3344/hubproxy
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 12 Wiki Activity

Fix access control check for repository name #90

Closed
s0urcelab wants to merge 1 commits from patch-1 into main
pull from: patch-1
merge into: 3344:main
Conversation 5 Commits 1 Files Changed 1 +1 -1
s0urcelab commented 2025-12-29 11:48:08 +08:00 (Migrated from github.com)
Copy Link

should fix #89

前缀匹配应该对比仓库名称(reponame)而不是完整名称(fullname)

should fix #89 前缀匹配应该对比仓库名称(reponame)而不是完整名称(fullname)
coderabbitai[bot] commented 2025-12-29 11:48:17 +08:00 (Migrated from github.com)
Copy Link
📝 Walkthrough

Walkthrough

The checkList function in access control logic has been updated to fix wildcard prefix matching. When a list item ends with "*", the function now compares only the repository name against the prefix, rather than the full "username/repo" string.

Changes

Cohort / File(s) Summary
Wildcard prefix matching fix
src/utils/access_control.go		 Modified wildcard comparison in checkList to match against repository name only instead of full repository string (username/repo), narrowing the scope of prefix matching.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A wildcard once danced with confusion,
Matching repos through a foggy delusion,
But now with a snip of the username away,
The prefix finds home—no longer astray!

Pre-merge checks and finishing touches

Passed checks (5 passed)
Check name Status Explanation
Description Check Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check Passed The title clearly and specifically describes the main change: fixing the access control check for repository name pattern matching.
Linked Issues check Passed The change directly addresses issue #89 by fixing wildcard pattern matching to compare only the repository name instead of the full username/repo string.
Out of Scope Changes check Passed All changes are focused on fixing the repository pattern matching logic in the access control check, directly addressing the linked issue.
Docstring Coverage Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

