Exemple #1
0
// Get handles GET request, it checks the http header for user credentials
// and parse service and scope based on docker registry v2 standard,
// checkes the permission agains local DB and generates jwt token.
func (h *Handler) Get() {

	var username, password string
	request := h.Ctx.Request
	service := h.GetString("service")
	scopes := h.GetStrings("scope")
	access := GetResourceActions(scopes)
	log.Infof("request url: %v", request.URL.String())

	if svc_utils.VerifySecret(request) {
		log.Debugf("Will grant all access as this request is from job service with legal secret.")
		username = "******"
	} else {
		username, password, _ = request.BasicAuth()
		authenticated := authenticate(username, password)

		if len(scopes) == 0 && !authenticated {
			log.Info("login request with invalid credentials")
			h.CustomAbort(http.StatusUnauthorized, "")
		}
		for _, a := range access {
			FilterAccess(username, authenticated, a)
		}
	}
	h.serveToken(username, service, access)
}
Exemple #2
0
// Get handles GET request, it checks the http header for user credentials
// and parse service and scope based on docker registry v2 standard,
// checkes the permission agains local DB and generates jwt token.
func (h *Handler) Get() {

	request := h.Ctx.Request
	log.Infof("request url: %v", request.URL.String())
	username, password, _ := request.BasicAuth()
	authenticated := authenticate(username, password)
	service := h.GetString("service")
	scopes := h.GetStrings("scope")

	if len(scopes) == 0 && !authenticated {
		log.Info("login request with invalid credentials")
		h.CustomAbort(http.StatusUnauthorized, "")
	}
	access := GetResourceActions(scopes)
	for _, a := range access {
		FilterAccess(username, authenticated, a)
	}
	h.serveToken(username, service, access)
}