github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 12:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9425ca8b7d0d121ae4d32a03beae34e7da0fb7fe
zot/pkg/api/constants/consts.go
T
Andrei Aaron 9425ca8b7d fix(auth): prevent open redirect via callback_ui (#3844) 
Validate callback_ui and default invalid values to /.
Allow absolute callback_ui only when its origin is allowlisted via http.auth.openid.callbackAllowOrigins (and externalUrl).
Add/adjust unit + controller tests and update examples/docs for relative vs allowlisted absolute redirect

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
2026-03-08 08:13:16 +02:00

44 lines
1.9 KiB
Go
Raw Blame History

package constants
import "time"
const (
RoutePrefix = "/v2"
Blobs = "blobs"
Uploads = "uploads"
DistAPIVersion = "Docker-Distribution-API-Version"
DistContentDigestKey = "Docker-Content-Digest"
SubjectDigestKey = "OCI-Subject"
BlobUploadUUID = "Blob-Upload-UUID"
DefaultMediaType = "application/json"
BinaryMediaType = "application/octet-stream"
DefaultMetricsExtensionRoute = "/metrics"
AppNamespacePath = "/zot"
CallbackBasePath = AppNamespacePath + "/auth/callback"
LoginPath = AppNamespacePath + "/auth/login"
LogoutPath = AppNamespacePath + "/auth/logout"
APIKeyPath = AppNamespacePath + "/auth/apikey"
SessionClientHeaderName = "X-ZOT-API-CLIENT"
SessionClientHeaderValue = "zot-ui"
APIKeysPrefix = "zak_"
CallbackUIQueryParam = "callback_ui"
SchemeHTTP = "http"
SchemeHTTPS = "https"
APIKeyTimeFormat = time.RFC3339
// CreatePermission is an authz permission for create actions.
CreatePermission = "create"
// ReadPermission is an authz permission for read actions.
ReadPermission = "read"
// UpdatePermission is an authz permission for update actions.
UpdatePermission = "update"
// DeletePermission is an authz permission for delete actions.
DeletePermission = "delete"
// DetectManifestCollisionPermission is a behaviour action.
DetectManifestCollisionPermission = "detectManifestCollision"
// ScaleOutHopCountHeader is the zot scale-out hop count header.
ScaleOutHopCountHeader = "X-Zot-Cluster-Hop-Count"
// RepositoryLogKey is a log string key.
// These can be used together with the logger to add context to a log message.
RepositoryLogKey = "repository"
)
Reference in New Issue View Git Blame Copy Permalink