Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 7930023de8 | |||
| 869a1f8c02 | |||
| 1b2ee0d37f | |||
| 33e7365a88 | |||
| 4c1f77e679 |
+3
-1
@@ -33,7 +33,9 @@ COPY --chown=appuser:appuser pyproject.toml uv.lock README.md ./
|
|||||||
# Switch to appuser and install Python dependencies
|
# Switch to appuser and install Python dependencies
|
||||||
USER appuser
|
USER appuser
|
||||||
ARG VERSION=dev
|
ARG VERSION=dev
|
||||||
RUN HATCH_VCS_PRETEND_VERSION=${VERSION} uv sync --frozen
|
ENV HATCH_VCS_PRETEND_VERSION=${VERSION} \
|
||||||
|
SETUPTOOLS_SCM_PRETEND_VERSION=${VERSION}
|
||||||
|
RUN uv sync --frozen
|
||||||
|
|
||||||
# Copy application source
|
# Copy application source
|
||||||
COPY --chown=appuser:appuser src/ ./src/
|
COPY --chown=appuser:appuser src/ ./src/
|
||||||
|
|||||||
@@ -452,6 +452,15 @@ async def docker_v2_proxy(request: Request, remote_name: str, path: str):
|
|||||||
if remote_config.get("type") != "docker":
|
if remote_config.get("type") != "docker":
|
||||||
raise HTTPException(status_code=400, detail=f"Remote '{remote_name}' is not a docker remote")
|
raise HTTPException(status_code=400, detail=f"Remote '{remote_name}' is not a docker remote")
|
||||||
|
|
||||||
|
# Check include_patterns against the image name (e.g. "library/nginx")
|
||||||
|
patterns = config.get_repository_patterns(remote_name, "")
|
||||||
|
if patterns:
|
||||||
|
path_parts = path.split("/")
|
||||||
|
image_name = "/".join(path_parts[:2]) if len(path_parts) >= 2 else path
|
||||||
|
if not any(re.search(p, path) or re.search(p, image_name) for p in patterns):
|
||||||
|
logger.info(f"PATTERN BLOCKED: {remote_name}/{path}")
|
||||||
|
raise HTTPException(status_code=403, detail="Image not allowed by configuration patterns")
|
||||||
|
|
||||||
remote_url = await construct_remote_url(remote_name, path)
|
remote_url = await construct_remote_url(remote_name, path)
|
||||||
|
|
||||||
cached_key = storage.get_object_key(remote_name, path)
|
cached_key = storage.get_object_key(remote_name, path)
|
||||||
|
|||||||
Reference in New Issue
Block a user