pn) == 0 {
|
|
return fmt.Errorf("Project name can not be empty")
|
|
}
|
|
if len(pn) > projectNameMaxLen {
|
|
return fmt.Errorf("Project name is too long")
|
|
}
|
|
if isIllegalLength(req.ProjectName, 4, 30) {
|
|
return fmt.Errorf("project name is illegal in length. (greater than 4 or less than 30)")
|
|
}
|
|
if isContainIllegalChar(req.ProjectName, []string{"~", "-", "$", "\\", "[", "]", "{", "}", "(", ")", "&", "^", "%", "*", "<", ">", "\"", "'", "/", "?", "@"}) {
|
|
return fmt.Errorf("project name contains illegal characters")
|
|
}
|
|
return nil
|
|
}
|