add valid for lfs oid (#4461) (#4477)

This commit is contained in:
Lunny Xiao 2018-07-21 00:36:56 +08:00 committed by Lauris BH
parent b37ca4a6ff
commit 88d791013b

View file

@ -85,9 +85,12 @@ type link struct {
var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`) var oidRegExp = regexp.MustCompile(`^[A-Fa-f0-9]+$`)
func isOidValid(oid string) bool {
return oidRegExp.MatchString(oid)
}
// ObjectOidHandler is the main request routing entry point into LFS server functions // ObjectOidHandler is the main request routing entry point into LFS server functions
func ObjectOidHandler(ctx *context.Context) { func ObjectOidHandler(ctx *context.Context) {
if !setting.LFS.StartServer { if !setting.LFS.StartServer {
writeStatus(ctx, 404) writeStatus(ctx, 404)
return return
@ -110,6 +113,11 @@ func ObjectOidHandler(ctx *context.Context) {
} }
func getAuthenticatedRepoAndMeta(ctx *context.Context, rv *RequestVars, requireWrite bool) (*models.LFSMetaObject, *models.Repository) { func getAuthenticatedRepoAndMeta(ctx *context.Context, rv *RequestVars, requireWrite bool) (*models.LFSMetaObject, *models.Repository) {
if !isOidValid(rv.Oid) {
writeStatus(ctx, 404)
return nil, nil
}
repository, err := models.GetRepositoryByOwnerAndName(rv.User, rv.Repo) repository, err := models.GetRepositoryByOwnerAndName(rv.User, rv.Repo)
if err != nil { if err != nil {
log.Debug("Could not find repository: %s/%s - %s", rv.User, rv.Repo, err) log.Debug("Could not find repository: %s/%s - %s", rv.User, rv.Repo, err)
@ -222,7 +230,7 @@ func PostHandler(ctx *context.Context) {
return return
} }
if !oidRegExp.MatchString(rv.Oid) { if !isOidValid(rv.Oid) {
writeStatus(ctx, 404) writeStatus(ctx, 404)
return return
} }
@ -249,7 +257,6 @@ func PostHandler(ctx *context.Context) {
// BatchHandler provides the batch api // BatchHandler provides the batch api
func BatchHandler(ctx *context.Context) { func BatchHandler(ctx *context.Context) {
if !setting.LFS.StartServer { if !setting.LFS.StartServer {
writeStatus(ctx, 404) writeStatus(ctx, 404)
return return
@ -266,6 +273,10 @@ func BatchHandler(ctx *context.Context) {
// Create a response object // Create a response object
for _, object := range bv.Objects { for _, object := range bv.Objects {
if !isOidValid(object.Oid) {
continue
}
repository, err := models.GetRepositoryByOwnerAndName(object.User, object.Repo) repository, err := models.GetRepositoryByOwnerAndName(object.User, object.Repo)
if err != nil { if err != nil {
@ -292,14 +303,12 @@ func BatchHandler(ctx *context.Context) {
continue continue
} }
if oidRegExp.MatchString(object.Oid) {
// Object is not found // Object is not found
meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID}) meta, err = models.NewLFSMetaObject(&models.LFSMetaObject{Oid: object.Oid, Size: object.Size, RepositoryID: repository.ID})
if err == nil { if err == nil {
responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta))) responseObjects = append(responseObjects, Represent(object, meta, meta.Existing, !contentStore.Exists(meta)))
} }
} }
}
ctx.Resp.Header().Set("Content-Type", metaMediaType) ctx.Resp.Header().Set("Content-Type", metaMediaType)