mirror of
https://github.com/goharbor/harbor
synced 2024-09-20 10:25:31 +00:00
Update the reg-exp to match v2/catalog api (#13943)
A more strict check is applied such that all requests to /v2/_catalog/... will be verified. Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
b0b19f52d0
commit
b6de84c571
|
@ -27,7 +27,7 @@ var (
|
||||||
// V2BlobUploadURLRe is the regular expression for matching the request to v2 handler to upload a blob, the upload uuid currently is not put into a group
|
// V2BlobUploadURLRe is the regular expression for matching the request to v2 handler to upload a blob, the upload uuid currently is not put into a group
|
||||||
V2BlobUploadURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/uploads[/a-zA-Z0-9\-_\.=]*$`, RepositorySubexp, reference.NameRegexp.String()))
|
V2BlobUploadURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/uploads[/a-zA-Z0-9\-_\.=]*$`, RepositorySubexp, reference.NameRegexp.String()))
|
||||||
// V2CatalogURLRe is the regular expression for mathing the request to v2 handler to list catalog
|
// V2CatalogURLRe is the regular expression for mathing the request to v2 handler to list catalog
|
||||||
V2CatalogURLRe = regexp.MustCompile(`^/v2/_catalog/?$`)
|
V2CatalogURLRe = regexp.MustCompile(`^/v2/_catalog(/.*)?$`)
|
||||||
)
|
)
|
||||||
|
|
||||||
// MatchManifestURLPattern checks whether the provided path matches the manifest URL pattern,
|
// MatchManifestURLPattern checks whether the provided path matches the manifest URL pattern,
|
||||||
|
|
|
@ -80,12 +80,25 @@ func TestMatchCatalogURLPattern(t *testing.T) {
|
||||||
url: "/v2/_catalog/",
|
url: "/v2/_catalog/",
|
||||||
match: true,
|
match: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
url: "/v2/_catalog////",
|
||||||
|
match: true,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
url: "/v2/_catalog/xxx",
|
url: "/v2/_catalog/xxx",
|
||||||
match: false,
|
match: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
url: "/v2/_catalog////#",
|
||||||
|
match: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
url: "/v2/_catalog//#//",
|
||||||
|
match: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, c := range cases {
|
for _, c := range cases {
|
||||||
assert.Equal(t, c.match, len(V2CatalogURLRe.FindStringSubmatch(c.url)) == 1)
|
|
||||||
|
assert.Equal(t, c.match, V2CatalogURLRe.MatchString(c.url), "failed for %s", c.url)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,7 @@ func accessList(req *http.Request) []access {
|
||||||
})
|
})
|
||||||
return l
|
return l
|
||||||
}
|
}
|
||||||
if len(lib.V2CatalogURLRe.FindStringSubmatch(req.URL.Path)) == 1 {
|
if lib.V2CatalogURLRe.MatchString(req.URL.Path) {
|
||||||
l = append(l, access{
|
l = append(l, access{
|
||||||
target: catalog,
|
target: catalog,
|
||||||
})
|
})
|
||||||
|
|
|
@ -85,8 +85,7 @@ func (rc *reqChecker) projectID(name string) (int64, error) {
|
||||||
func getChallenge(req *http.Request, accessList []access) string {
|
func getChallenge(req *http.Request, accessList []access) string {
|
||||||
logger := log.G(req.Context())
|
logger := log.G(req.Context())
|
||||||
auth := req.Header.Get(authHeader)
|
auth := req.Header.Get(authHeader)
|
||||||
if len(auth) > 0 ||
|
if len(auth) > 0 || lib.V2CatalogURLRe.MatchString(req.URL.Path) {
|
||||||
len(lib.V2CatalogURLRe.FindStringSubmatch(req.URL.Path)) == 1 {
|
|
||||||
// Return basic auth challenge by default, incl. request to '/v2/_catalog'
|
// Return basic auth challenge by default, incl. request to '/v2/_catalog'
|
||||||
return `Basic realm="harbor"`
|
return `Basic realm="harbor"`
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user