<!-- This is an auto-generated comment: summarize by coderabbit.ai --> <!-- walkthrough_start --> <details> <summary>📝 Walkthrough</summary> ## Walkthrough The `checkList` function in access control logic has been updated to fix wildcard prefix matching. When a list item ends with "*", the function now compares only the repository name against the prefix, rather than the full "username/repo" string. ## Changes | Cohort / File(s) | Summary | |---|---| | **Wildcard prefix matching fix** <br> `src/utils/access_control.go` | Modified wildcard comparison in `checkList` to match against repository name only instead of full repository string (username/repo), narrowing the scope of prefix matching. | ## Estimated code review effort 🎯 2 (Simple) | ⏱️ ~10 minutes ## Poem > 🐰 A wildcard once danced with confusion, > Matching repos through a foggy delusion, > But now with a snip of the username away, > The prefix finds home—no longer astray! ✨ </details> <!-- walkthrough_end --> <!-- pre_merge_checks_walkthrough_start --> ## Pre-merge checks and finishing touches <details> <summary>✅ Passed checks (5 passed)</summary> | Check name | Status | Explanation | | :------------------------: | :------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | | Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled. | | Title check | ✅ Passed | The title clearly and specifically describes the main change: fixing the access control check for repository name pattern matching. | | Linked Issues check | ✅ Passed | The change directly addresses issue #89 by fixing wildcard pattern matching to compare only the repository name instead of the full username/repo string. | | Out of Scope Changes check | ✅ Passed | All changes are focused on fixing the repository pattern matching logic in the access control check, directly addressing the linked issue. | | Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. | </details> <!-- pre_merge_checks_walkthrough_end --> <!-- finishing_touch_checkbox_start --> <details> <summary>✨ Finishing touches</summary> - [ ] <!-- {"checkboxId": "7962f53c-55bc-4827-bfbf-6a18da830691"} --> 📝 Generate docstrings <details> <summary>🧪 Generate unit tests (beta)</summary> - [ ] <!-- {"checkboxId": "f47ac10b-58cc-4372-a567-0e02b2c3d479", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} --> Create PR with unit tests - [ ] <!-- {"checkboxId": "07f1e7d6-8a8e-4e23-9900-8731c2c87f58", "radioGroupId": "utg-output-choice-group-unknown_comment_id"} --> Post copyable unit tests in a comment </details> </details> <!-- finishing_touch_checkbox_end --> <!-- tips_start --> --- Thanks for using [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=sky22333/hubproxy&utm_content=90)! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. <details> <summary>❤️ Share</summary> - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code) </details> <sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub> <!-- tips_end --> <!-- internal state start --> <!