handler from=repo

service/utils/cache.go

@@ -75,14 +75,14 @@ func RefreshCatalogCache() error {
 			rc, err = registry.NewRepositoryWithUsername(repo, endpoint, username)
 			if err != nil {
 				log.Errorf("error occurred while initializing repository client used by cache: %s %v", repo, err)
-				return err
+				continue
 			}
 			repositoryClients[repo] = rc
 		}
 		tags, err := rc.ListTag()
 		if err != nil {
 			log.Errorf("error occurred while list tag for %s: %v", repo, err)
-			return err
+			continue
 		}
 
 		if len(tags) != 0 {

utils/registry/auth/tokenhandler.go

@@ -59,8 +59,20 @@ func (t *tokenHandler) Scheme() string {
 // AuthorizeRequest will add authorization header which contains a token before the request is sent
 func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
 	var scopes []*scope
+	var token string
 
-	// TODO handle additional scope: xxx.xxx.xxx?from=repo
+	hasFrom := false
+	from := req.URL.Query().Get("from")
+	if len(from) != 0 {
+		s := &scope{
+			Type:    "repository",
+			Name:    from,
+			Actions: []string{"pull"},
+		}
+		scopes = append(scopes, s)
+		// do not cache the token if "from" appears
+		hasFrom = true
+	}
 
 	scopes = append(scopes, t.scope)
 
@@ -70,7 +82,7 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str
 		expired = t.issuedAt.Add(time.Duration(t.expiresIn) * time.Second).Before(time.Now().UTC())
 	}
 
-	if expired {
+	if expired || hasFrom {
 		scopeStrs := []string{}
 		for _, scope := range scopes {
 			scopeStrs = append(scopeStrs, scope.string())
@@ -79,16 +91,19 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str
 		if err != nil {
 			return err
 		}
-		t.cache = token
-		t.expiresIn = expiresIn
-		t.issuedAt = issuedAt
-	}
 
-	if !expired {
+		if !hasFrom {
+			t.cache = token
+			t.expiresIn = expiresIn
+			t.issuedAt = issuedAt
+			log.Debug("add token to cache")
+		}
+	} else {
+		token = t.cache
 		log.Debug("get token from cache")
 	}
 
-	req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", t.cache))
+	req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", token))
 	log.Debugf("add token to request: %s %s", req.Method, req.URL.String())
 
 	return nil
@@ -214,7 +229,6 @@ func NewUsernameTokenHandler(username string, scopeType, scopeName string, scope
 }
 
 func (u *usernameTokenHandler) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) {
-	// TODO
 	token, expiresIn, issuedAt, err = token_util.GenTokenForUI(u.username, service, scopes)
 	log.Debug("get token by calling GenTokenForUI directly")
 	return

utils/registry/registry.go

@@ -73,6 +73,8 @@ func NewRegistryWithUsername(endpoint, username string) (*Registry, error) {
 		client:   client,
 	}
 
+	log.Debugf("initialized a registry client with username: %s %s", endpoint, username)
+
 	return registry, nil
 }
 

utils/registry/repository.go

@@ -103,7 +103,7 @@ func NewRepositoryWithUsername(name, endpoint, username string) (*Repository, er
 		client:   client,
 	}
 
-	log.Debugf("initialized a repository client with username: %s %s", endpoint, name)
+	log.Debugf("initialized a repository client with username: %s %s", endpoint, name, username)
 
 	return repository, nil
 }