api: Extracted client cert & HTTP JSON Render to utils.
This commit is contained in:
parent
20a126c84a
commit
9946382223
40
api/api.go
40
api/api.go
@ -17,18 +17,16 @@
|
|||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"crypto/tls"
|
|
||||||
"crypto/x509"
|
|
||||||
|
|
||||||
"github.com/coreos/pkg/capnslog"
|
"github.com/coreos/pkg/capnslog"
|
||||||
"github.com/coreos/clair/utils"
|
|
||||||
"github.com/tylerb/graceful"
|
"github.com/tylerb/graceful"
|
||||||
|
|
||||||
|
"github.com/coreos/clair/utils"
|
||||||
|
httputils "github.com/coreos/clair/utils/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
var log = capnslog.NewPackageLogger("github.com/coreos/clair", "api")
|
var log = capnslog.NewPackageLogger("github.com/coreos/clair", "api")
|
||||||
@ -49,12 +47,20 @@ func RunMain(conf *Config, st *utils.Stopper) {
|
|||||||
st.End()
|
st.End()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
tlsConfig, err := httputils.LoadTLSClientConfigForServer(conf.CAFile)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not initialize client cert authentification: %s\n", err)
|
||||||
|
}
|
||||||
|
if tlsConfig != nil {
|
||||||
|
log.Info("api configured with client certificate authentification")
|
||||||
|
}
|
||||||
|
|
||||||
srv := &graceful.Server{
|
srv := &graceful.Server{
|
||||||
Timeout: 0, // Already handled by our TimeOut middleware
|
Timeout: 0, // Already handled by our TimeOut middleware
|
||||||
NoSignalHandling: true, // We want to use our own Stopper
|
NoSignalHandling: true, // We want to use our own Stopper
|
||||||
Server: &http.Server{
|
Server: &http.Server{
|
||||||
Addr: ":" + strconv.Itoa(conf.Port),
|
Addr: ":" + strconv.Itoa(conf.Port),
|
||||||
TLSConfig: setupClientCert(conf.CAFile),
|
TLSConfig: tlsConfig,
|
||||||
Handler: NewVersionRouter(conf.TimeOut),
|
Handler: NewVersionRouter(conf.TimeOut),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -102,25 +108,3 @@ func listenAndServeWithStopper(srv *graceful.Server, st *utils.Stopper, certFile
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// setupClientCert creates a tls.Config instance using a CA file path
|
|
||||||
// (if provided) and and calls log.Fatal if it does not exist.
|
|
||||||
func setupClientCert(caFile string) *tls.Config {
|
|
||||||
if len(caFile) > 0 {
|
|
||||||
log.Info("API: Client Certificate Authentification Enabled")
|
|
||||||
caCert, err := ioutil.ReadFile(caFile)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
caCertPool := x509.NewCertPool()
|
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
|
||||||
return &tls.Config{
|
|
||||||
ClientCAs: caCertPool,
|
|
||||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return &tls.Config{
|
|
||||||
ClientAuth: tls.NoClientCert,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
@ -1,78 +0,0 @@
|
|||||||
// Copyright 2015 clair authors
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
// Package jsonhttp provides helper functions to write JSON responses to
|
|
||||||
// http.ResponseWriter and read JSON bodies from http.Request.
|
|
||||||
package jsonhttp
|
|
||||||
|
|
||||||
import (
|
|
||||||
"encoding/json"
|
|
||||||
"io"
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"github.com/coreos/clair/database"
|
|
||||||
cerrors "github.com/coreos/clair/utils/errors"
|
|
||||||
"github.com/coreos/clair/worker"
|
|
||||||
)
|
|
||||||
|
|
||||||
// MaxPostSize is the maximum number of bytes that ParseBody reads from an
|
|
||||||
// http.Request.Body.
|
|
||||||
var MaxPostSize int64 = 1048576
|
|
||||||
|
|
||||||
// Render writes a JSON-encoded object to a http.ResponseWriter, as well as
|
|
||||||
// a HTTP status code.
|
|
||||||
func Render(w http.ResponseWriter, httpStatus int, v interface{}) {
|
|
||||||
w.WriteHeader(httpStatus)
|
|
||||||
if v != nil {
|
|
||||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
||||||
result, _ := json.Marshal(v)
|
|
||||||
w.Write(result)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// RenderError writes an error, wrapped in the Message field of a JSON-encoded
|
|
||||||
// object to a http.ResponseWriter, as well as a HTTP status code.
|
|
||||||
// If the status code is 0, RenderError tries to guess the proper HTTP status
|
|
||||||
// code from the error type.