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKPR1AGxJcAYvAAe6AwM0shMGLgU+B6MsKIA1pAAZvh8FCTc+IjqqfIYaGyQkAYAco4ClFwAnAAMRQYAqjYAMlywuLjciBwA9D1E6rDYAhpMzD2I8bIATNMAzAs9QwK8+P6yPdzYHh49tfUAgniwqVyINdgUIR4q9QDK+JchkAJUGAywXNzUH2AAjJBAEmEMGcpFwLzeHy4zG0WGKd1w1Gw3X43DI9QAwulqHR0JxINMatMAKz/aZgaZVaA1OYcAAsAA4ODUGQAtIwAEWkDAo8G44nwGC4cBIsUwpBQyHgETISnoBGSAUlDlFZgZVQ0kBK+GSl1wcT4SkR8A8yAA7pRRasJPA5SgsPrRbZIEpEDy+QKMBpzJYAPLCUTiKTIJJRZiQDzS+K4pAqxBGACSiBVkDVVUg6UyFFwyDQkAA4uoABLDHjUGgUDBgGG4D7SogvbANs0G0WZrI5FxljqUDDIZH19A8dJJJVmwZD8ceWgMZz0AAUJA0RA0ABpIAAiXgkUf+ABUG4AlMltDEFTWPhmMh2CLzpJB9dRILA0FIH3F7GiGPBR7jt7vNRFZVsFFaUGA8bBXXsHkSDIRAThzF0SGYQVEEiahB0dSBmCQC84lzDB5Q/QREEoKR6AqF8bVSQDiIDMRJFA5AFSYCh0jEd8rXLXtsJ+BAMAbRAdUfcF22yW88gKe9x31TjIAGKQsH/JVnFFVj2NwDx5HY/AiAweAAC9cUweg8NxOQ5LQYJQgUCIol2ChtlFDxdPgBhvQMfRjHAKBZX4JIcAIYgyGUGh6DGNgIi+PhBBEBjgxeeQmCUKhVHULQdC8kwoDgVBUEwQLCFIcgqDChRWHYLgqDNexHBhLsLOS5Q0s0bRdDAQxvNMAxECuHo8BNRAeiskJkwAfXCSJomXfAOAMDcFoMCxIAOBNgpKnF6AcJwu3wAKPnFaQjCgBMsA+BJmiQXB1xbdE80jNCUBocNZXNCc8ynGc503A91yw5TAnOhhEm3ajkS08rvnSIjRSSbYYjEzt5DQ3kBMgedkV7KSenbY8ZNgOSAc1BNwQwfAarGKH70FCGsMRiTIHyQp53bEopLxid/pHAJaNQfI2PJ5iP0+2cKFMvjMOEj96dyMts3XeA9NSTCP0xyspPtOS8KQ79skFTVtX4R0+BcgYGH4PhJvs5IXIpl8BOkDzjq1HUDod5idRIfwszCzZhkjc2lHA5wMNQ9GyfsRX8lwS57zQWg5Rx5D8HInoUNoH94DoQ8PIAUTQ+Aa1xJqrxtEgap3FJsy4ABZOh4EcebFs8jqut8wj/MK9bQuLlhIvxarap2+RGsUZq1FazLW+y8qcNwMbbUQMb0jLi1aDGtDnHBLyDBngA2NA/gT2gGWmPe/jpNAkkZJJploP4BDmPeBDQZ+qj3qpphIAB2Ok9+/uYNRiQP3ap1GeEV1AL1oEvFeWc15jT8llHyw4SBjTYBQUgE04jAyXpvbMoCjAAG8DBFA3EgWwAAhFywM6AYj7uwKwWQwobi4EkNApoSCrhIZueCjxpxUPwMDWwLCTwcK4aQpAvopBsVtEoDAIi2FiO4RuDOtAbDYAwByQRCJUZEEQBibB8QRGRBAuIzcqj1EYHcJpEgBiEjGMcpw5RFiNFcjdLyfk8BBR2OBgo9hpEzEbkjBgaMtAkxxh0SIjcAAdDAsTom4ASUkxJKTgDBNCQvZMIE9DxJSck5JFhLBpi4IWXAJYBCAEIrQA8PqAE5lQAsomAExUwA99GACx/lBu49yQEAGR6gBZJUAAD+gAQt0AMtygBkvUgPUwAjJqAFJY+JcS8nzISctaxXhZmlPKdU+pzS2kA06b0wZozxl1OmbM5abj3SeMFLM4Ahdmy2n1AAXmiRuP4fxKRPOfCQRW7RHkbmJHSKo7z2G4B+QmGEpB3m9QYD89onRuh9AGPqYYowWD9VIhQMA5YrKwH7kNNAyYSA5mGmfYkJABC0CqGAJINQqgMDAHSOYSRSTv1oN/MAAhL41FoMSV+s4GBJHeT0HJcSMDXOYLc2gDynl/Gpd/d5cQvnAqeZSAFG50AeEVRuUFaBwWqshdCjoXRej9EGEisYqLKAYo6FinFw18WEvJX/GoFQkhgG/kkW+dKqgJzAAyF+5Jv7EgZGgFQT8GQkEPgKoVsTRXislc8p+NQ5WfKIN8p539piAvVSCsFJAIVXH1bCo1CLljIvGGrS1iIPg2rxaRQlvraBEnZQyMAxIGBnzpXMEgcwMXx1pdMBkDBiRfz3nMNAcw+WRtyfk+ZwAejpLoJklUegNyBJuGhHx8QbDSG2DmERABtbhRRiFFBPZuIG8Q2ZsCiWcjxnpIAbpXYek9G5N4x0QA40xT7SFe24DcaOXj5FcA3Bu+w8Q+RonoFAOhSgbAqAnoATAJkAIBTWALwUgYjbXqvIVAZAVBeFoBoR9p7SHpxIFEs0zh9ICSI8RjcysBj5A8Buy9ZGgOunOZ6DcT6AC+Zij1frPYYljUTllqUMTR09L7ERvo/U44jm4f1/tDoBzcQFxA2MYF4ZwEMTKflEJnWcOx5Dsd5BUIWooYTSjFA7VhAQVaihGjZK20RYgJGSKkK8mRxKyyZlxHslZeK1n4iuCTz7SPkco/WULpCdIYFHEQWOfilHybo7yBj7DmNSSieprwXHT28afce2j57hNAcuiE3E4SQJhHE3x59r7kSybq9+72SnONAaAm7CUGcNI6YTukfFUosmqnVIlRU/hBwi2+t8fzWA8KS0hqpfgGBabS2vN5rsvn7RoXDfQPack4Y7EgGrXzSdMj2EiPWQjzXNzhaAxRysUWbsbli/FxLrD/Fydo/R6UGWhNZaA/OsJw3EAHEG4gfueWT0FdPUVyTJWAebl9HgTudwmBonvfbUgNX7HPYa++rgJivuScU5gZTUSDhHa63HdI7mGCYz21gXc9nPM3lljNisc2JZo1Nm5TWWFHPJlslNGI571w9cDH12gA3shoywkD4CS5ou3bHhFx71HnuvcVu90RASBOpcVr9pj/2r1AceLgX0SQ0f4DRAYw6oPweQ543VuHz6Eem83FohgKNBx0OkdqsjePpONcJ4457pP/2CiiYbOG7xPQhkeB3KzWFqf0FHF4D2kASASHYdgHELpBE+7Rkwf3pBNR3DA9wbgg5aCF8u8XlOygJTnuu/rgb0QBpR6AwATUeIwAqjksAAAMAACTVUoTzasVHuBfvf170UPh8OpC7WlFLXufuiFCl6V89u7m4HtUaIMrg36XjcJFK+Yuvuj308e4QAXVXXi3Atgb0egA1EpIcw/iwXflUBkcwBBqU/g5hZgqgvUBA2EBA/gkgGQGRiQag6Rpg6Q6QYC/lR06Q+VAEkgWVB0ahv4SAag/g0BCCVAx0E4aMgkn9bBRMol2USBL5AEL58Dv4qhGU5Rf5gEGRXk6QahP86QSUBA95n5GU0ASBuVaAMCgCqgu1iQFgGBaAIC/g95gE6Rv4KD18i8iA/cm8SBTpOd2EEQcQRFCFuMDBTDd5kFtw0FKBMFz0l5EEOogA= --> <!-- internal state end -->
coderabbitai[bot] (Migrated from github.com) reviewed 2025-12-29 11:52:54 +08:00
coderabbitai[bot] (Migrated from github.com) left a comment
Copy Link

