mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14428 Commits
17 Branches
Tree: d283a31f03
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd283a31f03'
${ noResults }
gitea/routers/api/packages/container/container.go

container.go 21KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package container

  5. 

  6. import (

  7. 	"errors"

  8. 	"fmt"

  9. 	"io"

  10. 	"net/http"

  11. 	"net/url"

  12. 	"os"

  13. 	"regexp"

  14. 	"strconv"

  15. 	"strings"

  16. 

  17. 	packages_model "code.gitea.io/gitea/models/packages"

  18. 	container_model "code.gitea.io/gitea/models/packages/container"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/context"

  21. 	"code.gitea.io/gitea/modules/json"

  22. 	"code.gitea.io/gitea/modules/log"

  23. 	packages_module "code.gitea.io/gitea/modules/packages"

  24. 	container_module "code.gitea.io/gitea/modules/packages/container"

  25. 	"code.gitea.io/gitea/modules/packages/container/oci"

  26. 	"code.gitea.io/gitea/modules/setting"

  27. 	"code.gitea.io/gitea/modules/util"

  28. 	"code.gitea.io/gitea/routers/api/packages/helper"

  29. 	packages_service "code.gitea.io/gitea/services/packages"

  30. 	container_service "code.gitea.io/gitea/services/packages/container"

  31. )

  32. 

  33. // maximum size of a container manifest

  34. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests

  35. const maxManifestSize = 10 * 1024 * 1024

  36. 

  37. var imageNamePattern = regexp.MustCompile(`\A[a-z0-9]+([._-][a-z0-9]+)*(/[a-z0-9]+([._-][a-z0-9]+)*)*\z`)

  38. 

  39. type containerHeaders struct {

  40. 	Status        int

  41. 	ContentDigest string

  42. 	UploadUUID    string

  43. 	Range         string

  44. 	Location      string

  45. 	ContentType   string

  46. 	ContentLength int64

  47. }

  48. 

  49. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#legacy-docker-support-http-headers

  50. func setResponseHeaders(resp http.ResponseWriter, h *containerHeaders) {

  51. 	if h.Location != "" {

  52. 		resp.Header().Set("Location", h.Location)

  53. 	}

  54. 	if h.Range != "" {

  55. 		resp.Header().Set("Range", h.Range)

  56. 	}

  57. 	if h.ContentType != "" {

  58. 		resp.Header().Set("Content-Type", h.ContentType)

  59. 	}

  60. 	if h.ContentLength != 0 {

  61. 		resp.Header().Set("Content-Length", strconv.FormatInt(h.ContentLength, 10))

  62. 	}

  63. 	if h.UploadUUID != "" {

  64. 		resp.Header().Set("Docker-Upload-Uuid", h.UploadUUID)

  65. 	}

  66. 	if h.ContentDigest != "" {

  67. 		resp.Header().Set("Docker-Content-Digest", h.ContentDigest)

  68. 		resp.Header().Set("ETag", fmt.Sprintf(`"%s"`, h.ContentDigest))

  69. 	}

  70. 	resp.Header().Set("Docker-Distribution-Api-Version", "registry/2.0")

  71. 	resp.WriteHeader(h.Status)

  72. }

  73. 

  74. func jsonResponse(ctx *context.Context, status int, obj interface{}) {

  75. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  76. 		Status:      status,

  77. 		ContentType: "application/json",

  78. 	})

  79. 	if err := json.NewEncoder(ctx.Resp).Encode(obj); err != nil {

  80. 		log.Error("JSON encode: %v", err)

  81. 	}

  82. }

  83. 

  84. func apiError(ctx *context.Context, status int, err error) {

  85. 	helper.LogAndProcessError(ctx, status, err, func(message string) {

  86. 		setResponseHeaders(ctx.Resp, &containerHeaders{

  87. 			Status: status,

  88. 		})

  89. 	})

  90. }

  91. 

  92. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#error-codes

  93. func apiErrorDefined(ctx *context.Context, err *namedError) {

  94. 	type ContainerError struct {

  95. 		Code    string `json:"code"`

  96. 		Message string `json:"message"`

  97. 	}

  98. 

  99. 	type ContainerErrors struct {

  100. 		Errors []ContainerError `json:"errors"`

  101. 	}

  102. 