|
|
||||||
func RenderError(w http.ResponseWriter, httpStatus int, err error) {
|
|
||||||
if httpStatus == 0 {
|
|
||||||
httpStatus = http.StatusInternalServerError
|
|
||||||
// Try to guess the http status code from the error type
|
|
||||||
if _, isBadRequestError := err.(*cerrors.ErrBadRequest); isBadRequestError {
|
|
||||||
httpStatus = http.StatusBadRequest
|
|
||||||
} else {
|
|
||||||
switch err {
|
|
||||||
case cerrors.ErrNotFound:
|
|
||||||
httpStatus = http.StatusNotFound
|
|
||||||
case database.ErrTransaction, database.ErrBackendException:
|
|
||||||
httpStatus = http.StatusServiceUnavailable
|
|
||||||
case worker.ErrParentUnknown, worker.ErrUnsupported:
|
|
||||||
httpStatus = http.StatusBadRequest
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Render(w, httpStatus, struct{ Message string }{Message: err.Error()})
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParseBody reads a JSON-encoded body from a http.Request and unmarshals it
|
|
||||||
// into the provided object.
|
|
||||||
func ParseBody(r *http.Request, v interface{}) (int, error) {
|
|
||||||
defer r.Body.Close()
|
|
||||||
err := json.NewDecoder(io.LimitReader(r.Body, MaxPostSize)).Decode(v)
|
|
||||||
if err != nil {
|
|
||||||
return http.StatusUnsupportedMediaType, err
|
|
||||||
}
|
|
||||||
return 0, nil
|
|
||||||
}
|
|
@ -20,10 +20,11 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/coreos/clair/api/jsonhttp"
|
|
||||||
"github.com/coreos/clair/health"
|
|
||||||
"github.com/coreos/clair/worker"
|
|
||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
|
|
||||||
|
"github.com/coreos/clair/health"
|
||||||
|
httputils "github.com/coreos/clair/utils/http"
|
||||||
|
"github.com/coreos/clair/worker"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Version is an integer representing the API version.
|
// Version is an integer representing the API version.
|
||||||
@ -31,7 +32,7 @@ const Version = 1
|
|||||||
|
|
||||||
// GETVersions returns API and Engine versions.
|
// GETVersions returns API and Engine versions.
|
||||||
func GETVersions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
func GETVersions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||||
jsonhttp.Render(w, http.StatusOK, struct {
|
httputils.WriteHTTP(w, http.StatusOK, struct {
|
||||||
APIVersion string
|
APIVersion string
|
||||||
EngineVersion string
|
EngineVersion string
|
||||||
}{
|
}{
|
||||||
@ -49,6 +50,6 @@ func GETHealth(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|||||||
httpStatus = http.StatusServiceUnavailable
|
httpStatus = http.StatusServiceUnavailable
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, httpStatus, statuses)
|
httputils.WriteHTTP(w, httpStatus, statuses)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -19,12 +19,13 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/coreos/clair/api/jsonhttp"
|
"github.com/julienschmidt/httprouter"
|
||||||
|
|
||||||
"github.com/coreos/clair/database"
|
"github.com/coreos/clair/database"
|
||||||
cerrors "github.com/coreos/clair/utils/errors"
|
cerrors "github.com/coreos/clair/utils/errors"
|
||||||
|
httputils "github.com/coreos/clair/utils/http"
|
||||||
"github.com/coreos/clair/utils/types"
|
"github.com/coreos/clair/utils/types"
|
||||||
"github.com/coreos/clair/worker"
|
"github.com/coreos/clair/worker"
|
||||||
"github.com/julienschmidt/httprouter"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// POSTLayersParameters represents the expected parameters for POSTLayers.
|
// POSTLayersParameters represents the expected parameters for POSTLayers.
|
||||||
@ -36,19 +37,19 @@ type POSTLayersParameters struct {
|
|||||||
// for the analysis.
|
// for the analysis.
|
||||||
func POSTLayers(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
func POSTLayers(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||||
var parameters POSTLayersParameters
|
var parameters POSTLayersParameters
|
||||||
if s, err := jsonhttp.ParseBody(r, ¶meters); err != nil {
|
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||||
jsonhttp.RenderError(w, s, err)
|
httputils.WriteHTTPError(w, s, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process data.
|
// Process data.
|
||||||
if err := worker.Process(parameters.ID, parameters.ParentID, parameters.Path); err != nil {
|
if err := worker.Process(parameters.ID, parameters.ParentID, parameters.Path); err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get engine version and return.
