新增拉取功能 #52

2025-08-01T09:34:25+08:00

taozhioooo commented

2025-08-01 09:34:25 +08:00

(Migrated from github.com)

在原有镜像搜索拉取镜像命令下方新增使用代理拉取镜像并tag回源镜像再untag代理镜像。实现效果如下

Summary by CodeRabbit

New Features
- Added a new Docker pull command option that uses the current page's host as a proxy domain prefix.
- Both the original and proxy pull commands are now displayed with copy buttons for convenience.

在原有镜像搜索拉取镜像命令下方新增使用代理拉取镜像并tag回源镜像再untag代理镜像。实现效果如下 <img width="1305" height="859" alt="eie31lf1 2pw" src="https://github.com/user-attachments/assets/1278f929-a3cb-45d6-99b9-1a80b04fb963" />  ## Summary by CodeRabbit * **New Features** * Added a new Docker pull command option that uses the current page's host as a proxy domain prefix. * Both the original and proxy pull commands are now displayed with copy buttons for convenience.

coderabbitai[bot] commented

2025-08-01 09:34:30 +08:00

(Migrated from github.com)

Walkthrough

A new Docker pull command variant has been added to the tag UI in search.html, which uses the current page's host as a proxy domain prefix. This is implemented within the renderTagsBatch function, displaying both the original and proxy pull commands with copy buttons. No other logic or control flow is modified.

Changes

Cohort / File(s)	Change Summary
Tag UI Docker Proxy Command `src/public/search.html`	Enhanced `renderTagsBatch` to generate and display a proxy-prefixed Docker pull command using the page host, with UI updates for copy functionality.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

Poem

🐇
A proxy hop for Docker tags,
Now shown with pride and clever flags.
Two commands, both clear and neat,
With copy buttons—oh, what a treat!
From host to repo, the journey's made,
In HTML, this change is laid.

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

## Walkthrough A new Docker pull command variant has been added to the tag UI in `search.html`, which uses the current page's host as a proxy domain prefix. This is implemented within the `renderTagsBatch` function, displaying both the original and proxy pull commands with copy buttons. No other logic or control flow is modified. ## Changes | Cohort / File(s) | Change Summary | |------------------------------------------------|--------------------------------------------------------------------------------------------------------------| | **Tag UI Docker Proxy Command**<br>`src/public/search.html` | Enhanced `renderTagsBatch` to generate and display a proxy-prefixed Docker pull command using the page host, with UI updates for copy functionality. | ## Estimated code review effort 🎯 2 (Simple) | ⏱️ ~7 minutes ## Poem > 🐇 > A proxy hop for Docker tags, > Now shown with pride and clever flags. > Two commands, both clear and neat, > With copy buttons—oh, what a treat! > From host to repo, the journey's made, > In HTML, this change is laid. >   > [!NOTE] > <details open="true"> > <summary>⚡️ Unit Test Generation is now available in beta!</summary> > > Learn more [here](https://docs.coderabbit.ai/finishing-touches/unit-test-generation), or try it out under "Finishing Touches" below. > > </details>      <details> <summary>✨ Finishing Touches</summary> <details> <summary>🧪 Generate unit tests</summary> - [ ]  Create PR with unit tests - [ ]  Post copyable unit tests in a comment </details> </details>   --- Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. <details> <summary>❤️ Share</summary> - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code) </details> <details> <summary>🪧 Tips</summary> ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=sky22333/hubproxy&utm_content=52): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit <commit_id>, please review it.` - `Explain this complex logic.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai explain this code block.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and explain its main purpose.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` ### Support Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR. - `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR. - `@coderabbitai generate unit tests` to generate unit tests for this PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements. </details>

coderabbitai[bot] (Migrated from github.com) reviewed 2025-08-01 09:36:19 +08:00

coderabbitai[bot] (Migrated from github.com) left a comment

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/public/search.html (1)
1356-1360: Sanitize proxyDomain once, outside the hot path.

const proxyDomain = window.location.host; is evaluated for every call to renderTagsBatch (which can be invoked repeatedly while scrolling a large tag list).
Move it to a module-level constant (e.g. directly below formatUtils) to avoid redundant look-ups and tiny GC churn.
-function renderTagsBatch(tags, fullRepoName, container, replaceContent = false) {
-    const proxyDomain = window.location.host;
+const proxyDomain = window.location.host;   // evaluate once
+
+function renderTagsBatch(tags, fullRepoName, container, replaceContent = false) {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a0df3b1a54 and 4317022545.

