Compare commits

...

2 Commits

Author SHA1 Message Date
Ali 915bec0bd7 chore(release): bump version to 2.30.1 (#748) 2025-05-20 12:59:04 +12:00
Oscar Zhou e243a6bf1c fix(libclient): option to disable external http request [BE-11696] (#745) 2025-05-20 09:41:14 +12:00
8 changed files with 56 additions and 7 deletions
@@ -610,7 +610,7 @@
"RequiredPasswordLength": 12 "RequiredPasswordLength": 12
}, },
"KubeconfigExpiry": "0", "KubeconfigExpiry": "0",
"KubectlShellImage": "portainer/kubectl-shell:2.30.0", "KubectlShellImage": "portainer/kubectl-shell:2.30.1",
"LDAPSettings": { "LDAPSettings": {
"AnonymousMode": true, "AnonymousMode": true,
"AutoCreateUsers": true, "AutoCreateUsers": true,
@@ -943,7 +943,7 @@
} }
], ],
"version": { "version": {
"VERSION": "{\"SchemaVersion\":\"2.30.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}" "VERSION": "{\"SchemaVersion\":\"2.30.1\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
}, },
"webhooks": null "webhooks": null
} }
+1 -1
View File
@@ -81,7 +81,7 @@ type Handler struct {
} }
// @title PortainerCE API // @title PortainerCE API
// @version 2.30.0 // @version 2.30.1
// @description.markdown api-description.md // @description.markdown api-description.md
// @termsOfService // @termsOfService
+8
View File
@@ -7,7 +7,9 @@ import (
portainer "github.com/portainer/portainer/api" portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/client" "github.com/portainer/portainer/api/http/client"
"github.com/portainer/portainer/pkg/libcrypto" "github.com/portainer/portainer/pkg/libcrypto"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
"github.com/portainer/portainer/pkg/libhttp/response" "github.com/portainer/portainer/pkg/libhttp/response"
"github.com/rs/zerolog/log"
"github.com/segmentio/encoding/json" "github.com/segmentio/encoding/json"
) )
@@ -37,6 +39,12 @@ type motdData struct {
// @success 200 {object} motdResponse // @success 200 {object} motdResponse
// @router /motd [get] // @router /motd [get]
func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) { func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) {
if err := libclient.ExternalRequestDisabled(portainer.MessageOfTheDayURL); err != nil {
log.Debug().Err(err).Msg("External request disabled: MOTD")
response.JSON(w, &motdResponse{Message: ""})
return
}
motd, err := client.Get(portainer.MessageOfTheDayURL, 0) motd, err := client.Get(portainer.MessageOfTheDayURL, 0)
if err != nil { if err != nil {
response.JSON(w, &motdResponse{Message: ""}) response.JSON(w, &motdResponse{Message: ""})
+6 -1
View File
@@ -7,6 +7,7 @@ import (
"github.com/portainer/portainer/api/http/client" "github.com/portainer/portainer/api/http/client"
"github.com/portainer/portainer/api/http/security" "github.com/portainer/portainer/api/http/security"
"github.com/portainer/portainer/pkg/build" "github.com/portainer/portainer/pkg/build"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
httperror "github.com/portainer/portainer/pkg/libhttp/error" httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/response" "github.com/portainer/portainer/pkg/libhttp/response"
@@ -69,10 +70,14 @@ func (handler *Handler) version(w http.ResponseWriter, r *http.Request) *httperr
} }
func GetLatestVersion() string { func GetLatestVersion() string {
if err := libclient.ExternalRequestDisabled(portainer.VersionCheckURL); err != nil {
log.Debug().Err(err).Msg("External request disabled: Version check")
return ""
}
motd, err := client.Get(portainer.VersionCheckURL, 5) motd, err := client.Get(portainer.VersionCheckURL, 5)
if err != nil { if err != nil {
log.Debug().Err(err).Msg("couldn't fetch latest Portainer release version") log.Debug().Err(err).Msg("couldn't fetch latest Portainer release version")
return "" return ""
} }
@@ -4,7 +4,9 @@ import (
"net/http" "net/http"
portainer "github.com/portainer/portainer/api" portainer "github.com/portainer/portainer/api"
libclient "github.com/portainer/portainer/pkg/libhttp/client"
httperror "github.com/portainer/portainer/pkg/libhttp/error" httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/rs/zerolog/log"
"github.com/segmentio/encoding/json" "github.com/segmentio/encoding/json"
) )
@@ -24,13 +26,20 @@ func (handler *Handler) fetchTemplates() (*listResponse, *httperror.HandlerError
templatesURL = portainer.DefaultTemplatesURL templatesURL = portainer.DefaultTemplatesURL
} }
var body *listResponse
if err := libclient.ExternalRequestDisabled(templatesURL); err != nil {
if templatesURL == portainer.DefaultTemplatesURL {
log.Debug().Err(err).Msg("External request disabled: Default templates")
return body, nil
}
}
resp, err := http.Get(templatesURL) resp, err := http.Get(templatesURL)
if err != nil { if err != nil {
return nil, httperror.InternalServerError("Unable to retrieve templates via the network", err) return nil, httperror.InternalServerError("Unable to retrieve templates via the network", err)
} }
defer resp.Body.Close() defer resp.Body.Close()
var body *listResponse
err = json.NewDecoder(resp.Body).Decode(&body) err = json.NewDecoder(resp.Body).Decode(&body)
if err != nil { if err != nil {
return nil, httperror.InternalServerError("Unable to parse template file", err) return nil, httperror.InternalServerError("Unable to parse template file", err)
+6 -1
View File
@@ -1638,7 +1638,7 @@ type (
const ( const (
// APIVersion is the version number of the Portainer API // APIVersion is the version number of the Portainer API
APIVersion = "2.30.0" APIVersion = "2.30.1"
// Support annotation for the API version ("STS" for Short-Term Support or "LTS" for Long-Term Support) // Support annotation for the API version ("STS" for Short-Term Support or "LTS" for Long-Term Support)
APIVersionSupport = "STS" APIVersionSupport = "STS"
// Edition is what this edition of Portainer is called // Edition is what this edition of Portainer is called
@@ -1692,6 +1692,11 @@ const (
KubectlShellImageEnvVar = "KUBECTL_SHELL_IMAGE" KubectlShellImageEnvVar = "KUBECTL_SHELL_IMAGE"
// PullLimitCheckDisabledEnvVar is the environment variable used to disable the pull limit check // PullLimitCheckDisabledEnvVar is the environment variable used to disable the pull limit check
PullLimitCheckDisabledEnvVar = "PULL_LIMIT_CHECK_DISABLED" PullLimitCheckDisabledEnvVar = "PULL_LIMIT_CHECK_DISABLED"
// LicenseServerBaseURL represents the base URL of the API used to validate
// an extension license.
LicenseServerBaseURL = "https://api.portainer.io"
// URL to validate licenses along with system metadata.
LicenseCheckInURL = LicenseServerBaseURL + "/licenses/checkin"
) )
// List of supported features // List of supported features
+1 -1
View File
@@ -2,7 +2,7 @@
"author": "Portainer.io", "author": "Portainer.io",
"name": "portainer", "name": "portainer",
"homepage": "http://portainer.io", "homepage": "http://portainer.io",
"version": "2.30.0", "version": "2.30.1",
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git@github.com:portainer/portainer.git" "url": "git@github.com:portainer/portainer.git"
+22
View File
@@ -0,0 +1,22 @@
package client
import (
"errors"
"github.com/portainer/portainer/pkg/featureflags"
)
var (
ErrExternalRequestsBlocked = errors.New("external requests are blocked by feature flag")
)
// DisableExternalRequest is the feature flag name for blocking outbound requests
const DisableExternalRequests = "disable-external-requests"
func ExternalRequestDisabled(url string) error {
if featureflags.IsEnabled(DisableExternalRequests) {
return ErrExternalRequestsBlocked
}
return nil
}