github/hubproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

补齐访问控制

Browse Source
This commit is contained in:
user123
2026-02-02 09:53:45 +08:00
parent 23dd077f5d
commit f5bc86ef79
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/handlers/imagetar.go
View File

@@ -717,6 +717,10 @@ func handleDirectImageDownload(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "镜像引用格式错误: " + err.Error()}) c.JSON(http.StatusBadRequest, gin.H{"error": "镜像引用格式错误: " + err.Error()})
return return
} }
if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(imageRef); !allowed {
c.JSON(http.StatusForbidden, gin.H{"error": reason})
return
}
if c.Query("mode") == "prepare" { if c.Query("mode") == "prepare" {
userID := getUserID(c) userID := getUserID(c)
@@ -765,6 +769,10 @@ func handleDirectImageDownload(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "下载令牌与镜像不匹配"}) c.JSON(http.StatusBadRequest, gin.H{"error": "下载令牌与镜像不匹配"})
return return
} }
if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(req.Image); !allowed {
c.JSON(http.StatusForbidden, gin.H{"error": reason})
return
}
options := &StreamOptions{ options := &StreamOptions{
Platform: req.Platform, Platform: req.Platform,
@@ -844,12 +852,24 @@ func handleSimpleBatchDownload(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "镜像列表不能为空"}) c.JSON(http.StatusBadRequest, gin.H{"error": "镜像列表不能为空"})
return return
} }
for _, imageRef := range req.Images {
if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(imageRef); !allowed {
c.JSON(http.StatusForbidden, gin.H{"error": reason})
return
}
}
for i, imageRef := range req.Images { for i, imageRef := range req.Images {
if !strings.Contains(imageRef, ":") && !strings.Contains(imageRef, "@") { if !strings.Contains(imageRef, ":") && !strings.Contains(imageRef, "@") {
req.Images[i] = imageRef + ":latest" req.Images[i] = imageRef + ":latest"
} }
} }
for _, imageRef := range req.Images {
if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(imageRef); !allowed {
c.JSON(http.StatusForbidden, gin.H{"error": reason})
return
}
}
cfg := config.GetConfig() cfg := config.GetConfig()
if len(req.Images) > cfg.Download.MaxImages { if len(req.Images) > cfg.Download.MaxImages {
@@ -910,6 +930,10 @@ func handleImageInfo(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "镜像引用格式错误: " + err.Error()}) c.JSON(http.StatusBadRequest, gin.H{"error": "镜像引用格式错误: " + err.Error()})
return return
} }
if allowed, reason := utils.GlobalAccessController.CheckDockerAccess(imageRef); !allowed {
c.JSON(http.StatusForbidden, gin.H{"error": reason})
return
}
ctx := c.Request.Context() ctx := c.Request.Context()
contextOptions := append(globalImageStreamer.remoteOptions, remote.WithContext(ctx)) contextOptions := append(globalImageStreamer.remoteOptions, remote.WithContext(ctx))