add

opensourceways · Nov 12, 2024 · 9653311 · 9653311
1 parent 7327ad5
commit 9653311
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 9 deletions.
diff --git a/config.yml.example b/config.yml.example
@@ -5,4 +5,9 @@ OBS_ACCESS_KEY_ID: ***********
 OBS_SECRET_ACCESS_KEY: ***********
 CLIENT_ID: ***********
 CLIENT_SECRET: ***********
-PATH_PREFIX: ***********
+PATH_PREFIX: ***********
+VALIDATE_REGEXP:
+	OWNER_REGEXP: ^[a-zA-Z]([-_.]([a-zA-Z0-9])|[a-zA-Z0-9])+$
+	REPONAME_REGEXP: ^(?=[a-zA-Z0-9.])[a-zA-Z0-9_.-]{1,189}[a-zA-Z0-9.]$
+	USERNAME_REGEXP: ^[a-zA-Z]([-_.]([a-zA-Z0-9])|[a-zA-Z0-9])+$
+	PASSWORD_REGEXP: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@_#$%^&*()\-+=,.?]).{8,}$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$|^(?=.*[a-z])(?=.*[!@_#$%^&*()\-+=,.?]).{8,}$|^(?=.*[A-Z])(?=.*[!@_#$%^&*()\-+=,.?]).{8,}$|^(?=.*\d)(?=.*[!@_#$%^&*()\-+=,.?]).{8,}$
diff --git a/config/config.go b/config/config.go
@@ -7,14 +7,22 @@ import (
 )
 
 type Config struct {
-	Prefix             string `json:"PATH_PREFIX"`
-	LfsBucket          string `json:"LFS_BUCKET"`
-	ClientId           string `json:"CLIENT_ID"`
-	ClientSecret       string `json:"CLIENT_SECRET"`
-	CdnDomain          string `json:"CDN_DOMAIN"`
-	ObsRegion          string `json:"OBS_REGION"`
-	ObsAccessKeyId     string `json:"OBS_ACCESS_KEY_ID"`
-	ObsSecretAccessKey string `json:"OBS_SECRET_ACCESS_KEY"`
+	Prefix             string         `json:"PATH_PREFIX"`
+	LfsBucket          string         `json:"LFS_BUCKET"`
+	ClientId           string         `json:"CLIENT_ID"`
+	ClientSecret       string         `json:"CLIENT_SECRET"`
+	CdnDomain          string         `json:"CDN_DOMAIN"`
+	ObsRegion          string         `json:"OBS_REGION"`
+	ObsAccessKeyId     string         `json:"OBS_ACCESS_KEY_ID"`
+	ObsSecretAccessKey string         `json:"OBS_SECRET_ACCESS_KEY"`
+	ValidateConfig     ValidateConfig `json:"VALIDATE_REGEXP"`
+}
+
+type ValidateConfig struct {
+	OwnerRegexp    string `json:"account_name_regexp"         required:"true"`
+	RepoNameRegexp string `json:"repo_name_regexp"         required:"true"`
+	UsernameRegexp string `json:"username_regexp"         required:"true"`
+	PasswordRegexp string `json:"password_regexp"         required:"true"`
 }
 
 // LoadConfig loads the configuration file from the specified path and deletes the file if needed
@@ -28,3 +36,7 @@ func LoadConfig(path string, cfg *Config, remove bool) error {
 	}
 	return nil
 }
+
+func (cfg *Config) ValidateInit(config *Config) {
+	config.ValidateConfig = cfg.ValidateConfig
+}
diff --git a/main.go b/main.go
@@ -88,6 +88,12 @@ func main() {
 		return
 	}
 
+	if err := server.Init(cfg.ValidateConfig); err != nil {
+		logrus.Errorf("load ValidateConfig, err:%s", err.Error())
+
+		return
+	}
+
 	if err := auth.Init(cfg); err != nil {
 		logrus.Errorf("load gitee config, err:%s", err.Error())
 

diff --git a/server/server.go b/server/server.go
@@ -132,8 +132,32 @@ func (s *server) handleBatch(w http.ResponseWriter, r *http.Request) {
 	userInRepo.Operation = req.Operation
 	userInRepo.Owner = chi.URLParam(r, "owner")
 	userInRepo.Repo = chi.URLParam(r, "repo")
+
+	if !validatecfg.ownerRegexp.MatchString(userInRepo.Owner) || !validatecfg.reponameRegexp.MatchString(userInRepo.Repo) {
+		w.WriteHeader(http.StatusBadRequest)
+		must(json.NewEncoder(w).Encode(batch.ErrorResponse{
+			Message: "invalid owner or reponame format",
+		}))
+		return
+	}
+
 	if err = auth.CheckRepoOwner(userInRepo); req.Operation == "upload" || err != nil {
 		err := s.dealWithAuthError(userInRepo, w, r)
+		if username, password, ok := r.BasicAuth(); ok {
+			userInRepo.Username = username
+			userInRepo.Password = password
+			err = s.isAuthorized(userInRepo)
+		} else {
+			err = errors.New("unauthorized: cannot get password")
+		}
+
+		if !validatecfg.usernameRegexp.MatchString(userInRepo.Username) || !validatecfg.passwordRegexp.MatchString(userInRepo.Password) {
+			w.WriteHeader(http.StatusBadRequest)
+			must(json.NewEncoder(w).Encode(batch.ErrorResponse{
+				Message: "invalid username or password format",
+			}))
+			return
+		}
 		if err != nil {
 			return
 		}

diff --git a/server/validate.go b/server/validate.go
@@ -0,0 +1,41 @@
+package server
+
+import (
+	"fmt"
+	"github.com/metalogical/BigFiles/config"
+	"regexp"
+)
+
+type validateConfig struct {
+	ownerRegexp    *regexp.Regexp
+	reponameRegexp *regexp.Regexp
+	usernameRegexp *regexp.Regexp
+	passwordRegexp *regexp.Regexp
+}
+
+var validatecfg validateConfig
+
+func Init(cfg config.ValidateConfig) error {
+	var err error
+	validatecfg.ownerRegexp, err = regexp.Compile(cfg.OwnerRegexp)
+	if err != nil {
+		return fmt.Errorf("failed to compile owner regexp: %v", err)
+	}
+
+	validatecfg.reponameRegexp, err = regexp.Compile(cfg.RepoNameRegexp)
+	if err != nil {
+		return fmt.Errorf("failed to compile repo name regexp: %v", err)
+	}
+
+	validatecfg.usernameRegexp, err = regexp.Compile(cfg.UsernameRegexp)
+	if err != nil {
+		return fmt.Errorf("failed to compile username regexp: %v", err)
+	}
+
+	validatecfg.passwordRegexp, err = regexp.Compile(cfg.PasswordRegexp)
+	if err != nil {
+		return fmt.Errorf("failed to compile password regexp: %v", err)
+	}
+
+	return nil
+}