  103. 	jsonResponse(ctx, err.StatusCode, ContainerErrors{

  104. 		Errors: []ContainerError{

  105. 			{

  106. 				Code:    err.Code,

  107. 				Message: err.Message,

  108. 			},

  109. 		},

  110. 	})

  111. }

  112. 

  113. // ReqContainerAccess is a middleware which checks the current user valid (real user or ghost for anonymous access)

  114. func ReqContainerAccess(ctx *context.Context) {

  115. 	if ctx.Doer == nil {

  116. 		ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)

  117. 		apiErrorDefined(ctx, errUnauthorized)

  118. 	}

  119. }

  120. 

  121. // VerifyImageName is a middleware which checks if the image name is allowed

  122. func VerifyImageName(ctx *context.Context) {

  123. 	if !imageNamePattern.MatchString(ctx.Params("image")) {

  124. 		apiErrorDefined(ctx, errNameInvalid)

  125. 	}

  126. }

  127. 

  128. // DetermineSupport is used to test if the registry supports OCI

  129. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#determining-support

  130. func DetermineSupport(ctx *context.Context) {

  131. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  132. 		Status: http.StatusOK,

  133. 	})

  134. }

  135. 

  136. // Authenticate creates a token for the current user

  137. // If the current user is anonymous, the ghost user is used

  138. func Authenticate(ctx *context.Context) {

  139. 	u := ctx.Doer

  140. 	if u == nil {

  141. 		u = user_model.NewGhostUser()

  142. 	}

  143. 

  144. 	token, err := packages_service.CreateAuthorizationToken(u)

  145. 	if err != nil {

  146. 		apiError(ctx, http.StatusInternalServerError, err)

  147. 		return

  148. 	}

  149. 

  150. 	ctx.JSON(http.StatusOK, map[string]string{

  151. 		"token": token,

  152. 	})

  153. }

  154. 

  155. // https://docs.docker.com/registry/spec/api/#listing-repositories

  156. func GetRepositoryList(ctx *context.Context) {

  157. 	n := ctx.FormInt("n")

  158. 	if n <= 0 || n > 100 {

  159. 		n = 100

  160. 	}

  161. 	last := ctx.FormTrim("last")

  162. 

  163. 	repositories, err := container_model.GetRepositories(ctx, ctx.Doer, n, last)

  164. 	if err != nil {

  165. 		apiError(ctx, http.StatusInternalServerError, err)

  166. 		return

  167. 	}

  168. 

  169. 	type RepositoryList struct {

  170. 		Repositories []string `json:"repositories"`

  171. 	}

  172. 

  173. 	if len(repositories) == n {

  174. 		v := url.Values{}

  175. 		if n > 0 {

  176. 			v.Add("n", strconv.Itoa(n))

  177. 		}

  178. 		v.Add("last", repositories[len(repositories)-1])

  179. 

  180. 		ctx.Resp.Header().Set("Link", fmt.Sprintf(`</v2/_catalog?%s>; rel="next"`, v.Encode()))

  181. 	}

  182. 

  183. 	jsonResponse(ctx, http.StatusOK, RepositoryList{

  184. 		Repositories: repositories,

  185. 	})

  186. }

  187. 

  188. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#mounting-a-blob-from-another-repository

  189. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#single-post

  190. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-a-blob-in-chunks

  191. func InitiateUploadBlob(ctx *context.Context) {

  192. 	image := ctx.Params("image")

  193. 

  194. 	mount := ctx.FormTrim("mount")

  195. 	from := ctx.FormTrim("from")

  196. 	if mount != "" {

  197. 		blob, _ := workaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{

  198. 			Repository: from,

  199. 			Digest:     mount,

  200. 		})

  201. 		if blob != nil {

  202. 			if err := mountBlob(&packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {

  203. 				apiError(ctx, http.StatusInternalServerError, err)

  204. 				return

  205. 			}

  206. 

  207. 			setResponseHeaders(ctx.Resp, &containerHeaders{

  208. 				Location:      fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, mount),

  209. 				ContentDigest: mount,

  210. 				Status:        http.StatusCreated,

  211. 			})

  212. 			return

  213. 		}

  214. 	}

  215. 

  216. 	digest := ctx.FormTrim("digest")

  217. 	if digest != "" {

  218. 		buf, err := packages_module.CreateHashedBufferFromReader(ctx.Req.Body, 32*1024*1024)

  219. 		if err != nil {

  220. 			apiError(ctx, http.StatusInternalServerError, err)

  221. 			return

  222. 		}

  223. 		defer buf.Close()

  224. 

