Jake Moshenko
parent
5029ab62f6
commit
9c3ddf846f
7 changed files with 290 additions and 35 deletions
|
|
@ -24,9 +24,11 @@ from endpoints.decorators import anon_protect
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
TOKEN_VALIDITY_LIFETIME_S = 60 * 60 # 1 hour
|
||||
SCOPE_REGEX = re.compile(
|
||||
r'^repository:([\.a-zA-Z0-9_\-]+/[\.a-zA-Z0-9_\-]+):(((push|pull|\*),)*(push|pull|\*))$'
|
||||
)
|
||||
ANONYMOUS_SUB = '(anonymous)'
|
||||
|
||||
|
||||
@lru_cache(maxsize=1)
|
||||
|
|
@ -89,7 +91,6 @@ def generate_registry_jwt():
|
|||
not model.repository.repository_is_public(namespace, reponame)):
|
||||
abort(403)
|
||||
|
||||
|
||||
access.append({
|
||||
'type': 'repository',
|
||||
'name': namespace_and_repo,
|
||||
|
|
@ -97,11 +98,12 @@ def generate_registry_jwt():
|
|||
})
|
||||
|
||||
token_data = {
|
||||
'iss': 'token-issuer',
|
||||
'iss': app.config['JWT_AUTH_TOKEN_ISSUER'],
|
||||
'aud': audience_param,
|
||||
'nbf': int(time.time()),
|
||||
'exp': int(time.time() + 60),
|
||||
'sub': user.username if user else '(anonymous)',
|
||||
'iat': int(time.time()),
|
||||
'exp': int(time.time() + TOKEN_VALIDITY_LIFETIME_S),
|
||||
'sub': user.username if user else ANONYMOUS_SUB,
|
||||
'access': access,
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue