Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-19 13:29:41 +02:00
Code Issues Releases Activity

fix(libclient): option to disable external http request [BE-11696] (#745)

Browse source
This commit is contained in:
Oscar Zhou 2025-05-20 09:41:14 +12:00 committed by GitHub
parent ee65223ee7
commit e243a6bf1c
5 changed files with 51 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/http/handler/motd/motd.go
View file

@ -7,7 +7,9 @@ import (
portainer "github.com/portainer/portainer/api" portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/client" "github.com/portainer/portainer/api/http/client"
"github.com/portainer/portainer/pkg/libcrypto" "github.com/portainer/portainer/pkg/libcrypto"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
"github.com/portainer/portainer/pkg/libhttp/response" "github.com/portainer/portainer/pkg/libhttp/response"
"github.com/rs/zerolog/log"
"github.com/segmentio/encoding/json" "github.com/segmentio/encoding/json"
) )
@ -37,6 +39,12 @@ type motdData struct {
// @success 200 {object} motdResponse // @success 200 {object} motdResponse
// @router /motd [get] // @router /motd [get]
func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) { func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) {
if err := libclient.ExternalRequestDisabled(portainer.MessageOfTheDayURL); err != nil {
log.Debug().Err(err).Msg("External request disabled: MOTD")
response.JSON(w, &motdResponse{Message: ""})
return
}
motd, err := client.Get(portainer.MessageOfTheDayURL, 0) motd, err := client.Get(portainer.MessageOfTheDayURL, 0)
if err != nil { if err != nil {
response.JSON(w, &motdResponse{Message: ""}) response.JSON(w, &motdResponse{Message: ""})

7
api/http/handler/system/version.go
View file

@ -7,6 +7,7 @@ import (
"github.com/portainer/portainer/api/http/client" "github.com/portainer/portainer/api/http/client"
"github.com/portainer/portainer/api/http/security" "github.com/portainer/portainer/api/http/security"
"github.com/portainer/portainer/pkg/build" "github.com/portainer/portainer/pkg/build"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
httperror "github.com/portainer/portainer/pkg/libhttp/error" httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/response" "github.com/portainer/portainer/pkg/libhttp/response"
@ -69,10 +70,14 @@ func (handler *Handler) version(w http.ResponseWriter, r *http.Request) *httperr
} }
func GetLatestVersion() string { func GetLatestVersion() string {
if err := libclient.ExternalRequestDisabled(portainer.VersionCheckURL); err != nil {
log.Debug().Err(err).Msg("External request disabled: Version check")
return ""
}
motd, err := client.Get(portainer.VersionCheckURL, 5) motd, err := client.Get(portainer.VersionCheckURL, 5)
if err != nil { if err != nil {
log.Debug().Err(err).Msg("couldn't fetch latest Portainer release version") log.Debug().Err(err).Msg("couldn't fetch latest Portainer release version")
return "" return ""
} }

11
api/http/handler/templates/utils_fetch_templates.go
View file

@ -4,7 +4,9 @@ import (
"net/http" "net/http"
portainer "github.com/portainer/portainer/api" portainer "github.com/portainer/portainer/api"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
httperror "github.com/portainer/portainer/pkg/libhttp/error" httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/rs/zerolog/log"
"github.com/segmentio/encoding/json" "github.com/segmentio/encoding/json"
) )
@ -24,13 +26,20 @@ func (handler *Handler) fetchTemplates() (*listResponse, *httperror.HandlerError
templatesURL = portainer.DefaultTemplatesURL templatesURL = portainer.DefaultTemplatesURL
} }
var body *listResponse
if err := libclient.ExternalRequestDisabled(templatesURL); err != nil {
if templatesURL == portainer.DefaultTemplatesURL {
log.Debug().Err(err).Msg("External request disabled: Default templates")
return body, nil
}
}
resp, err := http.Get(templatesURL) resp, err := http.Get(templatesURL)
if err != nil { if err != nil {
return nil, httperror.InternalServerError("Unable to retrieve templates via the network", err) return nil, httperror.InternalServerError("Unable to retrieve templates via the network", err)
} }
defer resp.Body.Close() defer resp.Body.Close()
var body *listResponse
err = json.NewDecoder(resp.Body).Decode(&body) err = json.NewDecoder(resp.Body).Decode(&body)
if err != nil { if err != nil {
return nil, httperror.InternalServerError("Unable to parse template file", err) return nil, httperror.InternalServerError("Unable to parse template file", err)

5
api/portainer.go
View file

@ -1692,6 +1692,11 @@ const (
KubectlShellImageEnvVar = "KUBECTL_SHELL_IMAGE" KubectlShellImageEnvVar = "KUBECTL_SHELL_IMAGE"
// PullLimitCheckDisabledEnvVar is the environment variable used to disable the pull limit check // PullLimitCheckDisabledEnvVar is the environment variable used to disable the pull limit check
PullLimitCheckDisabledEnvVar = "PULL_LIMIT_CHECK_DISABLED" PullLimitCheckDisabledEnvVar = "PULL_LIMIT_CHECK_DISABLED"
// LicenseServerBaseURL represents the base URL of the API used to validate
// an extension license.
LicenseServerBaseURL = "https://api.portainer.io"
// URL to validate licenses along with system metadata.
LicenseCheckInURL = LicenseServerBaseURL + "/licenses/checkin"
) )
// List of supported features // List of supported features

22
pkg/libhttp/client/client.go Normal file
View file

@ -0,0 +1,22 @@
package client
import (
"errors"
"github.com/portainer/portainer/pkg/featureflags"
)
var (
ErrExternalRequestsBlocked = errors.New("external requests are blocked by feature flag")
)
// DisableExternalRequest is the feature flag name for blocking outbound requests
const DisableExternalRequests = "disable-external-requests"
func ExternalRequestDisabled(url string) error {
if featureflags.IsEnabled(DisableExternalRequests) {
return ErrExternalRequestsBlocked
}
return nil
}