mirror of
https://github.com/goharbor/harbor
synced 2024-09-21 08:09:51 +00:00
Make v2auth more strict
This commit enhances the v2auth middleware, such that any un-recognized request sent to /v2/ will be blocked. Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
b4b27aec30
commit
984e8097f1
|
@ -16,8 +16,6 @@ package v2auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/goharbor/harbor/src/lib"
|
|
||||||
lib_http "github.com/goharbor/harbor/src/lib/http"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -28,7 +26,9 @@ import (
|
||||||
"github.com/goharbor/harbor/src/core/config"
|
"github.com/goharbor/harbor/src/core/config"
|
||||||
"github.com/goharbor/harbor/src/core/promgr"
|
"github.com/goharbor/harbor/src/core/promgr"
|
||||||
"github.com/goharbor/harbor/src/core/service/token"
|
"github.com/goharbor/harbor/src/core/service/token"
|
||||||
|
"github.com/goharbor/harbor/src/lib"
|
||||||
"github.com/goharbor/harbor/src/lib/errors"
|
"github.com/goharbor/harbor/src/lib/errors"
|
||||||
|
lib_http "github.com/goharbor/harbor/src/lib/http"
|
||||||
"github.com/goharbor/harbor/src/lib/log"
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -46,6 +46,9 @@ func (rc *reqChecker) check(req *http.Request) (string, error) {
|
||||||
return "", fmt.Errorf("the security context got from request is nil")
|
return "", fmt.Errorf("the security context got from request is nil")
|
||||||
}
|
}
|
||||||
al := accessList(req)
|
al := accessList(req)
|
||||||
|
if len(al) == 0 {
|
||||||
|
return "", fmt.Errorf("un-recognized request: %s %s", req.Method, req.URL.Path)
|
||||||
|
}
|
||||||
|
|
||||||
for _, a := range al {
|
for _, a := range al {
|
||||||
if a.target == login && !securityCtx.IsAuthenticated() {
|
if a.target == login && !securityCtx.IsAuthenticated() {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user