vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

First stab at token auth. The UI could use a little bit of polishing.

Browse source
This commit is contained in:
yackob03 2013-10-16 14:24:10 -04:00
parent f1746417b1
commit 283f9b81ae
9 changed files with 360 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

57
endpoints/index.py
View file

@ -19,25 +19,26 @@ from auth.permissions import (ModifyRepositoryPermission,
logger = logging.getLogger(__name__)
def generate_headers(f):
@wraps(f)
def wrapper(namespace, repository, *args, **kwargs):
response = f(namespace, repository, *args, **kwargs)
def generate_headers(role='read'):
def decorator_method(f):
@wraps(f)
def wrapper(namespace, repository, *args, **kwargs):
response = f(namespace, repository, *args, **kwargs)
response.headers['X-Docker-Endpoints'] = app.config['REGISTRY_SERVER']
response.headers['X-Docker-Endpoints'] = app.config['REGISTRY_SERVER']
has_token_request = request.headers.get('X-Docker-Token', '')
has_token_request = request.headers.get('X-Docker-Token', '')
if has_token_request:
repo = model.get_repository(namespace, repository)
token = model.create_access_token(get_authenticated_user(), repo)
token_str = 'signature=%s,repository="%s/%s"' % (token.code, namespace,
repository)
response.headers['WWW-Authenticate'] = token_str
response.headers['X-Docker-Token'] = token_str
if has_token_request:
repo = model.get_repository(namespace, repository)
token = model.create_access_token(repo, role)
token_str = 'signature=%s' % token.code
response.headers['WWW-Authenticate'] = token_str
response.headers['X-Docker-Token'] = token_str
return response
return wrapper
return response
return wrapper
return decorator_method
@app.route('/v1/users', methods=['POST'])
@ -47,6 +48,13 @@ def create_user():
username = user_data['username']
password = user_data['password']
if username == '$token':
try:
token = model.load_token_data(password)
return make_response('Verified', 201)
except model.InvalidTokenException:
abort(401)
existing_user = model.get_user(username)
if existing_user:
verified = model.verify_user(username, password)
@ -100,13 +108,17 @@ def update_user(username):
@app.route('/v1/repositories/<path:repository>', methods=['PUT'])
@process_auth
@parse_repository_name
@generate_headers
@generate_headers(role='write')
def create_repository(namespace, repository):
image_descriptions = json.loads(request.data)
repo = model.get_repository(namespace, repository)
if repo:
if not repo and get_authenticated_user() is None:
logger.debug('Attempt to create new repository with token auth.')
abort(400)
elif repo:
permission = ModifyRepositoryPermission(namespace, repository)
if not permission.can():
abort(403)
@ -135,7 +147,10 @@ def create_repository(namespace, repository):
response = make_response('Created', 201)
mixpanel.track(get_authenticated_user().username, 'push_repo')
if get_authenticated_user():
mixpanel.track(get_authenticated_user().username, 'push_repo')
else:
mixpanel.track(get_validated_token().code, 'push_repo')
return response
@ -143,7 +158,7 @@ def create_repository(namespace, repository):
@app.route('/v1/repositories/<path:repository>/images', methods=['PUT'])
@process_auth
@parse_repository_name
@generate_headers
@generate_headers(role='write')
def update_images(namespace, repository):
permission = ModifyRepositoryPermission(namespace, repository)
@ -164,7 +179,7 @@ def update_images(namespace, repository):
@app.route('/v1/repositories/<path:repository>/images', methods=['GET'])
@process_auth
@parse_repository_name
@generate_headers
@generate_headers(role='read')
def get_repository_images(namespace, repository):
permission = ReadRepositoryPermission(namespace, repository)
@ -196,7 +211,7 @@ def get_repository_images(namespace, repository):
@app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])
@process_auth
@parse_repository_name
@generate_headers
@generate_headers(role='write')
def delete_repository_images(namespace, repository):
pass