  225. 		if digest != digestFromHashSummer(buf) {

  226. 			apiErrorDefined(ctx, errDigestInvalid)

  227. 			return

  228. 		}

  229. 

  230. 		if _, err := saveAsPackageBlob(

  231. 			buf,

  232. 			&packages_service.PackageCreationInfo{

  233. 				PackageInfo: packages_service.PackageInfo{

  234. 					Owner: ctx.Package.Owner,

  235. 					Name:  image,

  236. 				},

  237. 				Creator: ctx.Doer,

  238. 			},

  239. 		); err != nil {

  240. 			switch err {

  241. 			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:

  242. 				apiError(ctx, http.StatusForbidden, err)

  243. 			default:

  244. 				apiError(ctx, http.StatusInternalServerError, err)

  245. 			}

  246. 			return

  247. 		}

  248. 

  249. 		setResponseHeaders(ctx.Resp, &containerHeaders{

  250. 			Location:      fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, digest),

  251. 			ContentDigest: digest,

  252. 			Status:        http.StatusCreated,

  253. 		})

  254. 		return

  255. 	}

  256. 

  257. 	upload, err := packages_model.CreateBlobUpload(ctx)

  258. 	if err != nil {

  259. 		apiError(ctx, http.StatusInternalServerError, err)

  260. 		return

  261. 	}

  262. 

  263. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  264. 		Location:   fmt.Sprintf("/v2/%s/%s/blobs/uploads/%s", ctx.Package.Owner.LowerName, image, upload.ID),

  265. 		Range:      "0-0",

  266. 		UploadUUID: upload.ID,

  267. 		Status:     http.StatusAccepted,

  268. 	})

  269. }

  270. 

  271. // https://docs.docker.com/registry/spec/api/#get-blob-upload

  272. func GetUploadBlob(ctx *context.Context) {

  273. 	uuid := ctx.Params("uuid")

  274. 

  275. 	upload, err := packages_model.GetBlobUploadByID(ctx, uuid)

  276. 	if err != nil {

  277. 		if err == packages_model.ErrPackageBlobUploadNotExist {

  278. 			apiErrorDefined(ctx, errBlobUploadUnknown)

  279. 		} else {

  280. 			apiError(ctx, http.StatusInternalServerError, err)

  281. 		}

  282. 		return

  283. 	}

  284. 

  285. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  286. 		Range:      fmt.Sprintf("0-%d", upload.BytesReceived),

  287. 		UploadUUID: upload.ID,

  288. 		Status:     http.StatusNoContent,

  289. 	})

  290. }

  291. 

  292. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-a-blob-in-chunks

  293. func UploadBlob(ctx *context.Context) {

  294. 	image := ctx.Params("image")

  295. 

  296. 	uploader, err := container_service.NewBlobUploader(ctx, ctx.Params("uuid"))

  297. 	if err != nil {

  298. 		if err == packages_model.ErrPackageBlobUploadNotExist {

  299. 			apiErrorDefined(ctx, errBlobUploadUnknown)

  300. 		} else {

  301. 			apiError(ctx, http.StatusInternalServerError, err)

  302. 		}

  303. 		return

  304. 	}

  305. 	defer uploader.Close()

  306. 

  307. 	contentRange := ctx.Req.Header.Get("Content-Range")

  308. 	if contentRange != "" {

  309. 		start, end := 0, 0

  310. 		if _, err := fmt.Sscanf(contentRange, "%d-%d", &start, &end); err != nil {

  311. 			apiErrorDefined(ctx, errBlobUploadInvalid)

  312. 			return

  313. 		}

  314. 

  315. 		if int64(start) != uploader.Size() {

  316. 			apiErrorDefined(ctx, errBlobUploadInvalid.WithStatusCode(http.StatusRequestedRangeNotSatisfiable))

  317. 			return

  318. 		}

  319. 	} else if uploader.Size() != 0 {

  320. 		apiErrorDefined(ctx, errBlobUploadInvalid.WithMessage("Stream uploads after first write are not allowed"))

  321. 		return

  322. 	}

  323. 

  324. 	if err := uploader.Append(ctx, ctx.Req.Body); err != nil {

  325. 		apiError(ctx, http.StatusInternalServerError, err)

  326. 		return

  327. 	}

  328. 