|
// Get engine version and return.
|
||||||
jsonhttp.Render(w, http.StatusCreated, struct{ Version string }{Version: strconv.Itoa(worker.Version)})
|
httputils.WriteHTTP(w, http.StatusCreated, struct{ Version string }{Version: strconv.Itoa(worker.Version)})
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeleteLayer deletes the specified layer and any child layers that are
|
// DeleteLayer deletes the specified layer and any child layers that are
|
||||||
@ -56,11 +57,11 @@ func POSTLayers(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|||||||
func DELETELayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func DELETELayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
err := database.DeleteLayer(p.ByName("id"))
|
err := database.DeleteLayer(p.ByName("id"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusNoContent, nil)
|
httputils.WriteHTTP(w, http.StatusNoContent, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersOS returns the operating system of a layer if it exists.
|
// GETLayersOS returns the operating system of a layer if it exists.
|
||||||
@ -70,18 +71,18 @@ func GETLayersOS(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
|||||||
// Find layer.
|
// Find layer.
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerOS})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerOS})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get OS.
|
// Get OS.
|
||||||
os, err := layer.OperatingSystem()
|
os, err := layer.OperatingSystem()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ OS string }{OS: os})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ OS string }{OS: os})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersParent returns the parent ID of a layer if it exists.
|
// GETLayersParent returns the parent ID of a layer if it exists.
|
||||||
@ -90,14 +91,14 @@ func GETLayersParent(w http.ResponseWriter, r *http.Request, p httprouter.Params
|
|||||||
// Find layer
|
// Find layer
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get layer's parent.
|
// Get layer's parent.
|
||||||
parent, err := layer.Parent([]string{database.FieldLayerID})
|
parent, err := layer.Parent([]string{database.FieldLayerID})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,7 +106,7 @@ func GETLayersParent(w http.ResponseWriter, r *http.Request, p httprouter.Params
|
|||||||
if parent != nil {
|
if parent != nil {
|
||||||
ID = parent.ID
|
ID = parent.ID
|
||||||
}
|
}
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ ID string }{ID: ID})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ ID string }{ID: ID})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersPackages returns the complete list of packages that a layer has
|
// GETLayersPackages returns the complete list of packages that a layer has
|
||||||
@ -114,14 +115,14 @@ func GETLayersPackages(w http.ResponseWriter, r *http.Request, p httprouter.Para
|
|||||||
// Find layer
|
// Find layer
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer's packages.
|
// Find layer's packages.
|
||||||
packagesNodes, err := layer.AllPackages()
|
packagesNodes, err := layer.AllPackages()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -129,12 +130,12 @@ func GETLayersPackages(w http.ResponseWriter, r *http.Request, p httprouter.Para
|
|||||||
if len(packagesNodes) > 0 {
|
if len(packagesNodes) > 0 {
|
||||||
packages, err = database.FindAllPackagesByNodes(packagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
packages, err = database.FindAllPackagesByNodes(packagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ Packages []*database.Package }{Packages: packages})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ Packages []*database.Package }{Packages: packages})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersPackagesDiff returns the list of packages that a layer installs and
|
// GETLayersPackagesDiff returns the list of packages that a layer installs and
|
||||||
@ -143,7 +144,7 @@ func GETLayersPackagesDiff(w http.ResponseWriter, r *http.Request, p httprouter.
|
|||||||
// Find layer.
|
// Find layer.
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -152,19 +153,19 @@ func GETLayersPackagesDiff(w http.ResponseWriter, r *http.Request, p httprouter.
|
|||||||
if len(layer.InstalledPackagesNodes) > 0 {
|
if len(layer.InstalledPackagesNodes) > 0 {
|
||||||
installedPackages, err = database.FindAllPackagesByNodes(layer.InstalledPackagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
installedPackages, err = database.FindAllPackagesByNodes(layer.InstalledPackagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(layer.RemovedPackagesNodes) > 0 {
|
if len(layer.RemovedPackagesNodes) > 0 {
|
||||||
removedPackages, err = database.FindAllPackagesByNodes(layer.RemovedPackagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
removedPackages, err = database.FindAllPackagesByNodes(layer.RemovedPackagesNodes, []string{database.FieldPackageOS, database.FieldPackageName, database.FieldPackageVersion})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ InstalledPackages, RemovedPackages []*database.Package }{InstalledPackages: installedPackages, RemovedPackages: removedPackages})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ InstalledPackages, RemovedPackages []*database.Package }{InstalledPackages: installedPackages, RemovedPackages: removedPackages})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersVulnerabilities returns the complete list of vulnerabilities that
|
// GETLayersVulnerabilities returns the complete list of vulnerabilities that
|
||||||
@ -175,32 +176,32 @@ func GETLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p httprout
|
|||||||
if minimumPriority == "" {
|
if minimumPriority == "" {
|
||||||
minimumPriority = "High" // Set default priority to High
|
minimumPriority = "High" // Set default priority to High
|
||||||
} else if !minimumPriority.IsValid() {
|
} else if !minimumPriority.IsValid() {
|
||||||
jsonhttp.RenderError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
httputils.WriteHTTPError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer
|
// Find layer
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerParent, database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer's packages.
