//There is nothing in request body, just authorization through Basic Authorization.
func (this *UserAPIV1Controller) GetUsers() {
if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil {
this.JSONOut(http.StatusUnauthorized, err.Error(), nil)
return
} else {
user := new(models.User)
if err := user.Get(username, passwd); err != nil {
this.JSONOut(http.StatusUnauthorized, err.Error(), nil)
return
}
memo, _ := json.Marshal(this.Ctx.Input.Header)
user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV1, user.Id, memo)
this.JSONOut(http.StatusOK, "User authorization successfully.", nil)
return
}
}
func (this *UserWebAPIV1Controller) Signin() {
user := new(models.User)
if err := json.Unmarshal(this.Ctx.Input.CopyBody(), &user); err != nil {
this.JSONOut(http.StatusBadRequest, err.Error(), nil)
return
} else {
if err := user.Get(user.Username, user.Password); err != nil {
this.JSONOut(http.StatusBadRequest, err.Error(), nil)
return
}
memo, _ := json.Marshal(this.Ctx.Input.Header)
user.Log(models.ACTION_SIGNIN, models.LEVELINFORMATIONAL, models.TYPE_WEBV1, user.Id, memo)
this.Ctx.Input.CruSession.Set("user", user)
this.JSONOut(http.StatusOK, "User singin successfully!", nil)
return
}
}
func (this *PingAPIV2Controller) GetPing() {
if len(this.Ctx.Input.Header("Authorization")) == 0 {
this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
return
}
if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil {
this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
return
} else {
user := new(models.User)
if err := user.Get(username, passwd); err != nil {
this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
return
}
memo, _ := json.Marshal(this.Ctx.Input.Header)
user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV2, user.Id, memo)
this.JSONOut(http.StatusOK, "", "User authorization successfully.")
return
}
}
func FilterAuth(ctx *context.Context) {
var namespace, repository string
var permission int
auth := true
user := new(models.User)
namespace = strings.Split(string(ctx.Input.Params[":splat"]), "/")[0]
repository = strings.Split(string(ctx.Input.Params[":splat"]), "/")[1]
//Get Permission
permission = getPermission(ctx.Input.Method())
//Check Authorization In Header
if len(ctx.Input.Header("Authorization")) == 0 || strings.Index(ctx.Input.Header("Authorization"), "Basic") == -1 {
auth = false
goto AUTH
}
//Check Username, Password And Get User
if username, passwd, err := utils.DecodeBasicAuth(ctx.Input.Header("Authorization")); err != nil {
auth = false
goto AUTH
} else {
if err := user.Get(username, passwd); err != nil {
auth = false
goto AUTH
}
}
//Docker Registry V1 Image Don't Check User/Org Permission
if isImageResource(ctx.Request.URL.String()) == true {
goto AUTH
}
//Username != namespace
if user.Username != namespace {
u := new(models.User)
if has, _, err := u.Has(namespace); err != nil {
auth = false
goto AUTH
} else if has == false {
//Org Repository Check
auth = checkOrgRepositoryPermission(user, namespace, repository, permission)
} else if has == true {
//Different User and Public/Private Repository
auth = checkRepositoriesPrivate(namespace, repository)
}
}
AUTH:
if auth == false {
result := map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}}
data, _ := json.Marshal(result)
ctx.Output.Context.Output.SetStatus(http.StatusNotFound)
ctx.Output.Context.Output.Body(data)
return
}
}