Actionable comments posted: 0

🧹 Nitpick comments (1)
src/utils/access_control.go (1)

193-198: Fix correctly handles simple wildcard patterns; edge case with slash-containing patterns is valid but appears unused.

The change correctly fixes wildcard patterns like "test*" by comparing against the repository name instead of the full path. Based on the documented examples in config.toml ("baduser/malicious-repo", "/malicious-repo", "baduser/"), this covers the intended use cases.

However, patterns containing a slash (e.g., "user/repo*") would not work as expected:

  • Pattern "user/repo*" → prefix = "user/repo"
  • Check becomes strings.HasPrefix(repoName, "user/repo") where repoName is just "repo"
  • This would never match

No examples in the codebase suggest such patterns are used. The explicit pattern handling for username+"/*" at line 189 already covers the namespace-level blocking case.

If robustness against slash-containing wildcards is desired, consider checking whether the prefix contains "/" and matching against fullRepo in that case.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31f62fde35 and 6a1ddd8261.

📒 Files selected for processing (1)
  • src/utils/access_control.go
**Actionable comments posted: 0** <details> <summary>🧹 Nitpick comments (1)</summary><blockquote> <details> <summary>src/utils/access_control.go (1)</summary><blockquote> `193-198`: **Fix correctly handles simple wildcard patterns; edge case with slash-containing patterns is valid but appears unused.** The change correctly fixes wildcard patterns like "test*" by comparing against the repository name instead of the full path. Based on the documented examples in `config.toml` ("baduser/malicious-repo", "*/malicious-repo", "baduser/*"), this covers the intended use cases. However, patterns containing a slash (e.g., "user/repo*") would not work as expected: - Pattern "user/repo*" → prefix = "user/repo" - Check becomes `strings.HasPrefix(repoName, "user/repo")` where `repoName` is just "repo" - This would never match No examples in the codebase suggest such patterns are used. The explicit pattern handling for `username+"/*"` at line 189 already covers the namespace-level blocking case. If robustness against slash-containing wildcards is desired, consider checking whether the prefix contains "/" and matching against `fullRepo` in that case. </blockquote></details> </blockquote></details> <details> <summary>📜 Review details</summary> **Configuration used**: defaults **Review profile**: CHILL **Plan**: Pro <details> <summary>📥 Commits</summary> Reviewing files that changed from the base of the PR and between 31f62fde352e3ac259225b60aed15fe0627ab07c and 6a1ddd82614af48f2d1b36ba6b9692e74673051b. </details> <details> <summary>📒 Files selected for processing (1)</summary> * `src/utils/access_control.go` </details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
sky22333 commented 2025-12-29 14:17:52 +08:00 (Migrated from github.com)
Copy Link

@s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本

@s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本
s0urcelab commented 2025-12-30 10:23:59 +08:00 (Migrated from github.com)
Copy Link

@s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本

建议修改一下文档里的说明,描述为“用户名匹配”而不是“前缀匹配”比较好

> @s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本 建议修改一下文档里的说明,描述为“用户名匹配”而不是“前缀匹配”比较好
sky22333 commented 2025-12-30 10:33:03 +08:00 (Migrated from github.com)
Copy Link

@s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本

建议修改一下文档里的说明,描述为“用户名匹配”而不是“前缀匹配”比较好

OK,有空我修复一下让用户名也支持通配符

> > @s0urcelab 有些用户需要匹配仓库的用户名,建议fork修改自己的版本 > > 建议修改一下文档里的说明,描述为“用户名匹配”而不是“前缀匹配”比较好 OK,有空我修复一下让用户名也支持通配符

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
coderabbitai[bot]
Labels
Clear labels
bug
Something isn't working
 enhancement
New feature or request
 help wanted
Extra attention is needed
 wontfix
This will not be worked on
 已修复
已支持
已解决
重复问题
需要更多信息
预期行为
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3344
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: 3344/hubproxy#90
Delete Branch "patch-1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?