예제 #1
0
파일: repoapiv1.go 프로젝트: rechen/wharf
func (this *RepoAPIV1Controller) PutRepository() {
	username, _, _ := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization"))

	namespace := string(this.Ctx.Input.Param(":namespace"))
	repository := string(this.Ctx.Input.Param(":repo_name"))

	repo := new(models.Repository)

	if err := repo.Put(namespace, repository, string(this.Ctx.Input.CopyBody()), this.Ctx.Input.Header("User-Agent"), models.APIVERSION_V1); err != nil {
		this.JSONOut(http.StatusForbidden, err.Error(), nil)
		return
	}

	if this.Ctx.Input.Header("X-Docker-Token") == "true" {
		token := string(utils.GeneralKey(username))
		this.SetSession("token", token)
		this.Ctx.Output.Context.ResponseWriter.Header().Set("X-Docker-Token", token)
		this.Ctx.Output.Context.ResponseWriter.Header().Set("WWW-Authenticate", token)
	}

	user := new(models.User)
	if _, _, err := user.Has(username); err != nil {
		this.JSONOut(http.StatusForbidden, err.Error(), nil)
		return
	}

	memo, _ := json.Marshal(this.Ctx.Input.Header)
	user.Log(models.ACTION_UPDATE_REPO, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo)
	repo.Log(models.ACTION_UPDATE_REPO, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo)

	this.Ctx.Output.Context.ResponseWriter.Header().Set("X-Docker-Endpoints", beego.AppConfig.String("docker::Endpoints"))
	this.Ctx.Output.Context.Output.SetStatus(http.StatusOK)
	this.Ctx.Output.Context.Output.Body([]byte(""))
	return
}
예제 #2
0
파일: repoapiv1.go 프로젝트: rechen/wharf
func (this *RepoAPIV1Controller) PutRepositoryImages() {
	namespace := this.Ctx.Input.Param(":namespace")
	repository := this.Ctx.Input.Param(":repo_name")

	repo := new(models.Repository)

	if err := repo.PutImages(namespace, repository); err != nil {
		this.JSONOut(http.StatusBadRequest, "Update Uploaded flag error", nil)
		return
	}

	memo, _ := json.Marshal(this.Ctx.Input.Header)
	repo.Log(models.ACTION_PUT_REPO_IMAGES, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo)

	org := new(models.Organization)
	isOrg, _, err := org.Has(namespace)
	if err != nil {
		this.JSONOut(http.StatusBadRequest, "Search Organization Error", nil)
		return
	}

	user := new(models.User)
	authUsername, _, _ := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization"))
	isUser, _, err := user.Has(authUsername)
	if err != nil {
		this.JSONOut(http.StatusBadRequest, err.Error(), nil)
		return
	}

	if !isUser && !isOrg {
		this.JSONOut(http.StatusBadRequest, "Search Namespace Error", nil)
		return
	}

	if isUser {
		user.Repositories = append(user.Repositories, repo.Id)
		user.Save()
	}
	if isOrg {
		org.Repositories = append(org.Repositories, repo.Id)
		org.Save()
	}

	this.Ctx.Output.Context.Output.SetStatus(http.StatusNoContent)
	this.Ctx.Output.Context.Output.Body([]byte(""))

	this.ServeJson()
	return
}
예제 #3
0
파일: usersapiv1.go 프로젝트: rechen/wharf
//There is nothing in request body, just authorization through Basic Authorization.
func (this *UserAPIV1Controller) GetUsers() {
	if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil {
		this.JSONOut(http.StatusUnauthorized, err.Error(), nil)
		return
	} else {
		user := new(models.User)

		if err := user.Get(username, passwd); err != nil {
			this.JSONOut(http.StatusUnauthorized, err.Error(), nil)
			return
		}

		memo, _ := json.Marshal(this.Ctx.Input.Header)
		user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV1, user.Id, memo)

		this.JSONOut(http.StatusOK, "User authorization successfully.", nil)
		return
	}
}
예제 #4
0
파일: pingapiv2.go 프로젝트: rechen/wharf
func (this *PingAPIV2Controller) GetPing() {
	if len(this.Ctx.Input.Header("Authorization")) == 0 {
		this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
		return
	}

	if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil {
		this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
		return
	} else {
		user := new(models.User)

		if err := user.Get(username, passwd); err != nil {
			this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}})
			return
		}

		memo, _ := json.Marshal(this.Ctx.Input.Header)
		user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV2, user.Id, memo)

		this.JSONOut(http.StatusOK, "", "User authorization successfully.")
		return
	}
}
예제 #5
0
파일: auth.go 프로젝트: rechen/wharf
func FilterAuth(ctx *context.Context) {
	var namespace, repository string
	var permission int

	auth := true
	user := new(models.User)

	namespace = strings.Split(string(ctx.Input.Params[":splat"]), "/")[0]
	repository = strings.Split(string(ctx.Input.Params[":splat"]), "/")[1]

	//Get Permission
	permission = getPermission(ctx.Input.Method())

	//Check Authorization In Header
	if len(ctx.Input.Header("Authorization")) == 0 || strings.Index(ctx.Input.Header("Authorization"), "Basic") == -1 {
		auth = false
		goto AUTH
	}

	//Check Username, Password And Get User
	if username, passwd, err := utils.DecodeBasicAuth(ctx.Input.Header("Authorization")); err != nil {
		auth = false
		goto AUTH
	} else {
		if err := user.Get(username, passwd); err != nil {
			auth = false
			goto AUTH
		}
	}

	//Docker Registry V1 Image Don't Check User/Org Permission
	if isImageResource(ctx.Request.URL.String()) == true {
		goto AUTH
	}

	//Username != namespace
	if user.Username != namespace {
		u := new(models.User)
		if has, _, err := u.Has(namespace); err != nil {
			auth = false
			goto AUTH
		} else if has == false {
			//Org Repository Check
			auth = checkOrgRepositoryPermission(user, namespace, repository, permission)
		} else if has == true {
			//Different User and Public/Private Repository
			auth = checkRepositoriesPrivate(namespace, repository)
		}
	}

AUTH:
	if auth == false {
		result := map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}}

		data, _ := json.Marshal(result)

		ctx.Output.Context.Output.SetStatus(http.StatusNotFound)
		ctx.Output.Context.Output.Body(data)
		return
	}
}