📒 Files selected for processing (1)

src/public/search.html (4 hunks)

**Actionable comments posted: 2** <details> <summary>🧹 Nitpick comments (1)</summary><blockquote> <details> <summary>src/public/search.html (1)</summary><blockquote> `1356-1360`: **Sanitize `proxyDomain` once, outside the hot path.** `const proxyDomain = window.location.host;` is evaluated for every call to `renderTagsBatch` (which can be invoked repeatedly while scrolling a large tag list). Move it to a module-level constant (e.g. directly below `formatUtils`) to avoid redundant look-ups and tiny GC churn. ```diff -function renderTagsBatch(tags, fullRepoName, container, replaceContent = false) { - const proxyDomain = window.location.host; +const proxyDomain = window.location.host; // evaluate once + +function renderTagsBatch(tags, fullRepoName, container, replaceContent = false) { ``` </blockquote></details> </blockquote></details> <details> <summary>📜 Review details</summary> **Configuration used: CodeRabbit UI** **Review profile: CHILL** **Plan: Pro** <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between a0df3b1a54fa79f1eda84d30599b906f29be4542 and 431702254588f307b4e459aedcb955e46923c703. </details> <details> <summary>📒 Files selected for processing (1)</summary> * `src/public/search.html` (4 hunks) </details> </details>

src/public/search.html

coderabbitai[bot] (Migrated from github.com) commented

2025-08-01 09:36:18 +08:00

🛠️ Refactor suggestion

⚠️ Potential issue

Quote & escape user-controlled values to prevent malformed shell commands / XSS.

tag.name and fullRepoName originate from an external API and are injected verbatim into the shell command & HTML.
If either contains whitespace, quotes, $, back-ticks, or HTML metacharacters the rendered command breaks and, worse, enables HTML/JS injection because the string is later embedded into an inline onclick.

-const proxyCommand = `docker pull ${proxyDomain}/${fullRepoName}:${tag.name} && docker tag ${proxyDomain}/${fullRepoName}:${tag.name} ${fullRepoName}:${tag.name} && docker rmi ${proxyDomain}/${fullRepoName}:${tag.name}`;
+// Defensive escaping for shell & HTML ‑ wrap the reference in double-quotes and
+// encode double-quotes/back-slashes to prevent both shell-splitting and HTML injection.
+const safeTag   = tag.name.replace(/(["\\$`])/g, '\\$1');
+const safeRepo  = fullRepoName.replace(/(["\\$`])/g, '\\$1');
+const proxyCommand = [
+  `docker pull "${proxyDomain}/${safeRepo}:${safeTag}"`,
+  `docker tag "${proxyDomain}/${safeRepo}:${safeTag}" "${safeRepo}:${safeTag}"`,
+  `docker rmi "${proxyDomain}/${safeRepo}:${safeTag}"`
+].join(' && ');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

                // Defensive escaping for shell & HTML – wrap the reference in double-quotes and
                // encode double-quotes/back-slashes/$/` to prevent both shell-splitting and HTML/JS injection.
                const safeTag  = tag.name.replace(/(["\\$`])/g, '\\$1');
                const safeRepo = fullRepoName.replace(/(["\\$`])/g, '\\$1');
                const proxyCommand = [
                  `docker pull "${proxyDomain}/${safeRepo}:${safeTag}"`,
                  `docker tag "${proxyDomain}/${safeRepo}:${safeTag}" "${safeRepo}:${safeTag}"`,
                  `docker rmi "${proxyDomain}/${safeRepo}:${safeTag}"`
                ].join(' && ');

🤖 Prompt for AI Agents

In src/public/search.html around lines 1368 to 1370, the variables tag.name and
fullRepoName are directly injected into a shell command string without escaping,
which risks malformed commands and XSS vulnerabilities. To fix this, properly
escape or quote these user-controlled values before embedding them in the shell
command and HTML, ensuring special characters like whitespace, quotes, dollar
signs, backticks, and HTML metacharacters are safely handled to prevent
injection attacks.

_🛠️ Refactor suggestion_ _⚠️ Potential issue_ **Quote & escape user-controlled values to prevent malformed shell commands / XSS.** `tag.name` and `fullRepoName` originate from an external API and are injected verbatim into the shell command & HTML. If either contains whitespace, quotes, `$`, back-ticks, or HTML metacharacters the rendered command breaks and, worse, enables HTML/JS injection because the string is later embedded into an inline `onclick`. ```diff -const proxyCommand = `docker pull ${proxyDomain}/${fullRepoName}:${tag.name} && docker tag ${proxyDomain}/${fullRepoName}:${tag.name} ${fullRepoName}:${tag.name} && docker rmi ${proxyDomain}/${fullRepoName}:${tag.name}`; +// Defensive escaping for shell & HTML ‑ wrap the reference in double-quotes and +// encode double-quotes/back-slashes to prevent both shell-splitting and HTML injection. +const safeTag = tag.name.replace(/(["\\$`])/g, '\\$1'); +const safeRepo = fullRepoName.replace(/(["\\$`])/g, '\\$1'); +const proxyCommand = [ + `docker pull "${proxyDomain}/${safeRepo}:${safeTag}"`, + `docker tag "${proxyDomain}/${safeRepo}:${safeTag}" "${safeRepo}:${safeTag}"`, + `docker rmi "${proxyDomain}/${safeRepo}:${safeTag}"` +].join(' && '); ```  <details> <summary>📝 Committable suggestion</summary> > ‼️ **IMPORTANT** > Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements. ```suggestion // Defensive escaping for shell & HTML – wrap the reference in double-quotes and // encode double-quotes/back-slashes/$/` to prevent both shell-splitting and HTML/JS injection. const safeTag = tag.name.replace(/(["\\$`])/g, '\\$1'); const safeRepo = fullRepoName.replace(/(["\\$`])/g, '\\$1'); const proxyCommand = [ `docker pull "${proxyDomain}/${safeRepo}:${safeTag}"`, `docker tag "${proxyDomain}/${safeRepo}:${safeTag}" "${safeRepo}:${safeTag}"`, `docker rmi "${proxyDomain}/${safeRepo}:${safeTag}"` ].join(' && '); ``` </details>  <details> <summary>🤖 Prompt for AI Agents</summary> ``` In src/public/search.html around lines 1368 to 1370, the variables tag.name and fullRepoName are directly injected into a shell command string without escaping, which risks malformed commands and XSS vulnerabilities. To fix this, properly escape or quote these user-controlled values before embedding them in the shell command and HTML, ensuring special characters like whitespace, quotes, dollar signs, backticks, and HTML metacharacters are safely handled to prevent injection attacks. ``` </details>

