func (this *RepoAPIV1Controller) PutRepository() { username, _, _ := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")) namespace := string(this.Ctx.Input.Param(":namespace")) repository := string(this.Ctx.Input.Param(":repo_name")) repo := new(models.Repository) if err := repo.Put(namespace, repository, string(this.Ctx.Input.CopyBody()), this.Ctx.Input.Header("User-Agent"), models.APIVERSION_V1); err != nil { this.JSONOut(http.StatusForbidden, err.Error(), nil) return } if this.Ctx.Input.Header("X-Docker-Token") == "true" { token := string(utils.GeneralKey(username)) this.SetSession("token", token) this.Ctx.Output.Context.ResponseWriter.Header().Set("X-Docker-Token", token) this.Ctx.Output.Context.ResponseWriter.Header().Set("WWW-Authenticate", token) } user := new(models.User) if _, _, err := user.Has(username); err != nil { this.JSONOut(http.StatusForbidden, err.Error(), nil) return } memo, _ := json.Marshal(this.Ctx.Input.Header) user.Log(models.ACTION_UPDATE_REPO, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo) repo.Log(models.ACTION_UPDATE_REPO, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo) this.Ctx.Output.Context.ResponseWriter.Header().Set("X-Docker-Endpoints", beego.AppConfig.String("docker::Endpoints")) this.Ctx.Output.Context.Output.SetStatus(http.StatusOK) this.Ctx.Output.Context.Output.Body([]byte("")) return }
func (this *RepoAPIV1Controller) PutRepositoryImages() { namespace := this.Ctx.Input.Param(":namespace") repository := this.Ctx.Input.Param(":repo_name") repo := new(models.Repository) if err := repo.PutImages(namespace, repository); err != nil { this.JSONOut(http.StatusBadRequest, "Update Uploaded flag error", nil) return } memo, _ := json.Marshal(this.Ctx.Input.Header) repo.Log(models.ACTION_PUT_REPO_IMAGES, models.LEVELINFORMATIONAL, models.TYPE_APIV1, repo.Id, memo) org := new(models.Organization) isOrg, _, err := org.Has(namespace) if err != nil { this.JSONOut(http.StatusBadRequest, "Search Organization Error", nil) return } user := new(models.User) authUsername, _, _ := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")) isUser, _, err := user.Has(authUsername) if err != nil { this.JSONOut(http.StatusBadRequest, err.Error(), nil) return } if !isUser && !isOrg { this.JSONOut(http.StatusBadRequest, "Search Namespace Error", nil) return } if isUser { user.Repositories = append(user.Repositories, repo.Id) user.Save() } if isOrg { org.Repositories = append(org.Repositories, repo.Id) org.Save() } this.Ctx.Output.Context.Output.SetStatus(http.StatusNoContent) this.Ctx.Output.Context.Output.Body([]byte("")) this.ServeJson() return }
//There is nothing in request body, just authorization through Basic Authorization. func (this *UserAPIV1Controller) GetUsers() { if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil { this.JSONOut(http.StatusUnauthorized, err.Error(), nil) return } else { user := new(models.User) if err := user.Get(username, passwd); err != nil { this.JSONOut(http.StatusUnauthorized, err.Error(), nil) return } memo, _ := json.Marshal(this.Ctx.Input.Header) user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV1, user.Id, memo) this.JSONOut(http.StatusOK, "User authorization successfully.", nil) return } }
func (this *PingAPIV2Controller) GetPing() { if len(this.Ctx.Input.Header("Authorization")) == 0 { this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}}) return } if username, passwd, err := utils.DecodeBasicAuth(this.Ctx.Input.Header("Authorization")); err != nil { this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}}) return } else { user := new(models.User) if err := user.Get(username, passwd); err != nil { this.JSONOut(http.StatusUnauthorized, "", map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}}) return } memo, _ := json.Marshal(this.Ctx.Input.Header) user.Log(models.ACTION_SIGNUP, models.LEVELINFORMATIONAL, models.TYPE_APIV2, user.Id, memo) this.JSONOut(http.StatusOK, "", "User authorization successfully.") return } }
func FilterAuth(ctx *context.Context) { var namespace, repository string var permission int auth := true user := new(models.User) namespace = strings.Split(string(ctx.Input.Params[":splat"]), "/")[0] repository = strings.Split(string(ctx.Input.Params[":splat"]), "/")[1] //Get Permission permission = getPermission(ctx.Input.Method()) //Check Authorization In Header if len(ctx.Input.Header("Authorization")) == 0 || strings.Index(ctx.Input.Header("Authorization"), "Basic") == -1 { auth = false goto AUTH } //Check Username, Password And Get User if username, passwd, err := utils.DecodeBasicAuth(ctx.Input.Header("Authorization")); err != nil { auth = false goto AUTH } else { if err := user.Get(username, passwd); err != nil { auth = false goto AUTH } } //Docker Registry V1 Image Don't Check User/Org Permission if isImageResource(ctx.Request.URL.String()) == true { goto AUTH } //Username != namespace if user.Username != namespace { u := new(models.User) if has, _, err := u.Has(namespace); err != nil { auth = false goto AUTH } else if has == false { //Org Repository Check auth = checkOrgRepositoryPermission(user, namespace, repository, permission) } else if has == true { //Different User and Public/Private Repository auth = checkRepositoriesPrivate(namespace, repository) } } AUTH: if auth == false { result := map[string][]modules.ErrorDescriptor{"errors": []modules.ErrorDescriptor{modules.ErrorDescriptors[modules.APIErrorCodeUnauthorized]}} data, _ := json.Marshal(result) ctx.Output.Context.Output.SetStatus(http.StatusNotFound) ctx.Output.Context.Output.Body(data) return } }