Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-30 22:34:13 -05:00
Code Issues Activity

fix(search): added the missing headers for search route (#1438)

Browse source 
- added allow methods and allowed headers

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
This commit is contained in:
LaurentiuNiculae 2023-05-11 16:05:14 +03:00 committed by GitHub
parent ea79be64da
commit b7ef88c96d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/extensions/extension_search.go
View file

@ -179,11 +179,27 @@ func SetupSearchRoutes(config *config.Config, router *mux.Router, storeControlle
resConfig := search.GetResolverConfig(log, storeController, repoDB, cveInfo) resConfig := search.GetResolverConfig(log, storeController, repoDB, cveInfo)
extRouter := router.PathPrefix(constants.ExtSearchPrefix).Subrouter() extRouter := router.PathPrefix(constants.ExtSearchPrefix).Subrouter()
extRouter.Use(SearchACHeadersHandler())
extRouter.Methods("GET", "POST", "OPTIONS"). extRouter.Methods("GET", "POST", "OPTIONS").
Handler(addSearchSecurityHeaders(gqlHandler.NewDefaultServer(gql_generated.NewExecutableSchema(resConfig)))) Handler(addSearchSecurityHeaders(gqlHandler.NewDefaultServer(gql_generated.NewExecutableSchema(resConfig))))
} }
} }
func SearchACHeadersHandler() mux.MiddlewareFunc {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
resp.Header().Set("Access-Control-Allow-Methods", "HEAD,GET,POST,OPTIONS")
resp.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type")
if req.Method == http.MethodOptions {
return
}
next.ServeHTTP(resp, req)
})
}
}
func getExtension(name, url, description string, endpoints []string) distext.Extension { func getExtension(name, url, description string, endpoints []string) distext.Extension {
return distext.Extension{ return distext.Extension{
Name: name, Name: name,

23
pkg/extensions/extension_userprefs.go
View file

@ -31,20 +31,29 @@ func SetupUserPreferencesRoutes(config *config.Config, router *mux.Router, store
log.Info().Msg("setting up user preferences routes") log.Info().Msg("setting up user preferences routes")
userprefsRouter := router.PathPrefix(constants.ExtUserPreferencesPrefix).Subrouter() userprefsRouter := router.PathPrefix(constants.ExtUserPreferencesPrefix).Subrouter()
userprefsRouter.Use(UserPrefsACHeadersHandler())
userprefsRouter.HandleFunc("", HandleUserPrefs(repoDB, log)).Methods(zcommon.AllowedMethods(http.MethodPut)...) userprefsRouter.HandleFunc("", HandleUserPrefs(repoDB, log)).Methods(zcommon.AllowedMethods(http.MethodPut)...)
} }
} }
func UserPrefsACHeadersHandler() mux.MiddlewareFunc {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
resp.Header().Set("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,OPTIONS")
resp.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type")
if req.Method == http.MethodOptions {
return
}
next.ServeHTTP(resp, req)
})
}
}
func HandleUserPrefs(repoDB repodb.RepoDB, log log.Logger) func(w http.ResponseWriter, r *http.Request) { func HandleUserPrefs(repoDB repodb.RepoDB, log log.Logger) func(w http.ResponseWriter, r *http.Request) {
return func(rsp http.ResponseWriter, req *http.Request) { return func(rsp http.ResponseWriter, req *http.Request) {
rsp.Header().Set("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,OPTIONS")
rsp.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type")
if req.Method == http.MethodOptions {
return
}
if !queryHasParams(req.URL.Query(), []string{"action"}) { if !queryHasParams(req.URL.Query(), []string{"action"}) {
rsp.WriteHeader(http.StatusBadRequest) rsp.WriteHeader(http.StatusBadRequest)