Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add check #25

Merged
merged 2 commits into from
Nov 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions config.yml.example
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
LFS_BUCKET: ***********
CDN_DOMAIN: ***********
OBS_REGION: ***********
OBS_ACCESS_KEY_ID: ***********
OBS_SECRET_ACCESS_KEY: ***********
CLIENT_ID: ***********
CLIENT_SECRET: ***********
PATH_PREFIX: ***********
{
"LFS_BUCKET": ***********
"CDN_DOMAIN": ***********
"OBS_REGION": ***********
"OBS_ACCESS_KEY_ID": ***********
"OBS_SECRET_ACCESS_KEY": ***********
"CLIENT_ID": ***********
"CLIENT_SECRET": ***********
"PATH_PREFIX": ***********
"VALIDATE_REGEXP": {
"OWNER_REGEXP": "^[a-zA-Z]([-_.]?[a-zA-Z0-9]+)*$",
"REPONAME_REGEXP": "^[a-zA-Z0-9_.-]{1,189}[a-zA-Z0-9]$",
"USERNAME_REGEXP": "^[a-zA-Z]([-_.]?[a-zA-Z0-9]+)*$",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

username与ownername正则匹配格式相同,是否需要修改

"PASSWORD_REGEXP": "^[a-zA-Z0-9!@_#$%^&*()\\-=+,?.,]*$"
}
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

此处改变了config文件格式,原因

24 changes: 16 additions & 8 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,22 @@ import (
)

type Config struct {
Prefix string `json:"PATH_PREFIX"`
LfsBucket string `json:"LFS_BUCKET"`
ClientId string `json:"CLIENT_ID"`
ClientSecret string `json:"CLIENT_SECRET"`
CdnDomain string `json:"CDN_DOMAIN"`
ObsRegion string `json:"OBS_REGION"`
ObsAccessKeyId string `json:"OBS_ACCESS_KEY_ID"`
ObsSecretAccessKey string `json:"OBS_SECRET_ACCESS_KEY"`
Prefix string `json:"PATH_PREFIX"`
LfsBucket string `json:"LFS_BUCKET"`
ClientId string `json:"CLIENT_ID"`
ClientSecret string `json:"CLIENT_SECRET"`
CdnDomain string `json:"CDN_DOMAIN"`
ObsRegion string `json:"OBS_REGION"`
ObsAccessKeyId string `json:"OBS_ACCESS_KEY_ID"`
ObsSecretAccessKey string `json:"OBS_SECRET_ACCESS_KEY"`
ValidateConfig ValidateConfig `json:"VALIDATE_REGEXP"`
}

type ValidateConfig struct {
OwnerRegexp string `json:"OWNER_REGEXP" required:"true"`
RepoNameRegexp string `json:"REPONAME_REGEXP" required:"true"`
UsernameRegexp string `json:"USERNAME_REGEXP" required:"true"`
PasswordRegexp string `json:"PASSWORD_REGEXP" required:"true"`
}

// LoadConfig loads the configuration file from the specified path and deletes the file if needed
Expand Down
6 changes: 6 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,12 @@ func main() {
return
}

if err := server.Init(cfg.ValidateConfig); err != nil {
logrus.Errorf("load ValidateConfig, err:%s", err.Error())

return
}

if err := auth.Init(cfg); err != nil {
logrus.Errorf("load gitee config, err:%s", err.Error())
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

错误处理格式是否需要统一风格


Expand Down
19 changes: 19 additions & 0 deletions server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,15 @@ func (s *server) handleBatch(w http.ResponseWriter, r *http.Request) {
userInRepo.Operation = req.Operation
userInRepo.Owner = chi.URLParam(r, "owner")
userInRepo.Repo = chi.URLParam(r, "repo")

if !validatecfg.ownerRegexp.MatchString(userInRepo.Owner) || !validatecfg.reponameRegexp.MatchString(userInRepo.Repo) {
w.WriteHeader(http.StatusBadRequest)
must(json.NewEncoder(w).Encode(batch.ErrorResponse{
Message: "invalid owner or reponame format",
}))
return
}

if err = auth.CheckRepoOwner(userInRepo); req.Operation == "upload" || err != nil {
err := s.dealWithAuthError(userInRepo, w, r)
if err != nil {
Expand Down Expand Up @@ -170,6 +179,15 @@ func (s *server) dealWithAuthError(userInRepo auth.UserInRepo, w http.ResponseWr
if username, password, ok := r.BasicAuth(); ok {
userInRepo.Username = username
userInRepo.Password = password

if !validatecfg.usernameRegexp.MatchString(userInRepo.Username) ||
!validatecfg.passwordRegexp.MatchString(userInRepo.Password) {
w.WriteHeader(http.StatusBadRequest)
must(json.NewEncoder(w).Encode(batch.ErrorResponse{
Message: "invalid username or password format",
}))
return errors.New("invalid username or password format")
}
err = s.isAuthorized(userInRepo)
} else {
err = errors.New("unauthorized: cannot get password")
Expand All @@ -190,6 +208,7 @@ func (s *server) dealWithAuthError(userInRepo auth.UserInRepo, w http.ResponseWr
}))
return err
}

return nil
}

Expand Down
41 changes: 41 additions & 0 deletions server/validate.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package server

import (
"fmt"
"github.com/metalogical/BigFiles/config"
"regexp"
)

type validateConfig struct {
ownerRegexp *regexp.Regexp
reponameRegexp *regexp.Regexp
usernameRegexp *regexp.Regexp
passwordRegexp *regexp.Regexp
}

var validatecfg validateConfig

func Init(cfg config.ValidateConfig) error {
var err error
validatecfg.ownerRegexp, err = regexp.Compile(cfg.OwnerRegexp)
if err != nil {
return fmt.Errorf("failed to compile owner regexp: %w", err)
}

validatecfg.reponameRegexp, err = regexp.Compile(cfg.RepoNameRegexp)
if err != nil {
return fmt.Errorf("failed to compile repo name regexp: %w", err)
}

validatecfg.usernameRegexp, err = regexp.Compile(cfg.UsernameRegexp)
if err != nil {
return fmt.Errorf("failed to compile username regexp: %w", err)
}

validatecfg.passwordRegexp, err = regexp.Compile(cfg.PasswordRegexp)
if err != nil {
return fmt.Errorf("failed to compile password regexp: %w", err)
}

return nil
}