return
}
- if _, err := saveAsPackageBlob(buf, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}); err != nil {
- apiError(ctx, http.StatusInternalServerError, err)
+ if _, err := saveAsPackageBlob(
+ buf,
+ &packages_service.PackageCreationInfo{
+ PackageInfo: packages_service.PackageInfo{
+ Owner: ctx.Package.Owner,
+ Name: image,
+ },
+ Creator: ctx.Doer,
+ },
+ ); err != nil {
+ switch err {
+ case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+ apiError(ctx, http.StatusForbidden, err)
+ default:
+ apiError(ctx, http.StatusInternalServerError, err)
+ }
return
}
return
}
- if _, err := saveAsPackageBlob(uploader, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}); err != nil {
- apiError(ctx, http.StatusInternalServerError, err)
+ if _, err := saveAsPackageBlob(
+ uploader,
+ &packages_service.PackageCreationInfo{
+ PackageInfo: packages_service.PackageInfo{
+ Owner: ctx.Package.Owner,
+ Name: image,
+ },
+ Creator: ctx.Doer,
+ },
+ ); err != nil {
+ switch err {
+ case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+ apiError(ctx, http.StatusForbidden, err)
+ default:
+ apiError(ctx, http.StatusInternalServerError, err)
+ }
return
}
} else if errors.Is(err, container_model.ErrContainerBlobNotExist) {
apiErrorDefined(ctx, errBlobUnknown)
} else {
- apiError(ctx, http.StatusInternalServerError, err)
+ switch err {
+ case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+ apiError(ctx, http.StatusForbidden, err)
+ default:
+ apiError(ctx, http.StatusInternalServerError, err)
+ }
}
return
}
}
if versionCreated {
- if err := checkCountQuotaExceeded(ctx, pvci.Creator, pvci.Owner); err != nil {
+ if err := CheckCountQuotaExceeded(ctx, pvci.Creator, pvci.Owner); err != nil {
return nil, false, err
}
func addFileToPackageVersion(ctx context.Context, pv *packages_model.PackageVersion, pvi *PackageInfo, pfci *PackageFileCreationInfo) (*packages_model.PackageFile, *packages_model.PackageBlob, bool, error) {
log.Trace("Adding package file: %v, %s", pv.ID, pfci.Filename)
- if err := checkSizeQuotaExceeded(ctx, pfci.Creator, pvi.Owner, pvi.PackageType, pfci.Data.Size()); err != nil {
+ if err := CheckSizeQuotaExceeded(ctx, pfci.Creator, pvi.Owner, pvi.PackageType, pfci.Data.Size()); err != nil {
return nil, nil, false, err
}
return pf, pb, !exists, nil
}
-func checkCountQuotaExceeded(ctx context.Context, doer, owner *user_model.User) error {
+// CheckCountQuotaExceeded checks if the owner has more than the allowed packages
+// The check is skipped if the doer is an admin.
+func CheckCountQuotaExceeded(ctx context.Context, doer, owner *user_model.User) error {
if doer.IsAdmin {
return nil
}
return nil
}
-func checkSizeQuotaExceeded(ctx context.Context, doer, owner *user_model.User, packageType packages_model.Type, uploadSize int64) error {
+// CheckSizeQuotaExceeded checks if the upload size is bigger than the allowed size
+// The check is skipped if the doer is an admin.
+func CheckSizeQuotaExceeded(ctx context.Context, doer, owner *user_model.User, packageType packages_model.Type, uploadSize int64) error {
if doer.IsAdmin {
return nil
}
import (
"bytes"
+ "crypto/sha256"
"fmt"
"net/http"
+ "strings"
"testing"
"time"
func TestPackageQuota(t *testing.T) {
defer tests.PrepareTestEnv(t)()
- limitTotalOwnerCount, limitTotalOwnerSize, limitSizeGeneric := setting.Packages.LimitTotalOwnerCount, setting.Packages.LimitTotalOwnerSize, setting.Packages.LimitSizeGeneric
+ limitTotalOwnerCount, limitTotalOwnerSize := setting.Packages.LimitTotalOwnerCount, setting.Packages.LimitTotalOwnerSize
+ // Exceeded quota result in StatusForbidden for normal users but admins are always allowed to upload.
admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 10})
- uploadPackage := func(doer *user_model.User, version string, expectedStatus int) {
- url := fmt.Sprintf("/api/packages/%s/generic/test-package/%s/file.bin", user.Name, version)
- req := NewRequestWithBody(t, "PUT", url, bytes.NewReader([]byte{1}))
- AddBasicAuthHeader(req, doer.Name)
- MakeRequest(t, req, expectedStatus)
- }
+ t.Run("Common", func(t *testing.T) {
+ defer tests.PrintCurrentTest(t)()
- // Exceeded quota result in StatusForbidden for normal users but admins are always allowed to upload.
+ limitSizeGeneric := setting.Packages.LimitSizeGeneric
+
+ uploadPackage := func(doer *user_model.User, version string, expectedStatus int) {
+ url := fmt.Sprintf("/api/packages/%s/generic/test-package/%s/file.bin", user.Name, version)
+ req := NewRequestWithBody(t, "PUT", url, bytes.NewReader([]byte{1}))
+ AddBasicAuthHeader(req, doer.Name)
+ MakeRequest(t, req, expectedStatus)
+ }
- setting.Packages.LimitTotalOwnerCount = 0
- uploadPackage(user, "1.0", http.StatusForbidden)
- uploadPackage(admin, "1.0", http.StatusCreated)
- setting.Packages.LimitTotalOwnerCount = limitTotalOwnerCount
+ setting.Packages.LimitTotalOwnerCount = 0
+ uploadPackage(user, "1.0", http.StatusForbidden)
+ uploadPackage(admin, "1.0", http.StatusCreated)
+ setting.Packages.LimitTotalOwnerCount = limitTotalOwnerCount
- setting.Packages.LimitTotalOwnerSize = 0
- uploadPackage(user, "1.1", http.StatusForbidden)
- uploadPackage(admin, "1.1", http.StatusCreated)
- setting.Packages.LimitTotalOwnerSize = limitTotalOwnerSize
+ setting.Packages.LimitTotalOwnerSize = 0
+ uploadPackage(user, "1.1", http.StatusForbidden)
+ uploadPackage(admin, "1.1", http.StatusCreated)
+ setting.Packages.LimitTotalOwnerSize = limitTotalOwnerSize
- setting.Packages.LimitSizeGeneric = 0
- uploadPackage(user, "1.2", http.StatusForbidden)
- uploadPackage(admin, "1.2", http.StatusCreated)
- setting.Packages.LimitSizeGeneric = limitSizeGeneric
+ setting.Packages.LimitSizeGeneric = 0
+ uploadPackage(user, "1.2", http.StatusForbidden)
+ uploadPackage(admin, "1.2", http.StatusCreated)
+ setting.Packages.LimitSizeGeneric = limitSizeGeneric
+ })
+
+ t.Run("Container", func(t *testing.T) {
+ defer tests.PrintCurrentTest(t)()
+
+ limitSizeContainer := setting.Packages.LimitSizeContainer
+
+ uploadBlob := func(doer *user_model.User, data string, expectedStatus int) {
+ url := fmt.Sprintf("/v2/%s/quota-test/blobs/uploads?digest=sha256:%x", user.Name, sha256.Sum256([]byte(data)))
+ req := NewRequestWithBody(t, "POST", url, strings.NewReader(data))
+ AddBasicAuthHeader(req, doer.Name)
+ MakeRequest(t, req, expectedStatus)
+ }
+
+ setting.Packages.LimitTotalOwnerSize = 0
+ uploadBlob(user, "2", http.StatusForbidden)
+ uploadBlob(admin, "2", http.StatusCreated)
+ setting.Packages.LimitTotalOwnerSize = limitTotalOwnerSize
+
+ setting.Packages.LimitSizeContainer = 0
+ uploadBlob(user, "3", http.StatusForbidden)
+ uploadBlob(admin, "3", http.StatusCreated)
+ setting.Packages.LimitSizeContainer = limitSizeContainer
+ })
}
func TestPackageCleanup(t *testing.T) {