Check quota limits for container uploads (#22450)

The test coverage has revealed that container packages were not checked against the quota limits.
author: KN4CK3R <admin@oldschoolhack.me> 2023-01-29 18:34:29 +0100
committer: GitHub <noreply@github.com> 2023-01-29 11:34:29 -0600
commit: d283a31f03eae2fc2bd8dc01b2c366308e81e50c (patch)
tree: 30669a1fea005fdf705ec4cd071a57a34a86477c /routers
parent: 2052a9e2b4e17704849e0968762ad7d51fe9d7b7 (diff)
download: gitea-d283a31f03eae2fc2bd8dc01b2c366308e81e50c.tar.gz
gitea-d283a31f03eae2fc2bd8dc01b2c366308e81e50c.zip
3 files changed, 48 insertions, 7 deletions
diff --git a/routers/api/packages/container/blob.go b/routers/api/packages/container/blob.go
index 2e4309a2eb..f0457c55e1 100644
--- a/routers/api/packages/container/blob.go
+++ b/routers/api/packages/container/blob.go
@@ -26,14 +26,18 @@ var uploadVersionMutex sync.Mutex
 
 // saveAsPackageBlob creates a package blob from an upload
 // The uploaded blob gets stored in a special upload version to link them to the package/image
-func saveAsPackageBlob(hsr packages_module.HashedSizeReader, pi *packages_service.PackageInfo) (*packages_model.PackageBlob, error) {
+func saveAsPackageBlob(hsr packages_module.HashedSizeReader, pci *packages_service.PackageCreationInfo) (*packages_model.PackageBlob, error) {
+	if err := packages_service.CheckSizeQuotaExceeded(db.DefaultContext, pci.Creator, pci.Owner, packages_model.TypeContainer, hsr.Size()); err != nil {
+		return nil, err
+	}
+
 	pb := packages_service.NewPackageBlob(hsr)
 
 	exists := false
 
 	contentStore := packages_module.NewContentStore()
 
-	uploadVersion, err := getOrCreateUploadVersion(pi)
+	uploadVersion, err := getOrCreateUploadVersion(&pci.PackageInfo)
 	if err != nil {
 		return nil, err
 	}
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 8b2c4e6bb2..c22cfb5009 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -227,8 +227,22 @@ func InitiateUploadBlob(ctx *context.Context) {
 			return
 		}
 
-		if _, err := saveAsPackageBlob(buf, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}); err != nil {
-			apiError(ctx, http.StatusInternalServerError, err)
+		if _, err := saveAsPackageBlob(
+			buf,
+			&packages_service.PackageCreationInfo{
+				PackageInfo: packages_service.PackageInfo{
+					Owner: ctx.Package.Owner,
+					Name:  image,
+				},
+				Creator: ctx.Doer,
+			},
+		); err != nil {
+			switch err {
+			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+				apiError(ctx, http.StatusForbidden, err)
+			default:
+				apiError(ctx, http.StatusInternalServerError, err)
+			}
 			return
 		}
 
@@ -358,8 +372,22 @@ func EndUploadBlob(ctx *context.Context) {
 		return
 	}
 
-	if _, err := saveAsPackageBlob(uploader, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}); err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+	if _, err := saveAsPackageBlob(
+		uploader,
+		&packages_service.PackageCreationInfo{
+			PackageInfo: packages_service.PackageInfo{
+				Owner: ctx.Package.Owner,
+				Name:  image,
+			},
+			Creator: ctx.Doer,
+		},
+	); err != nil {
+		switch err {
+		case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+			apiError(ctx, http.StatusForbidden, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 
@@ -526,7 +554,12 @@ func UploadManifest(ctx *context.Context) {
 		} else if errors.Is(err, container_model.ErrContainerBlobNotExist) {
 			apiErrorDefined(ctx, errBlobUnknown)
 		} else {
-			apiError(ctx, http.StatusInternalServerError, err)
+			switch err {
+			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+				apiError(ctx, http.StatusForbidden, err)
+			default:
+				apiError(ctx, http.StatusInternalServerError, err)
+			}
 		}
 		return
 	}
diff --git a/routers/api/packages/container/manifest.go b/routers/api/packages/container/manifest.go
index 350933f3d2..491fb70639 100644
--- a/routers/api/packages/container/manifest.go
+++ b/routers/api/packages/container/manifest.go
@@ -327,6 +327,10 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 		}
 	}
 
+	if err := packages_service.CheckCountQuotaExceeded(ctx, mci.Creator, mci.Owner); err != nil {
+		return nil, err
+	}
+
 	if mci.IsTagged {
 		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeVersion, pv.ID, container_module.PropertyManifestTagged, ""); err != nil {
 			log.Error("Error setting package version property: %v", err)
author	KN4CK3R <admin@oldschoolhack.me>	2023-01-29 18:34:29 +0100
committer	GitHub <noreply@github.com>	2023-01-29 11:34:29 -0600
commit	d283a31f03eae2fc2bd8dc01b2c366308e81e50c (patch)
tree	30669a1fea005fdf705ec4cd071a57a34a86477c /routers
parent	2052a9e2b4e17704849e0968762ad7d51fe9d7b7 (diff)
download	gitea-d283a31f03eae2fc2bd8dc01b2c366308e81e50c.tar.gz gitea-d283a31f03eae2fc2bd8dc01b2c366308e81e50c.zip