✨ Change distribution user get func

go-sigma · Apr 11, 2024 · 9729129 · 9729129
1 parent 733ea83
commit 9729129
Show file tree

Hide file tree

Showing 16 changed files with 259 additions and 87 deletions.
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
@@ -49,12 +49,21 @@ jobs:
         with:
           username: tosone
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
-      - name: Install latest Skopeo # GitHub's ubuntu 22 uses Skopeo 1.4 but we need 1.14
+      - name: Build latest skopeo
         run: |
-          echo 'deb http://download.opensuse.org/repositories/home:/alvistack/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/home:alvistack.list
-          curl -fsSL https://download.opensuse.org/repositories/home:alvistack/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_alvistack.gpg > /dev/null
-          sudo apt update
-          sudo apt -o Dpkg::Options::="--force-overwrite" install skopeo
+          git clone --depth 1 --branch v1.15.0 https://github.com/containers/skopeo.git
+          cd skopeo
+          DISABLE_CGO=1 make bin/skopeo
+          sudo cp ./bin/skopeo /usr/bin/skopeo
+          cd ..
+          rm -rf skopeo
+          skopeo --version
+      # - name: Install latest Skopeo # GitHub's ubuntu 22 uses Skopeo 1.4 but we need 1.14
+      #   run: |
+      #     echo 'deb http://download.opensuse.org/repositories/home:/alvistack/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/home:alvistack.list
+      #     curl -fsSL https://download.opensuse.org/repositories/home:alvistack/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_alvistack.gpg > /dev/null
+      #     sudo apt update
+      #     sudo apt -o Dpkg::Options::="--force-overwrite" install skopeo
       - name: Save dockerfile to local
         run: |
           make dockerfile-local

diff --git a/pkg/handlers/distribution/base/repository_list.go b/pkg/handlers/distribution/base/repository_list.go
@@ -25,26 +25,22 @@ import (
 	"github.com/rs/zerolog/log"
 	"gorm.io/gorm"
 
-	"github.com/go-sigma/sigma/pkg/consts"
 	"github.com/go-sigma/sigma/pkg/dal/models"
+	"github.com/go-sigma/sigma/pkg/utils"
 	"github.com/go-sigma/sigma/pkg/xerrors"
 )
 
 // ListRepositories handles the list repositories request
 func (h *handler) ListRepositories(c echo.Context) error {
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	var n = 1000
-	var err error
 	var nStr = c.QueryParam("n")
 	if nStr != "" {
 		n, err = strconv.Atoi(nStr)

diff --git a/pkg/handlers/distribution/base/tags_list.go b/pkg/handlers/distribution/base/tags_list.go
@@ -29,7 +29,6 @@ import (
 	"github.com/rs/zerolog/log"
 	"gorm.io/gorm"
 
-	"github.com/go-sigma/sigma/pkg/consts"
 	"github.com/go-sigma/sigma/pkg/dal/models"
 	"github.com/go-sigma/sigma/pkg/types/enums"
 	"github.com/go-sigma/sigma/pkg/utils"
@@ -41,15 +40,12 @@ var listTagsReg = regexp.MustCompile(fmt.Sprintf(`^/v2/%s/tags/list$`, reference
 
 // ListTags handles the list tags request
 func (h *handler) ListTags(c echo.Context) error {
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	var uri = c.Request().URL.Path
@@ -58,7 +54,6 @@ func (h *handler) ListTags(c echo.Context) error {
 	}
 
 	var n = 1000
-	var err error
 	var nStr = c.QueryParam("n")
 	if nStr != "" {
 		n, err = strconv.Atoi(nStr)

diff --git a/pkg/handlers/distribution/blob/blob_delete.go b/pkg/handlers/distribution/blob/blob_delete.go
@@ -37,10 +37,13 @@ import (
 func (h *handler) DeleteBlob(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	user, err := utils.GetUserFromCtx(c)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
 	if err != nil {
 		return err
 	}
+	if needRet {
+		return nil
+	}
 
 	uri := c.Request().URL.Path
 

diff --git a/pkg/handlers/distribution/blob/blob_get.go b/pkg/handlers/distribution/blob/blob_get.go
@@ -47,10 +47,13 @@ import (
 func (h *handler) GetBlob(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	user, err := utils.GetUserFromCtx(c)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
 	if err != nil {
 		return err
 	}
+	if needRet {
+		return nil
+	}
 
 	uri := c.Request().URL.Path
 

diff --git a/pkg/handlers/distribution/blob/blob_head.go b/pkg/handlers/distribution/blob/blob_head.go
@@ -38,10 +38,13 @@ import (
 func (h *handler) HeadBlob(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	user, err := utils.GetUserFromCtx(c)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
 	if err != nil {
 		return err
 	}
+	if needRet {
+		return nil
+	}
 
 	uri := c.Request().URL.Path
 

diff --git a/pkg/handlers/distribution/manifest/manifest_delete.go b/pkg/handlers/distribution/manifest/manifest_delete.go
@@ -25,7 +25,6 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/go-sigma/sigma/pkg/consts"
-	"github.com/go-sigma/sigma/pkg/dal/models"
 	"github.com/go-sigma/sigma/pkg/dal/query"
 	"github.com/go-sigma/sigma/pkg/types/enums"
 	"github.com/go-sigma/sigma/pkg/utils"
@@ -41,15 +40,12 @@ import (
 func (h *handler) DeleteManifest(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	uri := c.Request().URL.Path

