2015-07-29 18:12:01 +00:00
|
|
|
package proxy
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
2016-09-01 23:46:51 +00:00
|
|
|
"strings"
|
2015-07-29 18:12:01 +00:00
|
|
|
|
2023-10-24 16:26:38 +00:00
|
|
|
"github.com/distribution/distribution/v3/internal/client/auth"
|
|
|
|
"github.com/distribution/distribution/v3/internal/client/auth/challenge"
|
2023-10-24 17:16:58 +00:00
|
|
|
"github.com/distribution/distribution/v3/internal/dcontext"
|
2015-07-29 18:12:01 +00:00
|
|
|
)
|
|
|
|
|
2016-02-11 02:07:28 +00:00
|
|
|
const challengeHeader = "Docker-Distribution-Api-Version"
|
2015-07-29 18:12:01 +00:00
|
|
|
|
|
|
|
type userpass struct {
|
|
|
|
username string
|
|
|
|
password string
|
|
|
|
}
|
|
|
|
|
2023-12-14 23:42:50 +00:00
|
|
|
func (u userpass) Basic(_ *url.URL) (string, string) {
|
|
|
|
return u.username, u.password
|
|
|
|
}
|
|
|
|
|
|
|
|
func (u userpass) RefreshToken(_ *url.URL, service string) string {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
func (u userpass) SetRefreshToken(_ *url.URL, service, token string) {
|
|
|
|
}
|
|
|
|
|
2015-07-29 18:12:01 +00:00
|
|
|
type credentials struct {
|
|
|
|
creds map[string]userpass
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c credentials) Basic(u *url.URL) (string, string) {
|
2023-12-14 23:42:50 +00:00
|
|
|
return c.creds[u.String()].Basic(u)
|
2015-07-29 18:12:01 +00:00
|
|
|
}
|
|
|
|
|
2016-03-04 08:34:17 +00:00
|
|
|
func (c credentials) RefreshToken(u *url.URL, service string) string {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c credentials) SetRefreshToken(u *url.URL, service, token string) {
|
|
|
|
}
|
|
|
|
|
2016-02-17 18:42:34 +00:00
|
|
|
// configureAuth stores credentials for challenge responses
|
2023-12-14 23:42:50 +00:00
|
|
|
func configureAuth(username, password, remoteURL string) (auth.CredentialStore, auth.CredentialStore, error) {
|
2016-09-01 23:46:51 +00:00
|
|
|
creds := map[string]userpass{}
|
|
|
|
|
|
|
|
authURLs, err := getAuthURLs(remoteURL)
|
|
|
|
if err != nil {
|
2023-12-14 23:42:50 +00:00
|
|
|
return nil, nil, err
|
2016-09-01 23:46:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, url := range authURLs {
|
2023-10-24 17:16:58 +00:00
|
|
|
dcontext.GetLogger(dcontext.Background()).Infof("Discovered token authentication URL: %s", url)
|
2016-09-01 23:46:51 +00:00
|
|
|
creds[url] = userpass{
|
2015-07-29 18:12:01 +00:00
|
|
|
username: username,
|
|
|
|
password: password,
|
2016-09-01 23:46:51 +00:00
|
|
|
}
|
2015-07-29 18:12:01 +00:00
|
|
|
}
|
2016-09-01 23:46:51 +00:00
|
|
|
|
2023-12-14 23:42:50 +00:00
|
|
|
return credentials{creds: creds}, userpass{username: username, password: password}, nil
|
2015-07-29 18:12:01 +00:00
|
|
|
}
|
|
|
|
|
2016-09-01 23:46:51 +00:00
|
|
|
func getAuthURLs(remoteURL string) ([]string, error) {
|
|
|
|
authURLs := []string{}
|
|
|
|
|
|
|
|
resp, err := http.Get(remoteURL + "/v2/")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
2016-11-08 01:13:56 +00:00
|
|
|
for _, c := range challenge.ResponseChallenges(resp) {
|
2016-09-01 23:46:51 +00:00
|
|
|
if strings.EqualFold(c.Scheme, "bearer") {
|
|
|
|
authURLs = append(authURLs, c.Parameters["realm"])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return authURLs, nil
|
|
|
|
}
|
|
|
|
|
2016-11-08 01:13:56 +00:00
|
|
|
func ping(manager challenge.Manager, endpoint, versionHeader string) error {
|
2015-07-29 18:12:01 +00:00
|
|
|
resp, err := http.Get(endpoint)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
2017-09-29 20:27:49 +00:00
|
|
|
return manager.AddResponse(resp)
|
2015-07-29 18:12:01 +00:00
|
|
|
}
|