mirror of
https://github.com/project-zot/zot.git
synced 2026-06-15 11:37:56 +08:00
Ramkumar Chinchani
934b22d124
* fix(security): enhance timeout configurations and body size limits for HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(tests): refactor backend result handling in proxyHTTPRequest test Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): preserve ContentLength in proxied requests to prevent server hang Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): preserve explicit zero-length request bodies in proxyHTTPRequest fix(tests): add test for normalizedTimeout function to ensure default fallback Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): prevent default HTTP timeout values from being set unless explicitly configured Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): refactor timeout handling to use explicit checks for nil and non-positive values Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(tests): add wait_for_event_count function to ensure expected event generation Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): improve timeout handling and update error responses for large requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): enhance HTTP timeout handling with explicit accessors and default values Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): increase default API key body size and timeout values for improved performance Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): unify timeout handling by replacing specific read/write timeouts with a single default timeout Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): consolidate HTTP timeout accessors and enhance timeout handling Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * fix(security): simplify HTTP timeout accessors and set default values for read/write timeouts Co-authored-by: Copilot <copilot@github.com> Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> Co-authored-by: Copilot <copilot@github.com>
62 lines
3.0 KiB
Go
62 lines
3.0 KiB
Go
package constants
|
|
|
|
import "time"
|
|
|
|
const (
|
|
RoutePrefix = "/v2"
|
|
Blobs = "blobs"
|
|
Uploads = "uploads"
|
|
DistAPIVersion = "Docker-Distribution-API-Version"
|
|
DistContentDigestKey = "Docker-Content-Digest"
|
|
// OCITagResponseKey is returned on digest manifest pushes that include tag query
|
|
// parameters (distribution-spec PR #600).
|
|
OCITagResponseKey = "OCI-Tag"
|
|
SubjectDigestKey = "OCI-Subject"
|
|
// MaxManifestDigestQueryTags is the maximum number of raw `tag=` query parameters accepted on
|
|
// PUT .../manifests/<digest>?tag=... (draft OCI distribution-spec: registries MUST support at
|
|
// least 10 and MAY respond with 414 beyond this limit). It uses the OCI tag max length (128;
|
|
// must match pkg/regexp.TagMaxLen) and an ~8KiB request-target budget, reserving 2048 bytes
|
|
// for path and digest:
|
|
//
|
|
// (8192 - 2048) / (len("tag=") + 128 + 1) == 46
|
|
MaxManifestDigestQueryTags = (8192 - 2048) / (len("tag=") + 128 + 1)
|
|
// MaxManifestBodySize is the maximum number of bytes accepted for a manifest PUT request body.
|
|
// OCI manifest JSON is always small metadata; 4 MiB is well above any realistic manifest.
|
|
MaxManifestBodySize = 4 * 1024 * 1024
|
|
// MaxAPIKeyBodySize is the maximum number of bytes accepted for an API-key creation request body.
|
|
MaxAPIKeyBodySize = 8 * 1024
|
|
// MaxImageTrustBodySize is the maximum number of bytes accepted for image-trust key/certificate uploads.
|
|
MaxImageTrustBodySize = 8 * 1024 * 1024
|
|
BlobUploadUUID = "Blob-Upload-UUID"
|
|
DefaultMediaType = "application/json"
|
|
BinaryMediaType = "application/octet-stream"
|
|
DefaultMetricsExtensionRoute = "/metrics"
|
|
AppNamespacePath = "/zot"
|
|
CallbackBasePath = AppNamespacePath + "/auth/callback"
|
|
LoginPath = AppNamespacePath + "/auth/login"
|
|
LogoutPath = AppNamespacePath + "/auth/logout"
|
|
APIKeyPath = AppNamespacePath + "/auth/apikey"
|
|
SessionClientHeaderName = "X-ZOT-API-CLIENT"
|
|
SessionClientHeaderValue = "zot-ui"
|
|
APIKeysPrefix = "zak_"
|
|
CallbackUIQueryParam = "callback_ui"
|
|
SchemeHTTP = "http"
|
|
SchemeHTTPS = "https"
|
|
APIKeyTimeFormat = time.RFC3339
|
|
// CreatePermission is an authz permission for create actions.
|
|
CreatePermission = "create"
|
|
// ReadPermission is an authz permission for read actions.
|
|
ReadPermission = "read"
|
|
// UpdatePermission is an authz permission for update actions.
|
|
UpdatePermission = "update"
|
|
// DeletePermission is an authz permission for delete actions.
|
|
DeletePermission = "delete"
|
|
// DetectManifestCollisionPermission is a behaviour action.
|
|
DetectManifestCollisionPermission = "detectManifestCollision"
|
|
// ScaleOutHopCountHeader is the zot scale-out hop count header.
|
|
ScaleOutHopCountHeader = "X-Zot-Cluster-Hop-Count"
|
|
// RepositoryLogKey is a log string key.
|
|
// These can be used together with the logger to add context to a log message.
|
|
RepositoryLogKey = "repository"
|
|
)
|