Skip to content

Commit

Permalink
Detail denied logs
Browse files Browse the repository at this point in the history
  • Loading branch information
@wzshiming
wzshiming committed Sep 11, 2024
1 parent 8848dac commit 27f7c6e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 4 deletions.
3 changes: 3 additions & 0 deletions crproxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -611,6 +611,9 @@ func (c *CRProxy) directResponse(rw http.ResponseWriter, r *http.Request, info *

switch resp.StatusCode {
case http.StatusUnauthorized, http.StatusForbidden:
if c.logger != nil {
c.logger.Println("origin direct response 40x, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
}
errcode.ServeJSON(rw, errcode.ErrorCodeDenied)
return
}
Expand Down
9 changes: 5 additions & 4 deletions crproxy_blob.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,12 @@ func (c *CRProxy) cacheBlobContent(ctx context.Context, r *http.Request, blobPat
resp.Body.Close()
}()

switch resp.StatusCode {
case http.StatusUnauthorized, http.StatusForbidden:
return 0, errcode.ErrorCodeDenied
}

if resp.StatusCode < 200 || resp.StatusCode >= 300 {
switch resp.StatusCode {
case http.StatusUnauthorized, http.StatusForbidden:
return 0, errcode.ErrorCodeDenied
}
return 0, errcode.ErrorCodeUnknown.WithMessage(fmt.Sprintf("Source response code %d", resp.StatusCode))
}

Expand Down
12 changes: 12 additions & 0 deletions crproxy_manifest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,16 +49,28 @@ func (c *CRProxy) cacheManifestResponse(rw http.ResponseWriter, r *http.Request,
switch resp.StatusCode {
case http.StatusUnauthorized, http.StatusForbidden:
if c.cachedManifest(rw, r, info, false) {
if c.logger != nil {
c.logger.Println("origin manifest response 40x, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
}
return
}
if c.logger != nil {
c.logger.Println("origin manifest response 40x", info.Host, info.Image, err, dumpResponse(resp))
}
errcode.ServeJSON(rw, errcode.ErrorCodeDenied)
return
}

if resp.StatusCode >= http.StatusInternalServerError {
if c.cachedManifest(rw, r, info, false) {
if c.logger != nil {
c.logger.Println("origin manifest response 5xx, but hit caches", info.Host, info.Image, err, dumpResponse(resp))
}
return
}
if c.logger != nil {
c.logger.Println("origin manifest response 5xx", info.Host, info.Image, err, dumpResponse(resp))
}
}

resp.Header.Del("Docker-Ratelimit-Source")
Expand Down
7 changes: 7 additions & 0 deletions utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package crproxy

import (
"fmt"
"io"
"net/http"
"strings"
)

Expand Down Expand Up @@ -158,3 +160,8 @@ func isDomainName(s string) bool {

return nonNumeric
}

func dumpResponse(resp *http.Response) string {
body, _ := io.ReadAll(io.LimitReader(resp.Body, 100))
return fmt.Sprintf("%d %d %q", resp.StatusCode, resp.ContentLength, string(body))
}

0 comments on commit 27f7c6e

Please sign in to comment.