github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/fix-github-actions-lint-error
zot/pkg/extensions/extension_ui.go
T
Andrei Aaron da426850e7 chore: update golangci-lint and fix all issues (#3575) 
* chore: Update golangci-lint

Signed-off-by: Lars Francke <git@lars-francke.de>

* chore: fix all golangci-lint issues

- Remove deprecated `// +build` tags
- Fix godoclint, modernize, wsl_v5, govet, lll, gci, noctx issues
- Update linter configuration
- Modernize code to use Go 1.22+ features (for range N, slices.Contains, etc.)
- Update make check lint the privileged tests

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Lars Francke <git@lars-francke.de>
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
Co-authored-by: Lars Francke <git@lars-francke.de>
2025-11-22 23:36:48 +02:00

100 lines
3.0 KiB
Go
Raw Permalink Blame History

//go:build search && ui
package extensions
import (
"embed"
"io/fs"
"net/http"
"strings"
"github.com/gorilla/mux"
"zotregistry.dev/zot/v2/pkg/api/config"
zcommon "zotregistry.dev/zot/v2/pkg/common"
"zotregistry.dev/zot/v2/pkg/log"
)
// content is our static web server content.
//
//go:embed build/*
var content embed.FS
type uiHandler struct {
log log.Logger
}
func (uih uiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
buf, _ := content.ReadFile("build/index.html")
_, err := w.Write(buf)
if err != nil {
uih.log.Error().Err(err).Msg("failed to serve index.html")
}
}
func addUISecurityHeaders(h http.Handler) http.HandlerFunc { //nolint:varnamelen
return func(w http.ResponseWriter, r *http.Request) {
permissionsPolicy := "microphone=(), geolocation=(), battery=(), camera=(), autoplay=(), gyroscope=(), payment=()"
w.Header().Set("Permissions-Policy", permissionsPolicy)
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
cspDirectives := []string{
"default-src 'none'",
"script-src 'self' 'unsafe-inline'",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"connect-src 'self'",
"img-src 'self' data:",
"manifest-src 'self'",
"base-uri 'self'",
}
w.Header().Set("Content-Security-Policy", strings.Join(cspDirectives, "; "))
h.ServeHTTP(w, r)
}
}
func SetupUIRoutes(conf *config.Config, router *mux.Router,
log log.Logger,
) {
extensionsConfig := conf.CopyExtensionsConfig()
if !extensionsConfig.IsUIEnabled() {
log.Info().Msg("skip enabling the ui route as the config prerequisites are not met")
return
}
log.Info().Msg("setting up ui routes")
fsub, _ := fs.Sub(content, "build")
uih := uiHandler{log: log}
// See https://go-review.googlesource.com/c/go/+/482635/2/src/net/http/fs.go
// See https://github.com/golang/go/issues/59469
// In go 1.20.4 they decided to allow any method in the FileServer handler.
// In order to be consistent with the status codes returned when the UI is disabled
// we need to be explicit about the methods we allow on UI routes.
// If we don't add this, all unmatched http methods on any urls would match the UI routes.
allowedMethods := zcommon.AllowedMethods(http.MethodGet)
router.PathPrefix("/login").Methods(allowedMethods...).
Handler(addUISecurityHeaders(uih))
router.PathPrefix("/home").Methods(allowedMethods...).
Handler(addUISecurityHeaders(uih))
router.PathPrefix("/explore").Methods(allowedMethods...).
Handler(addUISecurityHeaders(uih))
router.PathPrefix("/image").Methods(allowedMethods...).
Handler(addUISecurityHeaders(uih))
router.PathPrefix("/user").Methods(allowedMethods...).
Handler(addUISecurityHeaders(uih))
router.PathPrefix("/").Methods(allowedMethods...).
Handler(addUISecurityHeaders(http.FileServer(http.FS(fsub))))
log.Info().Msg("finished setting up ui routes")
}
Reference in New Issue View Git Blame Copy Permalink