|
// Find layer's packages.
|
||||||
packagesNodes, err := layer.AllPackages()
|
packagesNodes, err := layer.AllPackages()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find vulnerabilities.
|
// Find vulnerabilities.
|
||||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ Vulnerabilities []*database.Vulnerability }{Vulnerabilities: vulnerabilities})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ Vulnerabilities []*database.Vulnerability }{Vulnerabilities: vulnerabilities})
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETLayersVulnerabilitiesDiff returns the list of vulnerabilities that a layer
|
// GETLayersVulnerabilitiesDiff returns the list of vulnerabilities that a layer
|
||||||
@ -211,14 +212,14 @@ func GETLayersVulnerabilitiesDiff(w http.ResponseWriter, r *http.Request, p http
|
|||||||
if minimumPriority == "" {
|
if minimumPriority == "" {
|
||||||
minimumPriority = "High" // Set default priority to High
|
minimumPriority = "High" // Set default priority to High
|
||||||
} else if !minimumPriority.IsValid() {
|
} else if !minimumPriority.IsValid() {
|
||||||
jsonhttp.RenderError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
httputils.WriteHTTPError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer.
|
// Find layer.
|
||||||
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(p.ByName("id"), []string{database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -228,14 +229,14 @@ func GETLayersVulnerabilitiesDiff(w http.ResponseWriter, r *http.Request, p http
|
|||||||
// Find vulnerabilities for installed packages.
|
// Find vulnerabilities for installed packages.
|
||||||
addedVulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(layer.InstalledPackagesNodes, minimumPriority, selectedFields)
|
addedVulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(layer.InstalledPackagesNodes, minimumPriority, selectedFields)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find vulnerabilities for removed packages.
|
// Find vulnerabilities for removed packages.
|
||||||
removedVulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(layer.RemovedPackagesNodes, minimumPriority, selectedFields)
|
removedVulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(layer.RemovedPackagesNodes, minimumPriority, selectedFields)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -249,7 +250,7 @@ func GETLayersVulnerabilitiesDiff(w http.ResponseWriter, r *http.Request, p http
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ Adds, Removes []*database.Vulnerability }{Adds: addedVulnerabilities, Removes: removedVulnerabilities})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ Adds, Removes []*database.Vulnerability }{Adds: addedVulnerabilities, Removes: removedVulnerabilities})
|
||||||
}
|
}
|
||||||
|
|
||||||
// POSTBatchLayersVulnerabilitiesParameters represents the expected parameters
|
// POSTBatchLayersVulnerabilitiesParameters represents the expected parameters
|
||||||
@ -263,12 +264,12 @@ type POSTBatchLayersVulnerabilitiesParameters struct {
|
|||||||
func POSTBatchLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func POSTBatchLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
// Parse body
|
// Parse body
|
||||||
var parameters POSTBatchLayersVulnerabilitiesParameters
|
var parameters POSTBatchLayersVulnerabilitiesParameters
|
||||||
if s, err := jsonhttp.ParseBody(r, ¶meters); err != nil {
|
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||||
jsonhttp.RenderError(w, s, err)
|
httputils.WriteHTTPError(w, s, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(parameters.LayersIDs) == 0 {
|
if len(parameters.LayersIDs) == 0 {
|
||||||
jsonhttp.RenderError(w, http.StatusBadRequest, errors.New("at least one LayerID query parameter must be provided"))
|
httputils.WriteHTTPError(w, http.StatusBadRequest, errors.New("at least one LayerID query parameter must be provided"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -277,7 +278,7 @@ func POSTBatchLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p ht
|
|||||||
if minimumPriority == "" {
|
if minimumPriority == "" {
|
||||||
minimumPriority = "High" // Set default priority to High
|
minimumPriority = "High" // Set default priority to High
|
||||||
} else if !minimumPriority.IsValid() {
|
} else if !minimumPriority.IsValid() {
|
||||||
jsonhttp.RenderError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
httputils.WriteHTTPError(w, 0, cerrors.NewBadRequestError("invalid priority"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -287,28 +288,28 @@ func POSTBatchLayersVulnerabilities(w http.ResponseWriter, r *http.Request, p ht
|
|||||||
// Find layer
|
// Find layer
|
||||||
layer, err := database.FindOneLayerByID(layerID, []string{database.FieldLayerParent, database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(layerID, []string{database.FieldLayerParent, database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer's packages.
