From 31fdb944368ad64f661ca5eecc1593e997693c3f Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Tue, 25 Aug 2015 14:18:34 -0400
Subject: [PATCH] Enable rate limiting of V2 requests

---
 conf/server-base.conf  | 4 ++--
 endpoints/v2/v2auth.py | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/conf/server-base.conf b/conf/server-base.conf
index 2bc26fb67..185536110 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -30,10 +30,10 @@ location /realtime {
     proxy_request_buffering off;
 }
 
-# At the begining and end of a push/pull, /v1/repositories is hit by the Docker
+# At the begining and end of a push/pull, (/v1/repositories|/v2/auth/) is hit by the Docker
 # client. By rate-limiting just this endpoint, we can avoid accidentally
 # blocking pulls/pushes for images with many layers.
-location /v1/repositories/ {
+location ~ ^/(v1/repositories|v2/auth)/ {
     proxy_buffering off;
 
     proxy_request_buffering off;
diff --git a/endpoints/v2/v2auth.py b/endpoints/v2/v2auth.py
index 7c05e10a0..76f11b042 100644
--- a/endpoints/v2/v2auth.py
+++ b/endpoints/v2/v2auth.py
@@ -54,6 +54,8 @@ def generate_registry_jwt():
   logger.debug('Scope request: %s', scope_param)
 
   user = get_authenticated_user()
+  if user is None:
+    abort(404)
 
   access = []
   if scope_param is not None: