Skip to content

Commit

Permalink
add check (#25)
Browse files Browse the repository at this point in the history
* add_check

* fix
  • Loading branch information
Goalina authored Nov 22, 2024
1 parent f5f709d commit f18b06f
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 16 deletions.
24 changes: 16 additions & 8 deletions config.yml.example
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
LFS_BUCKET: ***********
CDN_DOMAIN: ***********
OBS_REGION: ***********
OBS_ACCESS_KEY_ID: ***********
OBS_SECRET_ACCESS_KEY: ***********
CLIENT_ID: ***********
CLIENT_SECRET: ***********
PATH_PREFIX: ***********
{
"LFS_BUCKET": ***********
"CDN_DOMAIN": ***********
"OBS_REGION": ***********
"OBS_ACCESS_KEY_ID": ***********
"OBS_SECRET_ACCESS_KEY": ***********
"CLIENT_ID": ***********
"CLIENT_SECRET": ***********
"PATH_PREFIX": ***********
"VALIDATE_REGEXP": {
"OWNER_REGEXP": "^[a-zA-Z]([-_.]?[a-zA-Z0-9]+)*$",
"REPONAME_REGEXP": "^[a-zA-Z0-9_.-]{1,189}[a-zA-Z0-9]$",
"USERNAME_REGEXP": "^[a-zA-Z]([-_.]?[a-zA-Z0-9]+)*$",
"PASSWORD_REGEXP": "^[a-zA-Z0-9!@_#$%^&*()\\-=+,?.,]*$"
}
}
24 changes: 16 additions & 8 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,22 @@ import (
)

type Config struct {
Prefix string `json:"PATH_PREFIX"`
LfsBucket string `json:"LFS_BUCKET"`
ClientId string `json:"CLIENT_ID"`
ClientSecret string `json:"CLIENT_SECRET"`
CdnDomain string `json:"CDN_DOMAIN"`
ObsRegion string `json:"OBS_REGION"`
ObsAccessKeyId string `json:"OBS_ACCESS_KEY_ID"`
ObsSecretAccessKey string `json:"OBS_SECRET_ACCESS_KEY"`
Prefix string `json:"PATH_PREFIX"`
LfsBucket string `json:"LFS_BUCKET"`
ClientId string `json:"CLIENT_ID"`
ClientSecret string `json:"CLIENT_SECRET"`
CdnDomain string `json:"CDN_DOMAIN"`
ObsRegion string `json:"OBS_REGION"`
ObsAccessKeyId string `json:"OBS_ACCESS_KEY_ID"`
ObsSecretAccessKey string `json:"OBS_SECRET_ACCESS_KEY"`
ValidateConfig ValidateConfig `json:"VALIDATE_REGEXP"`
}

type ValidateConfig struct {
OwnerRegexp string `json:"OWNER_REGEXP" required:"true"`
RepoNameRegexp string `json:"REPONAME_REGEXP" required:"true"`
UsernameRegexp string `json:"USERNAME_REGEXP" required:"true"`
PasswordRegexp string `json:"PASSWORD_REGEXP" required:"true"`
}

// LoadConfig loads the configuration file from the specified path and deletes the file if needed
Expand Down
6 changes: 6 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,12 @@ func main() {
return
}

if err := server.Init(cfg.ValidateConfig); err != nil {
logrus.Errorf("load ValidateConfig, err:%s", err.Error())

return
}

if err := auth.Init(cfg); err != nil {
logrus.Errorf("load gitee config, err:%s", err.Error())

Expand Down
19 changes: 19 additions & 0 deletions server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,15 @@ func (s *server) handleBatch(w http.ResponseWriter, r *http.Request) {
userInRepo.Operation = req.Operation
userInRepo.Owner = chi.URLParam(r, "owner")
userInRepo.Repo = chi.URLParam(r, "repo")

if !validatecfg.ownerRegexp.MatchString(userInRepo.Owner) || !validatecfg.reponameRegexp.MatchString(userInRepo.Repo) {
w.WriteHeader(http.StatusBadRequest)
must(json.NewEncoder(w).Encode(batch.ErrorResponse{
Message: "invalid owner or reponame format",
}))
return
}

if err = auth.CheckRepoOwner(userInRepo); req.Operation == "upload" || err != nil {
err := s.dealWithAuthError(userInRepo, w, r)
if err != nil {
Expand Down Expand Up @@ -170,6 +179,15 @@ func (s *server) dealWithAuthError(userInRepo auth.UserInRepo, w http.ResponseWr
if username, password, ok := r.BasicAuth(); ok {
userInRepo.Username = username
userInRepo.Password = password

if !validatecfg.usernameRegexp.MatchString(userInRepo.Username) ||
!validatecfg.passwordRegexp.MatchString(userInRepo.Password) {
w.WriteHeader(http.StatusBadRequest)
must(json.NewEncoder(w).Encode(batch.ErrorResponse{
Message: "invalid username or password format",
}))
return errors.New("invalid username or password format")
}
err = s.isAuthorized(userInRepo)
} else {
err = errors.New("unauthorized: cannot get password")
Expand All @@ -190,6 +208,7 @@ func (s *server) dealWithAuthError(userInRepo auth.UserInRepo, w http.ResponseWr
}))
return err
}

return nil
}

Expand Down
41 changes: 41 additions & 0 deletions server/validate.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package server

import (
"fmt"
"github.com/metalogical/BigFiles/config"
"regexp"
)

type validateConfig struct {
ownerRegexp *regexp.Regexp
reponameRegexp *regexp.Regexp
usernameRegexp *regexp.Regexp
passwordRegexp *regexp.Regexp
}

var validatecfg validateConfig

func Init(cfg config.ValidateConfig) error {
var err error
validatecfg.ownerRegexp, err = regexp.Compile(cfg.OwnerRegexp)
if err != nil {
return fmt.Errorf("failed to compile owner regexp: %w", err)
}

validatecfg.reponameRegexp, err = regexp.Compile(cfg.RepoNameRegexp)
if err != nil {
return fmt.Errorf("failed to compile repo name regexp: %w", err)
}

validatecfg.usernameRegexp, err = regexp.Compile(cfg.UsernameRegexp)
if err != nil {
return fmt.Errorf("failed to compile username regexp: %w", err)
}

validatecfg.passwordRegexp, err = regexp.Compile(cfg.PasswordRegexp)
if err != nil {
return fmt.Errorf("failed to compile password regexp: %w", err)
}

return nil
}

0 comments on commit f18b06f

Please sign in to comment.