Beispiel #1
0
// RootHandler returns the handler that routes all the paths from / for the
// server.
func RootHandler(ac auth.AccessController, ctx context.Context, trust signed.CryptoService) http.Handler {
	hand := utils.RootHandlerFactory(ac, ctx, trust)

	r := mux.NewRouter()
	r.Methods("GET").Path("/v2/").Handler(hand(handlers.MainHandler))
	r.Methods("POST").Path("/v2/{imageName:.*}/_trust/tuf/").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("UpdateTuf"),
			hand(handlers.AtomicUpdateHandler, "push", "pull")))
	r.Methods("GET").Path("/v2/{imageName:.*}/_trust/tuf/{tufRole:(root|targets|snapshot)}.json").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetRole"),
			hand(handlers.GetHandler, "pull")))
	r.Methods("GET").Path("/v2/{imageName:.*}/_trust/tuf/timestamp.json").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetTimestamp"),
			hand(handlers.GetTimestampHandler, "pull")))
	r.Methods("GET").Path("/v2/{imageName:.*}/_trust/tuf/timestamp.key").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetTimestampKey"),
			hand(handlers.GetTimestampKeyHandler, "push", "pull")))
	r.Methods("DELETE").Path("/v2/{imageName:.*}/_trust/tuf/").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("DeleteTuf"),
			hand(handlers.DeleteHandler, "push", "pull")))
	r.Methods("GET").Path("/_notary_server/health").Handler(hand(
		func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
			health.StatusHandler(w, r)
			return nil
		}))
	r.Methods("GET").Path("/_notary_server/metrics").Handler(prometheus.Handler())
	r.Methods("GET", "POST", "PUT", "HEAD", "DELETE").Path("/{other:.*}").Handler(hand(utils.NotFoundHandler))

	return r
}
Beispiel #2
0
// RootHandler returns the handler that routes all the paths from / for the
// server.
func RootHandler(ac auth.AccessController, ctx context.Context, trust signed.CryptoService) http.Handler {
	hand := utils.RootHandlerFactory(ac, ctx, trust)

	r := mux.NewRouter()
	r.Methods("GET").Path("/v2/").Handler(hand(handlers.MainHandler))
	r.Methods("POST").Path("/v2/{imageName:.*}/_trust/tuf/").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("UpdateTuf"),
			hand(handlers.AtomicUpdateHandler, "push", "pull")))
	r.Methods("GET").Path("/v2/{imageName:.*}/_trust/tuf/{tufRole:root|targets(?:/[^/\\s]+)*|snapshot|timestamp}.{checksum:[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128}}.json").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetRoleByHash"),
			hand(handlers.GetHandler, "pull")))
	r.Methods("GET").Path("/v2/{imageName:.*}/_trust/tuf/{tufRole:root|targets(?:/[^/\\s]+)*|snapshot|timestamp}.json").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetRole"),
			hand(handlers.GetHandler, "pull")))
	r.Methods("GET").Path(
		"/v2/{imageName:.*}/_trust/tuf/{tufRole:snapshot|timestamp}.key").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("GetKey"),
			hand(handlers.GetKeyHandler, "push", "pull")))
	r.Methods("DELETE").Path("/v2/{imageName:.*}/_trust/tuf/").Handler(
		prometheus.InstrumentHandlerWithOpts(
			prometheusOpts("DeleteTuf"),
			hand(handlers.DeleteHandler, "push", "pull")))

	r.Methods("GET").Path("/_notary_server/health").HandlerFunc(health.StatusHandler)
	r.Methods("GET").Path("/metrics").Handler(prometheus.Handler())
	r.Methods("GET", "POST", "PUT", "HEAD", "DELETE").Path("/{other:.*}").Handler(
		hand(handlers.NotFoundHandler))

	return r
}
Beispiel #3
0
// RootHandler returns the handler that routes all the paths from / for the
// server.
func RootHandler(ctx context.Context, ac auth.AccessController, trust signed.CryptoService,
	consistent, current utils.CacheControlConfig, repoPrefixes []string) http.Handler {

	authWrapper := utils.RootHandlerFactory(ctx, ac, trust)

