Fix sign on manifest

DaoCloud · Dec 25, 2024 · 97ca6a8 · 97ca6a8
1 parent ffb8b50
commit 97ca6a8
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 19 deletions.
diff --git a/cache/cache_manifest.go b/cache/cache_manifest.go
@@ -69,7 +69,12 @@ func (c *Cache) GetManifestContent(ctx context.Context, host, image, tagOrBlob s
 		return nil, "", "", err
 	}
 
-	return content, digest, mt.MediaType, nil
+	mediaType := mt.MediaType
+	if mediaType == "" {
+		mediaType = "application/vnd.docker.distribution.manifest.v1+json"
+	}
+
+	return content, digest, mediaType, nil
 }
 
 func manifestRevisionsCachePath(host, image, tagOrBlob string) string {

diff --git a/gateway/gateway.go b/gateway/gateway.go
@@ -39,6 +39,8 @@ type Gateway struct {
 	manifestCacheDuration time.Duration
 	authenticator         *token.Authenticator
 
+	accepts map[string]struct{}
+
 	agent *agent.Agent
 }
 
@@ -89,6 +91,12 @@ func WithCache(cache *cache.Cache) Option {
 func NewGateway(opts ...Option) (*Gateway, error) {
 	c := &Gateway{
 		logger: slog.Default(),
+		accepts: map[string]struct{}{
+			"application/vnd.docker.distribution.manifest.v2+json":      {},
+			"application/vnd.docker.distribution.manifest.list.v2+json": {},
+			"application/vnd.oci.image.manifest.v1+json":                {},
+			"application/vnd.oci.image.index.v1+json":                   {},
+		},
 	}
 
 	for _, opt := range opts {

diff --git a/gateway/manifest.go b/gateway/manifest.go
@@ -20,7 +20,7 @@ func (c *Gateway) cacheManifestResponse(rw http.ResponseWriter, r *http.Request,
 		return
 	}
 
-	reqCtx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	reqCtx, cancel := context.WithTimeout(r.Context(), 60*time.Second)
 	defer cancel()
 
 	u := url.URL{
@@ -34,8 +34,28 @@ func (c *Gateway) cacheManifestResponse(rw http.ResponseWriter, r *http.Request,
 		errcode.ServeJSON(rw, errcode.ErrorCodeUnknown)
 		return
 	}
-	r.Header = map[string][]string{
-		"Accept": {"application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"},
+
+	if forwardReq.Header == nil {
+		forwardReq.Header = map[string][]string{}
+	}
+
+	if info.IsDigestManifests {
+		forwardReq.Header.Set("Accept", r.Header.Get("Accept"))
+	} else {
+		list := strings.Split(r.Header.Get("Accept"), ",")
+		acceptItems := []string{}
+		for _, item := range list {
+			item = strings.TrimSpace(item)
+			_, ok := c.accepts[item]
+			if ok {
+				acceptItems = append(acceptItems, item)
+			}
+		}
+		if len(acceptItems) != 0 {
+			forwardReq.Header.Set("Accept", strings.Join(acceptItems, ","))
+		} else {
+			forwardReq.Header.Set("Accept", r.Header.Get("Accept"))
+		}
 	}
 
 	resp, err := c.httpClient.Do(forwardReq)
@@ -115,9 +135,7 @@ func (c *Gateway) cacheManifestResponse(rw http.ResponseWriter, r *http.Request,
 }
 
 func (c *Gateway) tryFirstServeCachedManifest(rw http.ResponseWriter, r *http.Request, info *PathInfo) bool {
-	isHash := strings.HasPrefix(info.Manifests, "sha256:")
-
-	if !isHash && c.manifestCacheDuration > 0 {
+	if !info.IsDigestManifests && c.manifestCacheDuration > 0 {
 		last, ok := c.manifestCache.Load(manifestCacheKey(info))
 		if !ok {
 			return false
@@ -132,8 +150,7 @@ func (c *Gateway) tryFirstServeCachedManifest(rw http.ResponseWriter, r *http.Re
 }
 
 func (c *Gateway) fallbackServeCachedManifest(rw http.ResponseWriter, r *http.Request, info *PathInfo) bool {
-	isHash := strings.HasPrefix(info.Manifests, "sha256:")
-	if isHash {
+	if info.IsDigestManifests {
 		return false
 	}
 
@@ -157,22 +174,22 @@ func (c *Gateway) serveCachedManifest(rw http.ResponseWriter, r *http.Request, i
 		rw.Write(content)
 	}
 
-	if c.manifestCacheDuration > 0 {
+	if c.manifestCacheDuration > 0 && !info.IsDigestManifests {
 		c.manifestCache.Store(manifestCacheKey(info), time.Now())
 	}
 	return true
 }
 
 type cacheKey struct {
-	Host   string
-	Image  string
-	Digest string
+	Host  string
+	Image string
+	Tag   string
 }
 
 func manifestCacheKey(info *PathInfo) cacheKey {
 	return cacheKey{
-		Host:   info.Host,
-		Image:  info.Image,
-		Digest: info.Manifests,
+		Host:  info.Host,
+		Image: info.Image,
+		Tag:   info.Manifests,
 	}
 }
diff --git a/gateway/utils.go b/gateway/utils.go
@@ -26,9 +26,10 @@ type PathInfo struct {
 	Host  string
 	Image string
 
-	TagsList  bool
-	Manifests string
-	Blobs     string
+	TagsList          bool
+	Manifests         string
+	IsDigestManifests bool
+	Blobs             string
 }
 
 func (p PathInfo) Path() (string, error) {
@@ -93,6 +94,7 @@ func parseOriginPathInfo(path string) (*PathInfo, bool) {
 		info.TagsList = tails[len(tails)-1] == "list"
 	case "manifests":
 		info.Manifests = tails[len(tails)-1]
+		info.IsDigestManifests = strings.HasPrefix(info.Manifests, "sha256:")
 	case "blobs":
 		info.Blobs = tails[len(tails)-1]
 		if len(info.Blobs) != 7+64 {