|
// Find layer's packages.
|
||||||
packagesNodes, err := layer.AllPackages()
|
packagesNodes, err := layer.AllPackages()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find vulnerabilities.
|
// Find vulnerabilities.
|
||||||
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
vulnerabilities, err := getVulnerabilitiesFromLayerPackagesNodes(packagesNodes, minimumPriority, []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityCausedByPackage})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
response[layerID] = struct{ Vulnerabilities []*database.Vulnerability }{Vulnerabilities: vulnerabilities}
|
response[layerID] = struct{ Vulnerabilities []*database.Vulnerability }{Vulnerabilities: vulnerabilities}
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, response)
|
httputils.WriteHTTP(w, http.StatusOK, response)
|
||||||
}
|
}
|
||||||
|
|
||||||
// getSuccessorsFromPackagesNodes returns the node list of packages that have
|
// getSuccessorsFromPackagesNodes returns the node list of packages that have
|
||||||
|
@ -18,10 +18,11 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/coreos/clair/api/jsonhttp"
|
"github.com/julienschmidt/httprouter"
|
||||||
|
|
||||||
"github.com/coreos/clair/database"
|
"github.com/coreos/clair/database"
|
||||||
cerrors "github.com/coreos/clair/utils/errors"
|
cerrors "github.com/coreos/clair/utils/errors"
|
||||||
"github.com/julienschmidt/httprouter"
|
httputils "github.com/coreos/clair/utils/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GETVulnerabilities returns a vulnerability identified by an ID if it exists.
|
// GETVulnerabilities returns a vulnerability identified by an ID if it exists.
|
||||||
@ -29,36 +30,36 @@ func GETVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Par
|
|||||||
// Find vulnerability.
|
// Find vulnerability.
|
||||||
vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityFixedIn})
|
vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityID, database.FieldVulnerabilityLink, database.FieldVulnerabilityPriority, database.FieldVulnerabilityDescription, database.FieldVulnerabilityFixedIn})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
abstractVulnerability, err := vulnerability.ToAbstractVulnerability()
|
abstractVulnerability, err := vulnerability.ToAbstractVulnerability()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, abstractVulnerability)
|
httputils.WriteHTTP(w, http.StatusOK, abstractVulnerability)
|
||||||
}
|
}
|
||||||
|
|
||||||
// POSTVulnerabilities manually inserts a vulnerability into the database if it
|
// POSTVulnerabilities manually inserts a vulnerability into the database if it
|
||||||
// does not exist yet.
|
// does not exist yet.
|
||||||
func POSTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func POSTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
var parameters *database.AbstractVulnerability
|
var parameters *database.AbstractVulnerability
|
||||||
if s, err := jsonhttp.ParseBody(r, ¶meters); err != nil {
|
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||||
jsonhttp.RenderError(w, s, err)
|
httputils.WriteHTTPError(w, s, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure that the vulnerability does not exist.
|
// Ensure that the vulnerability does not exist.
|
||||||
vulnerability, err := database.FindOneVulnerability(parameters.ID, []string{})
|
vulnerability, err := database.FindOneVulnerability(parameters.ID, []string{})
|
||||||
if err != nil && err != cerrors.ErrNotFound {
|
if err != nil && err != cerrors.ErrNotFound {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if vulnerability != nil {
|
if vulnerability != nil {
|
||||||
jsonhttp.RenderError(w, 0, cerrors.NewBadRequestError("vulnerability already exists"))
|
httputils.WriteHTTPError(w, 0, cerrors.NewBadRequestError("vulnerability already exists"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,7 +67,7 @@ func POSTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Pa
|
|||||||
packages := database.AbstractPackagesToPackages(parameters.AffectedPackages)
|
packages := database.AbstractPackagesToPackages(parameters.AffectedPackages)
|
||||||
err = database.InsertPackages(packages)
|
err = database.InsertPackages(packages)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var pkgNodes []string
|
var pkgNodes []string
|
||||||
@ -77,25 +78,25 @@ func POSTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Pa
|
|||||||
// Insert vulnerability.
