Add a feature flag for disabling unauthenticated access to the registry in its entirety.

endpoints/web.py

@@ -18,6 +18,7 @@ from util.invoice import renderInvoiceToPdf
 from util.seo import render_snapshot
 from util.cache import no_cache
 from endpoints.common import common_login, render_page_template, route_show_if, param_required
+from endpoints.decorators import anon_protect
 from endpoints.csrf import csrf_protect, generate_csrf_token, verify_csrf
 from endpoints.registry import set_cache_headers
 from endpoints.trigger import (CustomBuildTrigger, BitbucketBuildTrigger, TriggerProviderException,
@@ -79,6 +80,7 @@ def snapshot(path = ''):
 
 @web.route('/aci-signing-key')
 @no_cache
+@anon_protect
 def aci_signing_key():
   if not signer.name:
     abort(404)
@@ -337,6 +339,7 @@ def confirm_recovery():
 @web.route('/repository/<path:repository>/status', methods=['GET'])
 @parse_repository_name
 @no_cache
+@anon_protect
 def build_status_badge(namespace, repository):
   token = request.args.get('token', None)
   is_public = model.repository_is_public(namespace, repository)
@@ -565,6 +568,7 @@ def attach_custom_build_trigger(namespace, repository_name):
 @no_cache
 @process_oauth
 @parse_repository_name_and_tag
+@anon_protect
 def redirect_to_repository(namespace, reponame, tag):
   permission = ReadRepositoryPermission(namespace, reponame)
   is_public = model.repository_is_public(namespace, reponame)
@@ -582,6 +586,7 @@ def redirect_to_repository(namespace, reponame, tag):
 @web.route('/<namespace>')
 @no_cache
 @process_oauth
+@anon_protect
 def redirect_to_namespace(namespace):
   user_or_org = model.get_user_or_org(namespace)
   if not user_or_org: