diff options
author | KN4CK3R <admin@oldschoolhack.me> | 2023-07-09 13:24:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-09 11:24:43 +0000 |
commit | 115f40e43368fefc776232a2df289b2fcadbb11d (patch) | |
tree | 5a892ca23c2fc5173a39aa439cce428ede7356fc /routers/api/packages | |
parent | 38844e0869bff0a08f8810c97cb3f5cb07df9a8e (diff) | |
download | gitea-115f40e43368fefc776232a2df289b2fcadbb11d.tar.gz gitea-115f40e43368fefc776232a2df289b2fcadbb11d.zip |
Test if container blob is accessible before mounting (#22759)
related #16865
This PR adds an accessibility check before mounting container blobs.
---------
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
Diffstat (limited to 'routers/api/packages')
-rw-r--r-- | routers/api/packages/container/container.go | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go index 126be43cdd..8f79805cc8 100644 --- a/routers/api/packages/container/container.go +++ b/routers/api/packages/container/container.go @@ -203,17 +203,25 @@ func InitiateUploadBlob(ctx *context.Context) { Digest: mount, }) if blob != nil { - if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil { + accessible, err := packages_model.IsBlobAccessibleForUser(ctx, blob.Blob.ID, ctx.Doer) + if err != nil { apiError(ctx, http.StatusInternalServerError, err) return } - setResponseHeaders(ctx.Resp, &containerHeaders{ - Location: fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount), - ContentDigest: mount, - Status: http.StatusCreated, - }) - return + if accessible { + if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil { + apiError(ctx, http.StatusInternalServerError, err) + return + } + + setResponseHeaders(ctx.Resp, &containerHeaders{ + Location: fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount), + ContentDigest: mount, + Status: http.StatusCreated, + }) + return + } } } |