|
// Insert vulnerability.
|
||||||
notifications, err := database.InsertVulnerabilities([]*database.Vulnerability{parameters.ToVulnerability(pkgNodes)})
|
notifications, err := database.InsertVulnerabilities([]*database.Vulnerability{parameters.ToVulnerability(pkgNodes)})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Insert notifications.
|
// Insert notifications.
|
||||||
err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
|
err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusCreated, nil)
|
httputils.WriteHTTP(w, http.StatusCreated, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// PUTVulnerabilities updates a vulnerability if it exists.
|
// PUTVulnerabilities updates a vulnerability if it exists.
|
||||||
func PUTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func PUTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
var parameters *database.AbstractVulnerability
|
var parameters *database.AbstractVulnerability
|
||||||
if s, err := jsonhttp.ParseBody(r, ¶meters); err != nil {
|
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||||
jsonhttp.RenderError(w, s, err)
|
httputils.WriteHTTPError(w, s, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
parameters.ID = p.ByName("id")
|
parameters.ID = p.ByName("id")
|
||||||
@ -103,7 +104,7 @@ func PUTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Par
|
|||||||
// Ensure that the vulnerability exists.
|
// Ensure that the vulnerability exists.
|
||||||
_, err := database.FindOneVulnerability(parameters.ID, []string{})
|
_, err := database.FindOneVulnerability(parameters.ID, []string{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -111,7 +112,7 @@ func PUTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Par
|
|||||||
packages := database.AbstractPackagesToPackages(parameters.AffectedPackages)
|
packages := database.AbstractPackagesToPackages(parameters.AffectedPackages)
|
||||||
err = database.InsertPackages(packages)
|
err = database.InsertPackages(packages)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var pkgNodes []string
|
var pkgNodes []string
|
||||||
@ -122,29 +123,29 @@ func PUTVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Par
|
|||||||
// Insert vulnerability.
|
// Insert vulnerability.
|
||||||
notifications, err := database.InsertVulnerabilities([]*database.Vulnerability{parameters.ToVulnerability(pkgNodes)})
|
notifications, err := database.InsertVulnerabilities([]*database.Vulnerability{parameters.ToVulnerability(pkgNodes)})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Insert notifications.
|
// Insert notifications.
|
||||||
err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
|
err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusCreated, nil)
|
httputils.WriteHTTP(w, http.StatusCreated, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// DELVulnerabilities deletes a vulnerability if it exists.
|
// DELVulnerabilities deletes a vulnerability if it exists.
|
||||||
func DELVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func DELVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
err := database.DeleteVulnerability(p.ByName("id"))
|
err := database.DeleteVulnerability(p.ByName("id"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusNoContent, nil)
|
httputils.WriteHTTP(w, http.StatusNoContent, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GETVulnerabilitiesIntroducingLayers returns the list of layers that
|
// GETVulnerabilitiesIntroducingLayers returns the list of layers that
|
||||||
@ -155,13 +156,13 @@ func GETVulnerabilitiesIntroducingLayers(w http.ResponseWriter, r *http.Request,
|
|||||||
// Find vulnerability to verify that it exists.
|
// Find vulnerability to verify that it exists.
|
||||||
_, err := database.FindOneVulnerability(p.ByName("id"), []string{})
|
_, err := database.FindOneVulnerability(p.ByName("id"), []string{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
layers, err := database.FindAllLayersIntroducingVulnerability(p.ByName("id"), []string{database.FieldLayerID})
|
layers, err := database.FindAllLayersIntroducingVulnerability(p.ByName("id"), []string{database.FieldLayerID})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -170,7 +171,7 @@ func GETVulnerabilitiesIntroducingLayers(w http.ResponseWriter, r *http.Request,
|
|||||||
layersIDs = append(layersIDs, l.ID)
|
layersIDs = append(layersIDs, l.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, struct{ IntroducingLayersIDs []string }{IntroducingLayersIDs: layersIDs})
|
httputils.WriteHTTP(w, http.StatusOK, struct{ IntroducingLayersIDs []string }{IntroducingLayersIDs: layersIDs})
|
||||||
}
|
}
|
||||||
|
|
||||||
// POSTVulnerabilitiesAffectedLayersParameters represents the expected
|
// POSTVulnerabilitiesAffectedLayersParameters represents the expected
|
||||||
@ -184,19 +185,19 @@ type POSTVulnerabilitiesAffectedLayersParameters struct {
|
|||||||
func POSTVulnerabilitiesAffectedLayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
func POSTVulnerabilitiesAffectedLayers(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
|
||||||
// Parse body.
