mirror of
https://github.com/goharbor/harbor.git
synced 2024-10-06 17:27:35 +02:00
handler from=repo
This commit is contained in:
parent
0a873bc046
commit
bf53ca9a47
@ -75,14 +75,14 @@ func RefreshCatalogCache() error {
|
|||||||
rc, err = registry.NewRepositoryWithUsername(repo, endpoint, username)
|
rc, err = registry.NewRepositoryWithUsername(repo, endpoint, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("error occurred while initializing repository client used by cache: %s %v", repo, err)
|
log.Errorf("error occurred while initializing repository client used by cache: %s %v", repo, err)
|
||||||
return err
|
continue
|
||||||
}
|
}
|
||||||
repositoryClients[repo] = rc
|
repositoryClients[repo] = rc
|
||||||
}
|
}
|
||||||
tags, err := rc.ListTag()
|
tags, err := rc.ListTag()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("error occurred while list tag for %s: %v", repo, err)
|
log.Errorf("error occurred while list tag for %s: %v", repo, err)
|
||||||
return err
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(tags) != 0 {
|
if len(tags) != 0 {
|
||||||
|
@ -59,8 +59,20 @@ func (t *tokenHandler) Scheme() string {
|
|||||||
// AuthorizeRequest will add authorization header which contains a token before the request is sent
|
// AuthorizeRequest will add authorization header which contains a token before the request is sent
|
||||||
func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
|
func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]string) error {
|
||||||
var scopes []*scope
|
var scopes []*scope
|
||||||
|
var token string
|
||||||
|
|
||||||
// TODO handle additional scope: xxx.xxx.xxx?from=repo
|
hasFrom := false
|
||||||
|
from := req.URL.Query().Get("from")
|
||||||
|
if len(from) != 0 {
|
||||||
|
s := &scope{
|
||||||
|
Type: "repository",
|
||||||
|
Name: from,
|
||||||
|
Actions: []string{"pull"},
|
||||||
|
}
|
||||||
|
scopes = append(scopes, s)
|
||||||
|
// do not cache the token if "from" appears
|
||||||
|
hasFrom = true
|
||||||
|
}
|
||||||
|
|
||||||
scopes = append(scopes, t.scope)
|
scopes = append(scopes, t.scope)
|
||||||
|
|
||||||
@ -70,7 +82,7 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str
|
|||||||
expired = t.issuedAt.Add(time.Duration(t.expiresIn) * time.Second).Before(time.Now().UTC())
|
expired = t.issuedAt.Add(time.Duration(t.expiresIn) * time.Second).Before(time.Now().UTC())
|
||||||
}
|
}
|
||||||
|
|
||||||
if expired {
|
if expired || hasFrom {
|
||||||
scopeStrs := []string{}
|
scopeStrs := []string{}
|
||||||
for _, scope := range scopes {
|
for _, scope := range scopes {
|
||||||
scopeStrs = append(scopeStrs, scope.string())
|
scopeStrs = append(scopeStrs, scope.string())
|
||||||
@ -79,16 +91,19 @@ func (t *tokenHandler) AuthorizeRequest(req *http.Request, params map[string]str
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
t.cache = token
|
|
||||||
t.expiresIn = expiresIn
|
|
||||||
t.issuedAt = issuedAt
|
|
||||||
}
|
|
||||||
|
|
||||||
if !expired {
|
if !hasFrom {
|
||||||
|
t.cache = token
|
||||||
|
t.expiresIn = expiresIn
|
||||||
|
t.issuedAt = issuedAt
|
||||||
|
log.Debug("add token to cache")
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
token = t.cache
|
||||||
log.Debug("get token from cache")
|
log.Debug("get token from cache")
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", t.cache))
|
req.Header.Add(http.CanonicalHeaderKey("Authorization"), fmt.Sprintf("Bearer %s", token))
|
||||||
log.Debugf("add token to request: %s %s", req.Method, req.URL.String())
|
log.Debugf("add token to request: %s %s", req.Method, req.URL.String())
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
@ -214,7 +229,6 @@ func NewUsernameTokenHandler(username string, scopeType, scopeName string, scope
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (u *usernameTokenHandler) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) {
|
func (u *usernameTokenHandler) generateToken(realm, service string, scopes []string) (token string, expiresIn int, issuedAt *time.Time, err error) {
|
||||||
// TODO
|
|
||||||
token, expiresIn, issuedAt, err = token_util.GenTokenForUI(u.username, service, scopes)
|
token, expiresIn, issuedAt, err = token_util.GenTokenForUI(u.username, service, scopes)
|
||||||
log.Debug("get token by calling GenTokenForUI directly")
|
log.Debug("get token by calling GenTokenForUI directly")
|
||||||
return
|
return
|
||||||
|
@ -73,6 +73,8 @@ func NewRegistryWithUsername(endpoint, username string) (*Registry, error) {
|
|||||||
client: client,
|
client: client,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Debugf("initialized a registry client with username: %s %s", endpoint, username)
|
||||||
|
|
||||||
return registry, nil
|
return registry, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -103,7 +103,7 @@ func NewRepositoryWithUsername(name, endpoint, username string) (*Repository, er
|
|||||||
client: client,
|
client: client,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Debugf("initialized a repository client with username: %s %s", endpoint, name)
|
log.Debugf("initialized a repository client with username: %s %s", endpoint, name, username)
|
||||||
|
|
||||||
return repository, nil
|
return repository, nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user