diff --git a/pkg/handlers/distribution/manifest/manifest_get.go b/pkg/handlers/distribution/manifest/manifest_get.go
@@ -25,7 +25,6 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/go-sigma/sigma/pkg/consts"
-	"github.com/go-sigma/sigma/pkg/dal/models"
 	"github.com/go-sigma/sigma/pkg/types/enums"
 	"github.com/go-sigma/sigma/pkg/utils"
 	"github.com/go-sigma/sigma/pkg/utils/imagerefs"
@@ -38,15 +37,12 @@ import (
 func (h *handler) GetManifest(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	uri := c.Request().URL.Path

diff --git a/pkg/handlers/distribution/manifest/manifest_head.go b/pkg/handlers/distribution/manifest/manifest_head.go
@@ -26,7 +26,6 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/go-sigma/sigma/pkg/consts"
-	"github.com/go-sigma/sigma/pkg/dal/models"
 	"github.com/go-sigma/sigma/pkg/types/enums"
 	"github.com/go-sigma/sigma/pkg/utils"
 	"github.com/go-sigma/sigma/pkg/utils/imagerefs"
@@ -39,15 +38,12 @@ import (
 func (h *handler) HeadManifest(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	uri := c.Request().URL.Path

diff --git a/pkg/handlers/distribution/manifest/manifest_put.go b/pkg/handlers/distribution/manifest/manifest_put.go
@@ -54,15 +54,12 @@ const maxManifestBodySize = 4 << 20
 func (h *handler) PutManifest(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
-	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
+	}
+	if needRet {
+		return nil
 	}
 
 	uri := c.Request().URL.Path

diff --git a/pkg/handlers/distribution/upload/upload_post.go b/pkg/handlers/distribution/upload/upload_post.go
@@ -43,15 +43,12 @@ import (
 func (h *handler) PostUpload(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	host := c.Request().Host

diff --git a/pkg/handlers/distribution/upload/upload_put.go b/pkg/handlers/distribution/upload/upload_put.go
@@ -45,21 +45,22 @@ import (
 func (h *handler) PutUpload(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	iuser := c.Get(consts.ContextUser)
-	if iuser == nil {
-		log.Error().Msg("Get user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	user, needRet, err := utils.GetUserFromCtxForDs(c)
+	if err != nil {
+		return err
 	}
-	user, ok := iuser.(*models.User)
-	if !ok {
-		log.Error().Msg("Convert user from header failed")
-		return xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+	if needRet {
+		return nil
 	}
 
 	uri := c.Request().URL.Path
-	uploadID := strings.TrimPrefix(uri[strings.LastIndex(uri, "/"):], "/")
 	c.Response().Header().Set("Location", fmt.Sprintf("%s://%s%s", c.Scheme(), c.Request().Host, uri))
 
+	uploadID := strings.TrimPrefix(uri[strings.LastIndex(uri, "/"):], "/")
+	if strings.Contains(uploadID, "/") {
+		return xerrors.NewDSError(c, xerrors.DSErrCodeBlobUploadInvalid)
+	}
+
 	repository := strings.TrimPrefix(strings.TrimSuffix(uri[:strings.LastIndex(uri, "/")], "/blobs"), "/v2/")
 	_, namespace, _, _, err := imagerefs.Parse(repository)
 	if err != nil {

diff --git a/pkg/handlers/users/users_login.go b/pkg/handlers/users/users_login.go
@@ -43,10 +43,13 @@ import (
 func (h *handler) Login(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	user, err := utils.GetUserFromCtx(c)
+	user, needRet, err := utils.GetUserFromCtx(c)
 	if err != nil {
 		return err
 	}
+	if needRet {
+		return nil
+	}
 
 	userService := h.userServiceFactory.New()
 	err = userService.UpdateByID(ctx, user.ID, map[string]any{

diff --git a/pkg/handlers/webhooks/webhooks_create.go b/pkg/handlers/webhooks/webhooks_create.go
@@ -51,10 +51,13 @@ import (
 func (h *handler) PostWebhook(c echo.Context) error {
 	ctx := log.Logger.WithContext(c.Request().Context())
 
-	user, err := utils.GetUserFromCtx(c)
+	user, needRet, err := utils.GetUserFromCtx(c)
 	if err != nil {
 		return err
 	}
+	if needRet {
+		return nil
+	}
 
 	var req types.PostWebhookRequest
 	err = utils.BindValidate(c, &req)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -197,16 +197,31 @@ func UnwrapJoinedErrors(err error) string {
 }
 
 // GetUserFromCtx ...
-func GetUserFromCtx(c echo.Context) (*models.User, error) {
+func GetUserFromCtx(c echo.Context) (*models.User, bool, error) {
 	iuser := c.Get(consts.ContextUser)
 	if iuser == nil {
 		log.Error().Msg("Get user from header failed")
-		return nil, xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+		return nil, true, xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
 	}
 	user, ok := iuser.(*models.User)
 	if !ok {
 		log.Error().Msg("Convert user from header failed")
-		return nil, xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
+		return nil, true, xerrors.NewHTTPError(c, xerrors.HTTPErrCodeUnauthorized)
 	}
-	return user, nil
+	return user, false, nil
+}
+
+// GetUserFromCtxForDs ...
+func GetUserFromCtxForDs(c echo.Context) (*models.User, bool, error) {
+	iuser := c.Get(consts.ContextUser)
+	if iuser == nil {
+		log.Error().Msg("Get user from header failed")
+		return nil, true, xerrors.NewDSError(c, xerrors.DSErrCodeUnauthorized)
+	}
+	user, ok := iuser.(*models.User)
+	if !ok {
+		log.Error().Msg("Convert user from header failed")
+		return nil, true, xerrors.NewDSError(c, xerrors.DSErrCodeUnauthorized)
+	}
+	return user, false, nil
 }