|
// Parse body.
|
||||||
var parameters POSTBatchLayersVulnerabilitiesParameters
|
var parameters POSTBatchLayersVulnerabilitiesParameters
|
||||||
if s, err := jsonhttp.ParseBody(r, ¶meters); err != nil {
|
if s, err := httputils.ParseHTTPBody(r, ¶meters); err != nil {
|
||||||
jsonhttp.RenderError(w, s, err)
|
httputils.WriteHTTPError(w, s, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(parameters.LayersIDs) == 0 {
|
if len(parameters.LayersIDs) == 0 {
|
||||||
jsonhttp.RenderError(w, http.StatusBadRequest, errors.New("getting the entire list of affected layers is not supported yet: at least one LayerID query parameter must be provided"))
|
httputils.WriteHTTPError(w, http.StatusBadRequest, errors.New("getting the entire list of affected layers is not supported yet: at least one LayerID query parameter must be provided"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find vulnerability.
|
// Find vulnerability.
|
||||||
vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityFixedIn})
|
vulnerability, err := database.FindOneVulnerability(p.ByName("id"), []string{database.FieldVulnerabilityFixedIn})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -212,21 +213,21 @@ func POSTVulnerabilitiesAffectedLayers(w http.ResponseWriter, r *http.Request, p
|
|||||||
// Find layer
|
// Find layer
|
||||||
layer, err := database.FindOneLayerByID(layerID, []string{database.FieldLayerParent, database.FieldLayerPackages, database.FieldLayerPackages})
|
layer, err := database.FindOneLayerByID(layerID, []string{database.FieldLayerParent, database.FieldLayerPackages, database.FieldLayerPackages})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Find layer's packages.
|
// Find layer's packages.
|
||||||
packagesNodes, err := layer.AllPackages()
|
packagesNodes, err := layer.AllPackages()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get successors packages of layer' packages.
|
// Get successors packages of layer' packages.
|
||||||
successors, err := getSuccessorsFromPackagesNodes(packagesNodes)
|
successors, err := getSuccessorsFromPackagesNodes(packagesNodes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
jsonhttp.RenderError(w, 0, err)
|
httputils.WriteHTTPError(w, 0, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -243,5 +244,5 @@ func POSTVulnerabilitiesAffectedLayers(w http.ResponseWriter, r *http.Request, p
|
|||||||
response[layerID] = struct{ Vulnerable bool }{Vulnerable: vulnerable}
|
response[layerID] = struct{ Vulnerable bool }{Vulnerable: vulnerable}
|
||||||
}
|
}
|
||||||
|
|
||||||
jsonhttp.Render(w, http.StatusOK, response)
|
httputils.WriteHTTP(w, http.StatusOK, response)
|
||||||
}
|
}
|
||||||
|
@ -19,13 +19,13 @@ package wrappers
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/coreos/clair/api/jsonhttp"
|
|
||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
|
|
||||||
|
httputils "github.com/coreos/clair/utils/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ErrHandlerTimeout is returned on ResponseWriter Write calls
|
// ErrHandlerTimeout is returned on ResponseWriter Write calls
|
||||||
@ -77,7 +77,6 @@ func (tw *timeoutWriter) WriteHeader(status int) {
|
|||||||
// If the duration is 0, the wrapper does nothing.
|
// If the duration is 0, the wrapper does nothing.
|
||||||
func TimeOut(d time.Duration, fn httprouter.Handle) httprouter.Handle {
|
func TimeOut(d time.Duration, fn httprouter.Handle) httprouter.Handle {
|
||||||
if d == 0 {
|
if d == 0 {
|
||||||
fmt.Println("nope timeout")
|
|
||||||
return fn
|
return fn
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -97,7 +96,7 @@ func TimeOut(d time.Duration, fn httprouter.Handle) httprouter.Handle {
|
|||||||
tw.mu.Lock()
|
tw.mu.Lock()
|
||||||
defer tw.mu.Unlock()
|
defer tw.mu.Unlock()
|
||||||
if !tw.wroteHeader {
|
if !tw.wroteHeader {
|
||||||
jsonhttp.RenderError(tw.ResponseWriter, http.StatusServiceUnavailable, ErrHandlerTimeout)
|
httputils.WriteHTTPError(tw.ResponseWriter, http.StatusServiceUnavailable, ErrHandlerTimeout)
|
||||||
}
|
}
|
||||||
tw.timedOut = true
|
tw.timedOut = true
|
||||||
}
|
}
|
||||||
|
@ -55,7 +55,7 @@ type Notifier struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Config represents the configuration of a Notifier.