src/public/search.html

coderabbitai[bot] (Migrated from github.com) commented

2025-08-01 09:36:18 +08:00

🛠️ Refactor suggestion

Replace inline onclick handlers with delegated listeners to avoid attribute-level injection.

Keeping large command strings inside HTML attributes:

<button onclick="copyToClipboard('…')">

is brittle (needs manual escaping) and violates separation-of-concerns.
Prefer a data attribute plus a delegated listener:

-<button class="copy-button" onclick="copyToClipboard('${proxyCommand.replace(/'/g, '\\\'')}')">复制</button>
+<button class="copy-button" data-copy="${proxyCommand}">复制</button>

Then, once in your <script>:

document.addEventListener('click', e => {
  const btn = e.target.closest('.copy-button');
  if (btn && btn.dataset.copy) {
    copyToClipboard(btn.dataset.copy);
  }
});

This eliminates the need for manual escaping and blocks a common XSS vector.

🤖 Prompt for AI Agents

In src/public/search.html around lines 1386 to 1389, replace the inline onclick
attribute on the copy button with a data attribute to hold the command string.
Remove the onclick handler from the button element and add a data-copy attribute
containing the command. Then, in the script section, add a delegated event
listener on the document that listens for clicks on elements with the
copy-button class and calls copyToClipboard with the value from the data-copy
attribute. This avoids manual escaping and improves security by preventing
attribute-level injection.

_🛠️ Refactor suggestion_ **Replace inline `onclick` handlers with delegated listeners to avoid attribute-level injection.** Keeping large command strings inside HTML attributes: ```html <button onclick="copyToClipboard('…')"> ``` is brittle (needs manual escaping) and violates separation-of-concerns. Prefer a data attribute plus a delegated listener: ```diff -<button class="copy-button" onclick="copyToClipboard('${proxyCommand.replace(/'/g, '\\\'')}')">复制</button> +<button class="copy-button" data-copy="${proxyCommand}">复制</button> ``` Then, once in your `<script>`: ```javascript document.addEventListener('click', e => { const btn = e.target.closest('.copy-button'); if (btn && btn.dataset.copy) { copyToClipboard(btn.dataset.copy); } }); ``` This eliminates the need for manual escaping and blocks a common XSS vector. <details> <summary>🤖 Prompt for AI Agents</summary> ``` In src/public/search.html around lines 1386 to 1389, replace the inline onclick attribute on the copy button with a data attribute to hold the command string. Remove the onclick handler from the button element and add a data-copy attribute containing the command. Then, in the script section, add a delegated event listener on the document that listens for clicks on elements with the copy-button class and calls copyToClipboard with the value from the data-copy attribute. This avoids manual escaping and improves security by preventing attribute-level injection. ``` </details>

sky22333 commented

2025-08-01 12:16:41 +08:00

(Migrated from github.com)

感谢PR，不过这个只是找镜像，没必要弄这么细，新增一个使用代理拉取镜像的命令就够了

taozhioooo commented

2025-08-01 12:29:23 +08:00

(Migrated from github.com)

感谢PR，不过这个只是为了找镜像的，没必要弄这么细，新增一个使用代理拉取镜像的命令就够了

这是我的首次提交PR，也不清楚是否有什么规则上的问题。因为新增的这个功能对我来说是很方便的，内部有一个k8s集群，有时候镜像会被删除需要手动拉取并保持原tag，因此稍微改了一下代码，希望能给其他有童谣需求的人带来方便。

> 感谢PR，不过这个只是为了找镜像的，没必要弄这么细，新增一个使用代理拉取镜像的命令就够了这是我的首次提交PR，也不清楚是否有什么规则上的问题。因为新增的这个功能对我来说是很方便的，内部有一个k8s集群，有时候镜像会被删除需要手动拉取并保持原tag，因此稍微改了一下代码，希望能给其他有童谣需求的人带来方便。

sky22333 commented

2025-08-01 13:07:02 +08:00

(Migrated from github.com)

命令太多页面看着太乱了

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: 3344/hubproxy#52

新增拉取功能 #52

Summary by CodeRabbit

Walkthrough

Changes

Estimated code review effort

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Pull request closed

CodeRabbit Configuration File (`.coderabbit.yaml`)