	createHandler := func(opts _serverEndpoint) http.Handler {
		var wrapped http.Handler
		wrapped = authWrapper(opts.ServerHandler, opts.PermissionsRequired...)
		if opts.IncludeCacheHeaders {
			wrapped = utils.WrapWithCacheHandler(opts.CacheControlConfig, wrapped)
		}
		wrapped = filterImagePrefixes(repoPrefixes, opts.ErrorIfGUNInvalid, wrapped)
		return prometheus.InstrumentHandlerWithOpts(prometheusOpts(opts.OperationName), wrapped)
	}

	invalidGUNErr := errors.ErrInvalidGUN.WithDetail(fmt.Sprintf("Require GUNs with prefix: %v", repoPrefixes))
	notFoundError := errors.ErrMetadataNotFound.WithDetail(nil)

	r := mux.NewRouter()
	r.Methods("GET").Path("/v2/").Handler(authWrapper(handlers.MainHandler))

	r.Methods("POST").Path("/v2/{imageName:[^*]+}/_trust/tuf/").Handler(createHandler(_serverEndpoint{
		OperationName:       "UpdateTUF",
		ErrorIfGUNInvalid:   invalidGUNErr,
		ServerHandler:       handlers.AtomicUpdateHandler,
		PermissionsRequired: []string{"push", "pull"},
	}))
	r.Methods("GET").Path("/v2/{imageName:[^*]+}/_trust/tuf/{tufRole:root|targets(?:/[^/\\s]+)*|snapshot|timestamp}.{checksum:[a-fA-F0-9]{64}|[a-fA-F0-9]{96}|[a-fA-F0-9]{128}}.json").Handler(createHandler(_serverEndpoint{
		OperationName:       "GetRoleByHash",
		ErrorIfGUNInvalid:   notFoundError,
		IncludeCacheHeaders: true,
		CacheControlConfig:  consistent,
		ServerHandler:       handlers.GetHandler,
		PermissionsRequired: []string{"pull"},
	}))
	r.Methods("GET").Path("/v2/{imageName:[^*]+}/_trust/tuf/{tufRole:root|targets(?:/[^/\\s]+)*|snapshot|timestamp}.json").Handler(createHandler(_serverEndpoint{
		OperationName:       "GetRole",
		ErrorIfGUNInvalid:   notFoundError,
		IncludeCacheHeaders: true,
		CacheControlConfig:  current,
		ServerHandler:       handlers.GetHandler,
		PermissionsRequired: []string{"pull"},
	}))
	r.Methods("GET").Path(
		"/v2/{imageName:[^*]+}/_trust/tuf/{tufRole:snapshot|timestamp}.key").Handler(createHandler(_serverEndpoint{
		OperationName:       "GetKey",
		ErrorIfGUNInvalid:   notFoundError,
		ServerHandler:       handlers.GetKeyHandler,
		PermissionsRequired: []string{"push", "pull"},
	}))
	r.Methods("POST").Path(
		"/v2/{imageName:[^*]+}/_trust/tuf/{tufRole:snapshot|timestamp}.key").Handler(createHandler(_serverEndpoint{
		OperationName:       "RotateKey",
		ErrorIfGUNInvalid:   notFoundError,
		ServerHandler:       handlers.RotateKeyHandler,
		PermissionsRequired: []string{"*"},
	}))
	r.Methods("DELETE").Path("/v2/{imageName:[^*]+}/_trust/tuf/").Handler(createHandler(_serverEndpoint{
		OperationName:       "DeleteTUF",
		ErrorIfGUNInvalid:   notFoundError,
		ServerHandler:       handlers.DeleteHandler,
		PermissionsRequired: []string{"*"},
	}))
	r.Methods("GET").Path("/v2/{imageName:[^*]+}/_trust/changefeed").Handler(createHandler(_serverEndpoint{
		OperationName:       "Changefeed",
		ErrorIfGUNInvalid:   notFoundError,
		ServerHandler:       handlers.Changefeed,
		PermissionsRequired: []string{"pull"},
	}))
	r.Methods("GET").Path("/v2/_trust/changefeed").Handler(createHandler(_serverEndpoint{
		OperationName:       "Changefeed",
		ServerHandler:       handlers.Changefeed,
		PermissionsRequired: []string{"*"},
	}))

	r.Methods("GET").Path("/_notary_server/health").HandlerFunc(health.StatusHandler)
	r.Methods("GET").Path("/metrics").Handler(prometheus.Handler())
	r.Methods("GET", "POST", "PUT", "HEAD", "DELETE").Path("/{other:.*}").Handler(
		authWrapper(handlers.NotFoundHandler))

	return r
}