  329. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  330. 		Location:   fmt.Sprintf("/v2/%s/%s/blobs/uploads/%s", ctx.Package.Owner.LowerName, image, uploader.ID),

  331. 		Range:      fmt.Sprintf("0-%d", uploader.Size()-1),

  332. 		UploadUUID: uploader.ID,

  333. 		Status:     http.StatusAccepted,

  334. 	})

  335. }

  336. 

  337. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-a-blob-in-chunks

  338. func EndUploadBlob(ctx *context.Context) {

  339. 	image := ctx.Params("image")

  340. 

  341. 	digest := ctx.FormTrim("digest")

  342. 	if digest == "" {

  343. 		apiErrorDefined(ctx, errDigestInvalid)

  344. 		return

  345. 	}

  346. 

  347. 	uploader, err := container_service.NewBlobUploader(ctx, ctx.Params("uuid"))

  348. 	if err != nil {

  349. 		if err == packages_model.ErrPackageBlobUploadNotExist {

  350. 			apiErrorDefined(ctx, errBlobUploadUnknown)

  351. 		} else {

  352. 			apiError(ctx, http.StatusInternalServerError, err)

  353. 		}

  354. 		return

  355. 	}

  356. 	close := true

  357. 	defer func() {

  358. 		if close {

  359. 			uploader.Close()

  360. 		}

  361. 	}()

  362. 

  363. 	if ctx.Req.Body != nil {

  364. 		if err := uploader.Append(ctx, ctx.Req.Body); err != nil {

  365. 			apiError(ctx, http.StatusInternalServerError, err)

  366. 			return

  367. 		}

  368. 	}

  369. 

  370. 	if digest != digestFromHashSummer(uploader) {

  371. 		apiErrorDefined(ctx, errDigestInvalid)

  372. 		return

  373. 	}

  374. 

  375. 	if _, err := saveAsPackageBlob(

  376. 		uploader,

  377. 		&packages_service.PackageCreationInfo{

  378. 			PackageInfo: packages_service.PackageInfo{

  379. 				Owner: ctx.Package.Owner,

  380. 				Name:  image,

  381. 			},

  382. 			Creator: ctx.Doer,

  383. 		},

  384. 	); err != nil {

  385. 		switch err {

  386. 		case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:

  387. 			apiError(ctx, http.StatusForbidden, err)

  388. 		default:

  389. 			apiError(ctx, http.StatusInternalServerError, err)

  390. 		}

  391. 		return

  392. 	}

  393. 

  394. 	if err := uploader.Close(); err != nil {

  395. 		apiError(ctx, http.StatusInternalServerError, err)

  396. 		return

  397. 	}

  398. 	close = false

  399. 

  400. 	if err := container_service.RemoveBlobUploadByID(ctx, uploader.ID); err != nil {

  401. 		apiError(ctx, http.StatusInternalServerError, err)

  402. 		return

  403. 	}

  404. 

  405. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  406. 		Location:      fmt.Sprintf("/v2/%s/%s/blobs/%s", ctx.Package.Owner.LowerName, image, digest),

  407. 		ContentDigest: digest,

  408. 		Status:        http.StatusCreated,

  409. 	})

  410. }

  411. 

  412. // https://docs.docker.com/registry/spec/api/#delete-blob-upload

  413. func CancelUploadBlob(ctx *context.Context) {

  414. 	uuid := ctx.Params("uuid")

  415. 

  416. 	_, err := packages_model.GetBlobUploadByID(ctx, uuid)

  417. 	if err != nil {

  418. 		if err == packages_model.ErrPackageBlobUploadNotExist {

  419. 			apiErrorDefined(ctx, errBlobUploadUnknown)

  420. 		} else {

  421. 			apiError(ctx, http.StatusInternalServerError, err)

  422. 		}

  423. 		return

  424. 	}

  425. 

  426. 	if err := container_service.RemoveBlobUploadByID(ctx, uuid); err != nil {

  427. 		apiError(ctx, http.StatusInternalServerError, err)

  428. 		return

  429. 	}

  430. 

  431. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  432. 		Status: http.StatusNoContent,

  433. 	})

  434. }

  435. 

  436. func getBlobFromContext(ctx *context.Context) (*packages_model.PackageFileDescriptor, error) {

  437. 	digest := ctx.Params("digest")

  438. 

