feat(stacks): support compose v2.0 stack (#1963)

2025-08-04 21:35:23 +02:00 · 2018-06-11 15:13:19 +02:00 · 2018-06-11 15:13:19 +02:00 · e3d564325b
commit e3d564325b
parent ef15cd30eb
174 changed files with 7898 additions and 5849 deletions
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@ -85,13 +85,13 @@ func (bouncer *RequestBouncer) mwUpgradeToRestrictedRequest(next http.Handler) h
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		tokenData, err := RetrieveTokenData(r)
 		if err != nil {
-			httperror.WriteErrorResponse(w, portainer.ErrResourceAccessDenied, http.StatusForbidden, nil)
+			httperror.WriteError(w, http.StatusForbidden, "Access denied", portainer.ErrResourceAccessDenied)
 			return
 		}

 		requestContext, err := bouncer.newRestrictedContextRequest(tokenData.ID, tokenData.Role)
 		if err != nil {
-			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, nil)
+			httperror.WriteError(w, http.StatusInternalServerError, "Unable to create restricted request context ", err)
 			return
 		}

@ -105,7 +105,7 @@ func mwCheckAdministratorRole(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		tokenData, err := RetrieveTokenData(r)
 		if err != nil || tokenData.Role != portainer.AdministratorRole {
-			httperror.WriteErrorResponse(w, portainer.ErrResourceAccessDenied, http.StatusForbidden, nil)
+			httperror.WriteError(w, http.StatusForbidden, "Access denied", portainer.ErrResourceAccessDenied)
 			return
 		}

@ -128,23 +128,23 @@ func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Han
 			}

 			if token == "" {
-				httperror.WriteErrorResponse(w, portainer.ErrUnauthorized, http.StatusUnauthorized, nil)
+				httperror.WriteError(w, http.StatusUnauthorized, "Unauthorized", portainer.ErrUnauthorized)
 				return
 			}

 			var err error
 			tokenData, err = bouncer.jwtService.ParseAndVerifyToken(token)
 			if err != nil {
-				httperror.WriteErrorResponse(w, err, http.StatusUnauthorized, nil)
+				httperror.WriteError(w, http.StatusUnauthorized, "Invalid JWT token", err)
 				return
 			}

 			_, err = bouncer.userService.User(tokenData.ID)
 			if err != nil && err == portainer.ErrUserNotFound {
-				httperror.WriteErrorResponse(w, portainer.ErrUnauthorized, http.StatusUnauthorized, nil)
+				httperror.WriteError(w, http.StatusUnauthorized, "Unauthorized", portainer.ErrUnauthorized)
 				return
 			} else if err != nil {
-				httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, nil)
+				httperror.WriteError(w, http.StatusInternalServerError, "Unable to retrieve users from the database", err)
 				return
 			}
 		} else {
--- a/api/http/security/filter.go
+++ b/api/http/security/filter.go
@ -62,8 +62,7 @@ func FilterUsers(users []portainer.User, context *RestrictedRequestContext) []po

 // FilterRegistries filters registries based on user role and team memberships.
 // Non administrator users only have access to authorized registries.
-func FilterRegistries(registries []portainer.Registry, context *RestrictedRequestContext) ([]portainer.Registry, error) {
-
+func FilterRegistries(registries []portainer.Registry, context *RestrictedRequestContext) []portainer.Registry {
 	filteredRegistries := registries
 	if !context.IsAdmin {
 		filteredRegistries = make([]portainer.Registry, 0)
@ -75,12 +74,12 @@ func FilterRegistries(registries []portainer.Registry, context *RestrictedReques
 		}
 	}

-	return filteredRegistries, nil
+	return filteredRegistries
 }

 // FilterEndpoints filters endpoints based on user role and team memberships.
 // Non administrator users only have access to authorized endpoints (can be inherited via endoint groups).
-func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) ([]portainer.Endpoint, error) {
+func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
 	filteredEndpoints := endpoints

 	if !context.IsAdmin {
@ -95,12 +94,12 @@ func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.Endpoint
 		}
 	}

-	return filteredEndpoints, nil
+	return filteredEndpoints
 }

 // FilterEndpointGroups filters endpoint groups based on user role and team memberships.
 // Non administrator users only have access to authorized endpoint groups.
-func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) ([]portainer.EndpointGroup, error) {
+func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
 	filteredEndpointGroups := endpointGroups

 	if !context.IsAdmin {
@ -113,7 +112,7 @@ func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *Res
 		}
 	}

-	return filteredEndpointGroups, nil
+	return filteredEndpointGroups
 }

 func getAssociatedGroup(endpoint *portainer.Endpoint, groups []portainer.EndpointGroup) *portainer.EndpointGroup {
--- a/api/http/security/rate_limiter.go
+++ b/api/http/security/rate_limiter.go
@ -30,7 +30,7 @@ func (limiter *RateLimiter) LimitAccess(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ip := StripAddrPort(r.RemoteAddr)
 		if banned := limiter.Inc(ip); banned == true {
-			httperror.WriteErrorResponse(w, portainer.ErrResourceAccessDenied, http.StatusForbidden, nil)
+			httperror.WriteError(w, http.StatusForbidden, "Access denied", portainer.ErrResourceAccessDenied)
 			return
 		}
 		next.ServeHTTP(w, r)