docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
d59cdafddec65058ebc7bd8ea50d9edade10cd68
quay/endpoints/v2/__init__.py
alecmerdler 3dd5f045ff fix all the docstrings
2020-02-05 19:55:07 -08:00

198 lines
6.3 KiB
Python
Raw Blame History

import logging
import os.path
from functools import wraps
from urlparse import urlparse
from urllib import urlencode
from flask import Blueprint, make_response, url_for, request, jsonify
from semantic_version import Spec
import features
from app import app, get_app_url
from auth.auth_context import get_authenticated_context
from auth.permissions import (
ReadRepositoryPermission,
ModifyRepositoryPermission,
AdministerRepositoryPermission,
)
from auth.registry_jwt_auth import process_registry_jwt_auth, get_auth_headers
from data.registry_model import registry_model
from data.readreplica import ReadOnlyModeException
from endpoints.decorators import anon_protect, anon_allowed, route_show_if
from endpoints.v2.errors import (
V2RegistryException,
Unauthorized,
Unsupported,
NameUnknown,
ReadOnlyMode,
)
from util.http import abort
from util.metrics.prometheus import timed_blueprint
from util.registry.dockerver import docker_version
from util.pagination import encrypt_page_token, decrypt_page_token
logger = logging.getLogger(__name__)
v2_bp = timed_blueprint(Blueprint("v2", __name__))
@v2_bp.app_errorhandler(V2RegistryException)
def handle_registry_v2_exception(error):
response = jsonify({"errors": [error.as_dict()]})
response.status_code = error.http_status_code
if response.status_code == 401:
response.headers.extend(get_auth_headers(repository=error.repository, scopes=error.scopes))
logger.debug("sending response: %s", response.get_data())
return response
@v2_bp.app_errorhandler(ReadOnlyModeException)
def handle_readonly(ex):
error = ReadOnlyMode()
response = jsonify({"errors": [error.as_dict()]})
response.status_code = error.http_status_code
logger.debug("sending response: %s", response.get_data())
return response
_MAX_RESULTS_PER_PAGE = app.config.get("V2_PAGINATION_SIZE", 100)
def paginate(
start_id_kwarg_name="start_id",
limit_kwarg_name="limit",
callback_kwarg_name="pagination_callback",
):
"""
Decorates a handler adding a parsed pagination token and a callback to encode a response token.
"""
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
try:
requested_limit = int(request.args.get("n", _MAX_RESULTS_PER_PAGE))
except ValueError:
requested_limit = 0
limit = max(min(requested_limit, _MAX_RESULTS_PER_PAGE), 1)
next_page_token = request.args.get("next_page", request.args.get("last", None))
# Decrypt the next page token, if any.
start_id = None
page_info = decrypt_page_token(next_page_token)
if page_info is not None:
start_id = page_info.get("start_id", None)
def callback(results, response):
if len(results) <= limit:
return
next_page_token = encrypt_page_token({"start_id": max([obj.id for obj in results])})
link_url = os.path.join(
get_app_url(), url_for(request.endpoint, **request.view_args)
)
link_param = urlencode({"n": limit, "next_page": next_page_token})
link = '<%s?%s>; rel="next"' % (link_url, link_param)
response.headers["Link"] = link
kwargs[limit_kwarg_name] = limit
kwargs[start_id_kwarg_name] = start_id
kwargs[callback_kwarg_name] = callback
return func(*args, **kwargs)
return wrapped
return wrapper
def _require_repo_permission(permission_class, scopes=None, allow_public=False):
def wrapper(func):
@wraps(func)
def wrapped(namespace_name, repo_name, *args, **kwargs):
logger.debug(
"Checking permission %s for repo: %s/%s",
permission_class,
namespace_name,
repo_name,
)
permission = permission_class(namespace_name, repo_name)
if permission.can():
return func(namespace_name, repo_name, *args, **kwargs)
repository = namespace_name + "/" + repo_name
if allow_public:
repository_ref = registry_model.lookup_repository(namespace_name, repo_name)
if repository_ref is None or not repository_ref.is_public:
raise Unauthorized(repository=repository, scopes=scopes)
if repository_ref.kind != "image":
msg = (
"This repository is for managing %s and not container images."
% repository_ref.kind
)
raise Unsupported(detail=msg)
if repository_ref.is_public:
if not features.ANONYMOUS_ACCESS:
raise Unauthorized(repository=repository, scopes=scopes)
return func(namespace_name, repo_name, *args, **kwargs)
raise Unauthorized(repository=repository, scopes=scopes)
return wrapped
return wrapper
require_repo_read = _require_repo_permission(
ReadRepositoryPermission, scopes=["pull"], allow_public=True
)
require_repo_write = _require_repo_permission(ModifyRepositoryPermission, scopes=["pull", "push"])
require_repo_admin = _require_repo_permission(
AdministerRepositoryPermission, scopes=["pull", "push"]
)
def get_input_stream(flask_request):
if flask_request.headers.get("transfer-encoding") == "chunked":
return flask_request.environ["wsgi.input"]
return flask_request.stream
@v2_bp.route("/")
@route_show_if(features.ADVERTISE_V2)
@process_registry_jwt_auth()
@anon_allowed
def v2_support_enabled():
docker_ver = docker_version(request.user_agent.string)
# Check if our version is one of the blacklisted versions, if we can't
# identify the version (None) we will fail open and assume that it is
# newer and therefore should not be blacklisted.
if docker_ver is not None and Spec(app.config["BLACKLIST_V2_SPEC"]).match(docker_ver):
abort(404)
response = make_response("true", 200)
if get_authenticated_context() is None:
response = make_response("true", 401)
response.headers.extend(get_auth_headers())
return response
from endpoints.v2 import (
blob,
catalog,
manifest,
tag,
v2auth,
)
View Git Blame Copy Permalink