Skip to content

Commit

Permalink
Add block-image-list
Browse files Browse the repository at this point in the history
  • Loading branch information
@wzshiming
wzshiming committed Apr 14, 2024
1 parent a89c2cb commit eea1032
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
7 changes: 7 additions & 0 deletions cmd/crproxy/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"net"
"net/http"
"os"
"slices"

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)

Check failure on line 10 in cmd/crproxy/main.go

View workflow job for this annotation

GitHub Actions / build 

package slices is not in GOROOT (/opt/hostedtoolcache/go/1.19.13/x64/src/slices)
"strings"

"github.com/gorilla/handlers"
Expand All @@ -22,6 +23,7 @@ var (
disableKeepAlives []string
blobsSpeedLimit string
totalBlobsSpeedLimit string
blockImageList []string
)

func init() {
Expand All @@ -30,6 +32,7 @@ func init() {
pflag.StringSliceVar(&disableKeepAlives, "disable-keep-alives", nil, "disable keep alives for the host")
pflag.StringVar(&blobsSpeedLimit, "blobs-speed-limit", "", "blobs speed limit per second (default unlimited)")
pflag.StringVar(&totalBlobsSpeedLimit, "total-blobs-speed-limit", "", "total blobs speed limit per second (default unlimited)")
pflag.StringSliceVar(&blockImageList, "block-image-list", nil, "block image list")
pflag.Parse()
}

Expand Down Expand Up @@ -80,6 +83,10 @@ func main() {
crproxy.WithBaseClient(cli),
crproxy.WithLogger(logger),
crproxy.WithMaxClientSizeForEachRegistry(16),
crproxy.WithBlockFunc(func(info *crproxy.PathInfo) bool {
image := info.Host + "/" + info.Image
return slices.Contains(blockImageList, image)
}),
crproxy.WithDomainAlias(map[string]string{
"docker.io": "registry-1.docker.io",
"ollama.ai": "registry.ollama.ai",
Expand Down
12 changes: 12 additions & 0 deletions crproxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type CRProxy struct {
logger Logger
totalBlobsSpeedLimit *geario.Gear
blobsSpeedLimit *geario.B
blockFunc func(*PathInfo) bool
}

type Option func(c *CRProxy)
Expand Down Expand Up @@ -104,6 +105,12 @@ func WithDisableKeepAlives(disableKeepAlives []string) Option {
}
}

func WithBlockFunc(blockFunc func(info *PathInfo) bool) Option {
return func(c *CRProxy) {
c.blockFunc = blockFunc
}
}

func NewCRProxy(opts ...Option) (*CRProxy, error) {
c := &CRProxy{
challengeManager: challenge.NewSimpleManager(),
Expand Down Expand Up @@ -316,6 +323,11 @@ func (c *CRProxy) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
info = c.modify(info)
}

if c.blockFunc != nil && c.blockFunc(info) {
errcode.ServeJSON(rw, errcode.ErrorCodeDenied)
return
}

path, err := info.Path()
if err != nil {
if c.logger != nil {
Expand Down

0 comments on commit eea1032

Please sign in to comment.