InvalidResponse, FreshLoginRequired, NotFound, ) from endpoints.decorators import check_anon_protection, require_xhr_from_browser, check_readonly from util.metrics.prometheus import timed_blueprint from util.names import parse_namespace_repository from util.pagination import encrypt_page_token, decrypt_page_token from util.request import get_request_ip from util.timedeltastring import convert_to_timedelta from __init__models_pre_oci import pre_oci_model as model logger = logging.getLogger(__name__) api_bp = timed_blueprint(Blueprint("api", __name__)) CROSS_DOMAIN_HEADERS = ["Authorization", "Content-Type", "X-Requested-With"] FRESH_LOGIN_TIMEOUT = convert_to_timedelta(app.config.get("FRESH_LOGIN_TIMEOUT", "10m")) class ApiExceptionHandlingApi(Api): @crossdomain(origin="*", headers=CROSS_DOMAIN_HEADERS) def handle_error(self, error): return super(ApiExceptionHandlingApi, self).handle_error(error) api = ApiExceptionHandlingApi() api.init_app(api_bp) api.decorators = [
from endpoints.v2.blob import BLOB_DIGEST_ROUTE from image.appc import AppCImageFormatter from image.shared import ManifestException from image.docker.squashed import SquashedDockerImageFormatter from storage import Storage from util.audit import track_and_log, wrap_repository from util.http import exact_abort from util.metrics.prometheus import timed_blueprint from util.registry.filelike import wrap_with_handler from util.registry.queuefile import QueueFile from util.registry.queueprocess import QueueProcess from util.registry.tarlayerformat import TarLayerFormatterReporter logger = logging.getLogger(__name__) verbs = timed_blueprint(Blueprint("verbs", __name__)) verb_stream_passes = Counter( "quay_verb_stream_passes_total", "number of passes over a tar stream used by verb requests", labelnames=["kind"], ) LAYER_MIMETYPE = "binary/octet-stream" QUEUE_FILE_TIMEOUT = 15 # seconds class VerbReporter(TarLayerFormatterReporter): def __init__(self, kind):
import logging from functools import wraps from flask import Blueprint, make_response, jsonify import features from app import app from data.readreplica import ReadOnlyModeException from endpoints.decorators import anon_protect, anon_allowed from util.http import abort from util.metrics.prometheus import timed_blueprint logger = logging.getLogger(__name__) v1_bp = timed_blueprint(Blueprint("v1", __name__)) # Note: This is *not* part of the Docker index spec. This is here for our own health check, # since we have nginx handle the _ping below. @v1_bp.route("/_internal_ping") @anon_allowed def internal_ping(): return make_response("true", 200) @v1_bp.route("/_ping") @anon_allowed def ping(): # NOTE: any changes made here must also be reflected in the nginx config response = make_response("true", 200)
V2RegistryException, Unauthorized, Unsupported, NameUnknown, ReadOnlyMode, InvalidRequest, QuotaExceeded, ) from util.http import abort from util.metrics.prometheus import timed_blueprint from util.registry.dockerver import docker_version from util.pagination import encrypt_page_token, decrypt_page_token from proxy import UpstreamRegistryError logger = logging.getLogger(__name__) v2_bp = timed_blueprint(Blueprint("v2", __name__)) @v2_bp.app_errorhandler(V2RegistryException) def handle_registry_v2_exception(error): response = jsonify({"errors": [error.as_dict()]}) response.status_code = error.http_status_code if response.status_code == 401: response.headers.extend( get_auth_headers(repository=error.repository, scopes=error.scopes)) logger.debug("sending response: %s", response.get_data()) return response @v2_bp.app_errorhandler(ReadOnlyModeException)
from functools import wraps from cnr.exception import Forbidden from flask import Blueprint from auth.permissions import ( AdministerRepositoryPermission, ReadRepositoryPermission, ModifyRepositoryPermission, ) from endpoints.appr.decorators import require_repo_permission from util.metrics.prometheus import timed_blueprint logger = logging.getLogger(__name__) appr_bp = timed_blueprint(Blueprint("appr", __name__)) def _raise_method(repository, scopes): raise Forbidden("Unauthorized access for: %s" % repository, { "package": repository, "scopes": scopes }) def _get_reponame_kwargs(*args, **kwargs): return [kwargs["namespace"], kwargs["package_name"]] require_app_repo_read = require_repo_permission( ReadRepositoryPermission,