  439. 	if !oci.Digest(digest).Validate() {

  440. 		return nil, container_model.ErrContainerBlobNotExist

  441. 	}

  442. 

  443. 	return workaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{

  444. 		OwnerID: ctx.Package.Owner.ID,

  445. 		Image:   ctx.Params("image"),

  446. 		Digest:  digest,

  447. 	})

  448. }

  449. 

  450. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#checking-if-content-exists-in-the-registry

  451. func HeadBlob(ctx *context.Context) {

  452. 	blob, err := getBlobFromContext(ctx)

  453. 	if err != nil {

  454. 		if err == container_model.ErrContainerBlobNotExist {

  455. 			apiErrorDefined(ctx, errBlobUnknown)

  456. 		} else {

  457. 			apiError(ctx, http.StatusInternalServerError, err)

  458. 		}

  459. 		return

  460. 	}

  461. 

  462. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  463. 		ContentDigest: blob.Properties.GetByName(container_module.PropertyDigest),

  464. 		ContentLength: blob.Blob.Size,

  465. 		Status:        http.StatusOK,

  466. 	})

  467. }

  468. 

  469. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-blobs

  470. func GetBlob(ctx *context.Context) {

  471. 	blob, err := getBlobFromContext(ctx)

  472. 	if err != nil {

  473. 		if err == container_model.ErrContainerBlobNotExist {

  474. 			apiErrorDefined(ctx, errBlobUnknown)

  475. 		} else {

  476. 			apiError(ctx, http.StatusInternalServerError, err)

  477. 		}

  478. 		return

  479. 	}

  480. 

  481. 	s, _, err := packages_service.GetPackageFileStream(ctx, blob.File)

  482. 	if err != nil {

  483. 		apiError(ctx, http.StatusInternalServerError, err)

  484. 		return

  485. 	}

  486. 	defer s.Close()

  487. 

  488. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  489. 		ContentDigest: blob.Properties.GetByName(container_module.PropertyDigest),

  490. 		ContentType:   blob.Properties.GetByName(container_module.PropertyMediaType),

  491. 		ContentLength: blob.Blob.Size,

  492. 		Status:        http.StatusOK,

  493. 	})

  494. 	if _, err := io.Copy(ctx.Resp, s); err != nil {

  495. 		log.Error("Error whilst copying content to response: %v", err)

  496. 	}

  497. }

  498. 

  499. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-blobs

  500. func DeleteBlob(ctx *context.Context) {

  501. 	digest := ctx.Params("digest")

  502. 

  503. 	if !oci.Digest(digest).Validate() {

  504. 		apiErrorDefined(ctx, errBlobUnknown)

  505. 		return

  506. 	}

  507. 

  508. 	if err := deleteBlob(ctx.Package.Owner.ID, ctx.Params("image"), digest); err != nil {

  509. 		apiError(ctx, http.StatusInternalServerError, err)

  510. 		return

  511. 	}

  512. 

  513. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  514. 		Status: http.StatusAccepted,

  515. 	})

  516. }

  517. 

  518. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests

  519. func UploadManifest(ctx *context.Context) {

  520. 	reference := ctx.Params("reference")

  521. 

  522. 	mci := &manifestCreationInfo{

  523. 		MediaType: oci.MediaType(ctx.Req.Header.Get("Content-Type")),

  524. 		Owner:     ctx.Package.Owner,

  525. 		Creator:   ctx.Doer,

  526. 		Image:     ctx.Params("image"),

  527. 		Reference: reference,

  528. 		IsTagged:  !oci.Digest(reference).Validate(),

  529. 	}

  530. 

  531. 	if mci.IsTagged && !oci.Reference(reference).Validate() {

  532. 		apiErrorDefined(ctx, errManifestInvalid.WithMessage("Tag is invalid"))

  533. 		return

  534. 	}

  535. 

  536. 	maxSize := maxManifestSize + 1

  537. 	buf, err := packages_module.CreateHashedBufferFromReader(&io.LimitedReader{R: ctx.Req.Body, N: int64(maxSize)}, maxSize)

  538. 	if err != nil {

  539. 		apiError(ctx, http.StatusInternalServerError, err)

  540. 		return

  541. 	}

  542. 	defer buf.Close()

  543. 

