upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2024-09-21 08:09:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make v2auth more strict

Browse Source 
This commit enhances the v2auth middleware, such that any
un-recognized request sent to /v2/ will be blocked.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2021-05-31 15:29:25 +08:00
parent b4b27aec30
commit 984e8097f1
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/server/middleware/v2auth/auth.go
View File

@ -16,8 +16,6 @@ package v2auth
import ( import (
"fmt" "fmt"
"github.com/goharbor/harbor/src/lib"
lib_http "github.com/goharbor/harbor/src/lib/http"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -28,7 +26,9 @@ import (
"github.com/goharbor/harbor/src/core/config" "github.com/goharbor/harbor/src/core/config"
"github.com/goharbor/harbor/src/core/promgr" "github.com/goharbor/harbor/src/core/promgr"
"github.com/goharbor/harbor/src/core/service/token" "github.com/goharbor/harbor/src/core/service/token"
"github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/errors"
lib_http "github.com/goharbor/harbor/src/lib/http"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
) )
@ -46,6 +46,9 @@ func (rc *reqChecker) check(req *http.Request) (string, error) {
return "", fmt.Errorf("the security context got from request is nil") return "", fmt.Errorf("the security context got from request is nil")
} }
al := accessList(req) al := accessList(req)
if len(al) == 0 {
return "", fmt.Errorf("un-recognized request: %s %s", req.Method, req.URL.Path)
}
for _, a := range al { for _, a := range al {
if a.target == login && !securityCtx.IsAuthenticated() { if a.target == login && !securityCtx.IsAuthenticated() {