Add a feature flag for disabling unauthenticated access to the registry in its entirety.

endpoints/api/__init__.py

@@ -19,6 +19,7 @@ from auth import scopes
 from auth.auth_context import get_authenticated_user, get_validated_oauth_token
 from auth.auth import process_oauth
 from endpoints.csrf import csrf_protect
+from endpoints.decorators import anon_protect
 
 
 logger = logging.getLogger(__name__)
@@ -228,12 +229,14 @@ def parse_repository_name(func):
 
 
 class ApiResource(Resource):
+  method_decorators = [anon_protect]
+
   def options(self):
     return None, 200
 
 
 class RepositoryParamResource(ApiResource):
-  method_decorators = [parse_repository_name]
+  method_decorators = [anon_protect, parse_repository_name]
 
 
 def require_repo_permission(permission_class, scope, allow_public=False):

endpoints/api/user.py

@@ -15,6 +15,7 @@ from endpoints.api import (ApiResource, nickname, resource, validate_json_reques
                            RepositoryParamResource)
 from endpoints.api.subscribe import subscribe
 from endpoints.common import common_login
+from endpoints.decorators import anon_allowed
 from endpoints.api.team import try_accept_invite
 
 from data import model
@@ -203,6 +204,7 @@ class User(ApiResource):
   @require_scope(scopes.READ_USER)
   @nickname('getLoggedInUser')
   @define_json_response('UserView')
+  @anon_allowed
   def get(self):
     """ Get user information for the authenticated user. """
     user = get_authenticated_user()
@@ -498,6 +500,7 @@ class Signin(ApiResource):
 
   @nickname('signinUser')
   @validate_json_request('SigninUser')
+  @anon_allowed
   def post(self):
     """ Sign in the user with the specified credentials. """
     signin_data = request.get_json()