From bf53ca9a47dba8c9917423bbc5f655765846ecd5 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Fri, 29 Apr 2016 16:59:54 +0800 Subject: [PATCH] handler from=repo --- service/utils/cache.go | 4 ++-- utils/registry/auth/tokenhandler.go | 32 +++++++++++++++++++++-------- utils/registry/registry.go | 2 ++ utils/registry/repository.go | 2 +- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/service/utils/cache.go b/service/utils/cache.go index bbb9bd0b8..a19753f59 100644 --- a/service/utils/cache.go +++ b/service/utils/cache.go @@ -75,14 +75,14 @@ func RefreshCatalogCache() error { rc, err = registry.NewRepositoryWithUsername(repo, endpoint, username) if err != nil { log.Errorf("error occurred while initializing repository client used by cache: %s %v", repo, err) - return err + continue } repositoryClients[repo] = rc } tags, err := rc.ListTag() if err != nil { log.Errorf("error occurred while list tag for %s: %v", repo, err) - return err + continue } if len(tags) != 0 { diff --git a/utils/registry/auth/tokenhandler.go b/utils/registry/auth/tokenhandler.go index 98954fae6..f0ee50b33 100644 --- a/utils/registry/auth/tokenhandler.go +++ b/utils/registry/auth/tokenhandler.go @@ -59,8 +59,20 @@ func (t *tokenHandler) Scheme() string { // AuthorizeRequest will add authorization header which contains a token before the request is sent func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error { var scopes []*scope + var token string - // TODO handle additional scope: xxx.xxx.xxx?from=repo + hasFrom := false + from := req.URL.Query().Get("from") + if len(from) != 0 { + s := &scope{ + Type: "repository", + Name: from, + Actions: []string{"pull"}, + } + scopes = append(scopes, s) + // do not cache the token if "from" appears + hasFrom = true + } scopes = append(scopes, t.scope) @@ -70,7 +82,7 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str expired = t.issuedAt.Add(time.Duration(t.expiresIn) * time.Second).Before(time.Now().UTC()) } - if expired { + if expired || hasFrom { scopeStrs := []string{} for _, scope := range scopes { scopeStrs = append(scopeStrs, scope.string()) @@ -79,16 +91,19 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str if err != nil { return err } - t.cache = token - t.expiresIn = expiresIn - t.issuedAt = issuedAt - } - if !expired { + if !hasFrom { + t.cache = token + t.expiresIn = expiresIn + t.issuedAt = issuedAt + log.Debug("add token to cache") + } + } else { + token = t.cache log.Debug("get token from cache") } - req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", t.cache)) + req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", token)) log.Debugf("add token to request: %s %s", req.Method, req.URL.String()) return nil @@ -214,7 +229,6 @@ func NewUsernameTokenHandler(username string, scopeType, scopeName string, scope } func (u *usernameTokenHandler) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) { - // TODO token, expiresIn, issuedAt, err = token_util.GenTokenForUI(u.username, service, scopes) log.Debug("get token by calling GenTokenForUI directly") return diff --git a/utils/registry/registry.go b/utils/registry/registry.go index 62118ecbc..1ee01892e 100644 --- a/utils/registry/registry.go +++ b/utils/registry/registry.go @@ -73,6 +73,8 @@ func NewRegistryWithUsername(endpoint, username string) (*Registry, error) { client: client, } + log.Debugf("initialized a registry client with username: %s %s", endpoint, username) + return registry, nil } diff --git a/utils/registry/repository.go b/utils/registry/repository.go index 04d8f9fdd..0a1b9f096 100644 --- a/utils/registry/repository.go +++ b/utils/registry/repository.go @@ -103,7 +103,7 @@ func NewRepositoryWithUsername(name, endpoint, username string) (*Repository, er client: client, } - log.Debugf("initialized a repository client with username: %s %s", endpoint, name) + log.Debugf("initialized a repository client with username: %s %s", endpoint, name, username) return repository, nil }