|
// Config represents the configuration of a Notifier.
|
||||||
// The certificates are optionnals and enables client certificate authentification.
|
// The certificates are optionnal and enable client certificate authentification.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Endpoint string
|
Endpoint string
|
||||||
CertFile, KeyFile, CAFile string
|
CertFile, KeyFile, CAFile string
|
||||||
|
@ -18,9 +18,19 @@ package http
|
|||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"encoding/json"
|
||||||
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/coreos/clair/database"
|
||||||
|
cerrors "github.com/coreos/clair/utils/errors"
|
||||||
|
"github.com/coreos/clair/worker"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// MaxPostSize is the maximum number of bytes that ParseHTTPBody reads from an http.Request.Body.
|
||||||
|
const MaxBodySize int64 = 1048576
|
||||||
|
|
||||||
// LoadTLSClientConfig initializes a *tls.Config using the given certificates and private key, that
|
// LoadTLSClientConfig initializes a *tls.Config using the given certificates and private key, that
|
||||||
// can be used to communicate with a server using client certificate authentificate.
|
// can be used to communicate with a server using client certificate authentificate.
|
||||||
//
|
//
|
||||||
@ -53,3 +63,75 @@ func LoadTLSClientConfig(certFile, keyFile, caFile string) (*tls.Config, error)
|
|||||||
|
|
||||||
return tlsConfig, nil
|
return tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LoadTLSClientConfigForServer initializes a *tls.Config using the given CA, that can be used to
|
||||||
|
// configure http server to do client certificate authentification.
|
||||||
|
//
|
||||||
|
// If no CA is given, a nil *tls.Config is returned: no client certificate will be required and
|
||||||
|
// verified. In other words, authentification will be disabled.
|
||||||
|
func LoadTLSClientConfigForServer(caFile string) (*tls.Config, error) {
|
||||||
|
if len(caFile) == 0 {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
caCert, err := ioutil.ReadFile(caFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
caCertPool := x509.NewCertPool()
|
||||||
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{
|
||||||
|
ClientCAs: caCertPool,
|
||||||
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlsConfig, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// WriteHTTP writes a JSON-encoded object to a http.ResponseWriter, as well as
|
||||||
|
// a HTTP status code.
|
||||||
|
func WriteHTTP(w http.ResponseWriter, httpStatus int, v interface{}) {
|
||||||
|
w.WriteHeader(httpStatus)
|
||||||
|
if v != nil {
|
||||||
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||||
|
result, _ := json.Marshal(v)
|
||||||
|
w.Write(result)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// WriteHTTPError writes an error, wrapped in the Message field of a JSON-encoded
|
||||||
|
// object to a http.ResponseWriter, as well as a HTTP status code.
|
||||||
|
// If the status code is 0, handleError tries to guess the proper HTTP status
|
||||||
|
// code from the error type.
|
||||||
|
func WriteHTTPError(w http.ResponseWriter, httpStatus int, err error) {
|
||||||
|
if httpStatus == 0 {
|
||||||
|
httpStatus = http.StatusInternalServerError
|
||||||
|
// Try to guess the http status code from the error type
|
||||||
|
if _, isBadRequestError := err.(*cerrors.ErrBadRequest); isBadRequestError {
|
||||||
|
httpStatus = http.StatusBadRequest
|
||||||
|
} else {
|
||||||
|
switch err {
|
||||||
|
case cerrors.ErrNotFound:
|
||||||
|
httpStatus = http.StatusNotFound
|
||||||
|
case database.ErrTransaction, database.ErrBackendException:
|
||||||
|
httpStatus = http.StatusServiceUnavailable
|
||||||
|
case worker.ErrParentUnknown, worker.ErrUnsupported:
|
||||||
|
httpStatus = http.StatusBadRequest
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
WriteHTTP(w, httpStatus, struct{ Message string }{Message: err.Error()})
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseHTTPBody reads a JSON-encoded body from a http.Request and unmarshals it
|
||||||
|
// into the provided object.
|
||||||
|
func ParseHTTPBody(r *http.Request, v interface{}) (int, error) {
|
||||||
|
defer r.Body.Close()
|
||||||
|
err := json.NewDecoder(io.LimitReader(r.Body, MaxBodySize)).Decode(v)
|
||||||
|
if err != nil {
|
||||||
|
return http.StatusUnsupportedMediaType, err
|
||||||
|
}
|
||||||
|
return 0, nil
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user