  544. 	if buf.Size() > maxManifestSize {

  545. 		apiErrorDefined(ctx, errManifestInvalid.WithMessage("Manifest exceeds maximum size").WithStatusCode(http.StatusRequestEntityTooLarge))

  546. 		return

  547. 	}

  548. 

  549. 	digest, err := processManifest(mci, buf)

  550. 	if err != nil {

  551. 		var namedError *namedError

  552. 		if errors.As(err, &namedError) {

  553. 			apiErrorDefined(ctx, namedError)

  554. 		} else if errors.Is(err, container_model.ErrContainerBlobNotExist) {

  555. 			apiErrorDefined(ctx, errBlobUnknown)

  556. 		} else {

  557. 			switch err {

  558. 			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:

  559. 				apiError(ctx, http.StatusForbidden, err)

  560. 			default:

  561. 				apiError(ctx, http.StatusInternalServerError, err)

  562. 			}

  563. 		}

  564. 		return

  565. 	}

  566. 

  567. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  568. 		Location:      fmt.Sprintf("/v2/%s/%s/manifests/%s", ctx.Package.Owner.LowerName, mci.Image, reference),

  569. 		ContentDigest: digest,

  570. 		Status:        http.StatusCreated,

  571. 	})

  572. }

  573. 

  574. func getManifestFromContext(ctx *context.Context) (*packages_model.PackageFileDescriptor, error) {

  575. 	reference := ctx.Params("reference")

  576. 

  577. 	opts := &container_model.BlobSearchOptions{

  578. 		OwnerID:    ctx.Package.Owner.ID,

  579. 		Image:      ctx.Params("image"),

  580. 		IsManifest: true,

  581. 	}

  582. 	if oci.Digest(reference).Validate() {

  583. 		opts.Digest = reference

  584. 	} else if oci.Reference(reference).Validate() {

  585. 		opts.Tag = reference

  586. 	} else {

  587. 		return nil, container_model.ErrContainerBlobNotExist

  588. 	}

  589. 

  590. 	return workaroundGetContainerBlob(ctx, opts)

  591. }

  592. 

  593. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#checking-if-content-exists-in-the-registry

  594. func HeadManifest(ctx *context.Context) {

  595. 	manifest, err := getManifestFromContext(ctx)

  596. 	if err != nil {

  597. 		if err == container_model.ErrContainerBlobNotExist {

  598. 			apiErrorDefined(ctx, errManifestUnknown)

  599. 		} else {

  600. 			apiError(ctx, http.StatusInternalServerError, err)

  601. 		}

  602. 		return

  603. 	}

  604. 

  605. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  606. 		ContentDigest: manifest.Properties.GetByName(container_module.PropertyDigest),

  607. 		ContentType:   manifest.Properties.GetByName(container_module.PropertyMediaType),

  608. 		ContentLength: manifest.Blob.Size,

  609. 		Status:        http.StatusOK,

  610. 	})

  611. }

  612. 

  613. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-manifests

  614. func GetManifest(ctx *context.Context) {

  615. 	manifest, err := getManifestFromContext(ctx)

  616. 	if err != nil {

  617. 		if err == container_model.ErrContainerBlobNotExist {

  618. 			apiErrorDefined(ctx, errManifestUnknown)

  619. 		} else {

  620. 			apiError(ctx, http.StatusInternalServerError, err)

  621. 		}

  622. 		return

  623. 	}

  624. 

  625. 	s, _, err := packages_service.GetPackageFileStream(ctx, manifest.File)

  626. 	if err != nil {

  627. 		apiError(ctx, http.StatusInternalServerError, err)

  628. 		return

  629. 	}

  630. 	defer s.Close()

  631. 

  632. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  633. 		ContentDigest: manifest.Properties.GetByName(container_module.PropertyDigest),

  634. 		ContentType:   manifest.Properties.GetByName(container_module.PropertyMediaType),

  635. 		ContentLength: manifest.Blob.Size,

  636. 		Status:        http.StatusOK,

  637. 	})

  638. 	if _, err := io.Copy(ctx.Resp, s); err != nil {

  639. 		log.Error("Error whilst copying content to response: %v", err)

  640. 	}

  641. }

  642. 

  643. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-tags

  644. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-manifests

  645. func DeleteManifest(ctx *context.Context) {

  646. 	reference := ctx.Params("reference")

  647. 

