aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api/packages
diff options
context:
space:
mode:
authorKN4CK3R <admin@oldschoolhack.me>2023-07-09 13:24:43 +0200
committerGitHub <noreply@github.com>2023-07-09 11:24:43 +0000
commit115f40e43368fefc776232a2df289b2fcadbb11d (patch)
tree5a892ca23c2fc5173a39aa439cce428ede7356fc /routers/api/packages
parent38844e0869bff0a08f8810c97cb3f5cb07df9a8e (diff)
downloadgitea-115f40e43368fefc776232a2df289b2fcadbb11d.tar.gz
gitea-115f40e43368fefc776232a2df289b2fcadbb11d.zip
Test if container blob is accessible before mounting (#22759)
related #16865 This PR adds an accessibility check before mounting container blobs. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
Diffstat (limited to 'routers/api/packages')
-rw-r--r--routers/api/packages/container/container.go22
1 files changed, 15 insertions, 7 deletions
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 126be43cdd..8f79805cc8 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -203,17 +203,25 @@ func InitiateUploadBlob(ctx *context.Context) {
Digest: mount,
})
if blob != nil {
- if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {
+ accessible, err := packages_model.IsBlobAccessibleForUser(ctx, blob.Blob.ID, ctx.Doer)
+ if err != nil {
apiError(ctx, http.StatusInternalServerError, err)
return
}
- setResponseHeaders(ctx.Resp, &containerHeaders{
- Location: fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount),
- ContentDigest: mount,
- Status: http.StatusCreated,
- })
- return
+ if accessible {
+ if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ setResponseHeaders(ctx.Resp, &containerHeaders{
+ Location: fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount),
+ ContentDigest: mount,
+ Status: http.StatusCreated,
+ })
+ return
+ }
}
}