  648. 	opts := &container_model.BlobSearchOptions{

  649. 		OwnerID:    ctx.Package.Owner.ID,

  650. 		Image:      ctx.Params("image"),

  651. 		IsManifest: true,

  652. 	}

  653. 	if oci.Digest(reference).Validate() {

  654. 		opts.Digest = reference

  655. 	} else if oci.Reference(reference).Validate() {

  656. 		opts.Tag = reference

  657. 	} else {

  658. 		apiErrorDefined(ctx, errManifestUnknown)

  659. 		return

  660. 	}

  661. 

  662. 	pvs, err := container_model.GetManifestVersions(ctx, opts)

  663. 	if err != nil {

  664. 		apiError(ctx, http.StatusInternalServerError, err)

  665. 		return

  666. 	}

  667. 

  668. 	if len(pvs) == 0 {

  669. 		apiErrorDefined(ctx, errManifestUnknown)

  670. 		return

  671. 	}

  672. 

  673. 	for _, pv := range pvs {

  674. 		if err := packages_service.RemovePackageVersion(ctx.Doer, pv); err != nil {

  675. 			apiError(ctx, http.StatusInternalServerError, err)

  676. 			return

  677. 		}

  678. 	}

  679. 

  680. 	setResponseHeaders(ctx.Resp, &containerHeaders{

  681. 		Status: http.StatusAccepted,

  682. 	})

  683. }

  684. 

  685. // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#content-discovery

  686. func GetTagList(ctx *context.Context) {

  687. 	image := ctx.Params("image")

  688. 

  689. 	if _, err := packages_model.GetPackageByName(ctx, ctx.Package.Owner.ID, packages_model.TypeContainer, image); err != nil {

  690. 		if err == packages_model.ErrPackageNotExist {

  691. 			apiErrorDefined(ctx, errNameUnknown)

  692. 		} else {

  693. 			apiError(ctx, http.StatusInternalServerError, err)

  694. 		}

  695. 		return

  696. 	}

  697. 

  698. 	n := -1

  699. 	if ctx.FormTrim("n") != "" {

  700. 		n = ctx.FormInt("n")

  701. 	}

  702. 	last := ctx.FormTrim("last")

  703. 

  704. 	tags, err := container_model.GetImageTags(ctx, ctx.Package.Owner.ID, image, n, last)

  705. 	if err != nil {

  706. 		apiError(ctx, http.StatusInternalServerError, err)

  707. 		return

  708. 	}

  709. 

  710. 	type TagList struct {

  711. 		Name string   `json:"name"`

  712. 		Tags []string `json:"tags"`

  713. 	}

  714. 

  715. 	if len(tags) > 0 {

  716. 		v := url.Values{}

  717. 		if n > 0 {

  718. 			v.Add("n", strconv.Itoa(n))

  719. 		}

  720. 		v.Add("last", tags[len(tags)-1])

  721. 

  722. 		ctx.Resp.Header().Set("Link", fmt.Sprintf(`</v2/%s/%s/tags/list?%s>; rel="next"`, ctx.Package.Owner.LowerName, image, v.Encode()))

  723. 	}

  724. 

  725. 	jsonResponse(ctx, http.StatusOK, TagList{

  726. 		Name: strings.ToLower(ctx.Package.Owner.LowerName + "/" + image),

  727. 		Tags: tags,

  728. 	})

  729. }

  730. 

  731. // FIXME: Workaround to be removed in v1.20

  732. // https://github.com/go-gitea/gitea/issues/19586

  733. func workaroundGetContainerBlob(ctx *context.Context, opts *container_model.BlobSearchOptions) (*packages_model.PackageFileDescriptor, error) {

  734. 	blob, err := container_model.GetContainerBlob(ctx, opts)

  735. 	if err != nil {

  736. 		return nil, err

  737. 	}

  738. 

  739. 	err = packages_module.NewContentStore().Has(packages_module.BlobHash256Key(blob.Blob.HashSHA256))

  740. 	if err != nil {

  741. 		if errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist) {

  742. 			log.Debug("Package registry inconsistent: blob %s does not exist on file system", blob.Blob.HashSHA256)

  743. 			return nil, container_model.ErrContainerBlobNotExist

  744. 		}

  745. 		return nil, err

  746. 	}

  747. 

  748. 	return blob, nil

  749. }