Merge branch 'master' of https://bitbucket.org/yackob03/quay
This commit is contained in:
commit
b924fa5336
12 changed files with 276 additions and 12 deletions
2
app.py
2
app.py
|
@ -28,8 +28,6 @@ else:
|
|||
|
||||
app.config.from_object(config)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
Principal(app, use_sessions=True)
|
||||
|
||||
login_manager = LoginManager()
|
||||
|
|
22
config.py
22
config.py
|
@ -72,18 +72,33 @@ class MixpanelProdConfig(object):
|
|||
MIXPANEL_KEY = '50ff2b2569faa3a51c8f5724922ffb7e'
|
||||
|
||||
|
||||
class GitHubTestConfig(object):
|
||||
GITHUB_CLIENT_ID = 'cfbc4aca88e5c1b40679'
|
||||
GITHUB_CLIENT_SECRET = '7d1cc21e17e10cd8168410e2cd1e4561cb854ff9'
|
||||
GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'
|
||||
GITHUB_USER_URL = 'https://api.github.com/user'
|
||||
GITHUB_USER_EMAILS = GITHUB_USER_URL + '/emails'
|
||||
|
||||
|
||||
class GitHubProdConfig(GitHubTestConfig):
|
||||
GITHUB_CLIENT_ID = '5a8c08b06c48d89d4d1e'
|
||||
GITHUB_CLIENT_SECRET = 'f89d8bb28ea3bd4e1c68808500d185a816be53b1'
|
||||
|
||||
|
||||
class DebugConfig(FlaskConfig, MailConfig, LocalStorage, SQLiteDB,
|
||||
StripeTestConfig, MixpanelTestConfig):
|
||||
StripeTestConfig, MixpanelTestConfig, GitHubTestConfig):
|
||||
REGISTRY_SERVER = 'localhost:5000'
|
||||
LOGGING_CONFIG = {
|
||||
'level': logging.DEBUG,
|
||||
'format': LOG_FORMAT
|
||||
}
|
||||
SEND_FILE_MAX_AGE_DEFAULT = 0
|
||||
POPULATE_DB_TEST_DATA = True
|
||||
|
||||
|
||||
class LocalHostedConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
|
||||
StripeLiveConfig, MixpanelTestConfig):
|
||||
StripeLiveConfig, MixpanelTestConfig,
|
||||
GitHubProdConfig):
|
||||
REGISTRY_SERVER = 'localhost:5000'
|
||||
LOGGING_CONFIG = {
|
||||
'level': logging.DEBUG,
|
||||
|
@ -93,7 +108,8 @@ class LocalHostedConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
|
|||
|
||||
|
||||
class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
|
||||
StripeLiveConfig, MixpanelProdConfig):
|
||||
StripeLiveConfig, MixpanelProdConfig,
|
||||
GitHubProdConfig):
|
||||
REGISTRY_SERVER = 'quay.io'
|
||||
LOGGING_CONFIG = {
|
||||
'stream': sys.stderr,
|
||||
|
|
|
@ -36,12 +36,32 @@ class BaseModel(Model):
|
|||
|
||||
class User(BaseModel):
|
||||
username = CharField(unique=True, index=True)
|
||||
password_hash = CharField()
|
||||
password_hash = CharField(null=True)
|
||||
email = CharField(unique=True, index=True)
|
||||
verified = BooleanField(default=False)
|
||||
stripe_id = CharField(index=True, null=True)
|
||||
|
||||
|
||||
class LoginService(BaseModel):
|
||||
name = CharField(unique=True, index=True)
|
||||
|
||||
|
||||
class FederatedLogin(BaseModel):
|
||||
user = ForeignKeyField(User, index=True)
|
||||
service = ForeignKeyField(LoginService, index=True)
|
||||
service_ident = CharField()
|
||||
|
||||
class Meta:
|
||||
database = db
|
||||
indexes = (
|
||||
# create a unique index on service and the local service id
|
||||
(('service', 'service_ident'), True),
|
||||
|
||||
# a user may only have one federated login per service
|
||||
(('service', 'user'), True),
|
||||
)
|
||||
|
||||
|
||||
class Visibility(BaseModel):
|
||||
name = CharField(index=True)
|
||||
|
||||
|
@ -136,9 +156,10 @@ class RepositoryTag(BaseModel):
|
|||
def initialize_db():
|
||||
create_model_tables([User, Repository, Image, AccessToken, Role,
|
||||
RepositoryPermission, Visibility, RepositoryTag,
|
||||
EmailConfirmation])
|
||||
EmailConfirmation, FederatedLogin, LoginService])
|
||||
Role.create(name='admin')
|
||||
Role.create(name='write')
|
||||
Role.create(name='read')
|
||||
Visibility.create(name='public')
|
||||
Visibility.create(name='private')
|
||||
LoginService.create(name='github')
|
||||
|
|
|
@ -34,6 +34,34 @@ def create_user(username, password, email):
|
|||
raise DataModelException(ex.message)
|
||||
|
||||
|
||||
def create_federated_user(username, email, service_name, service_id):
|
||||
try:
|
||||
new_user = User.create(username=username, email=email, verified=True)
|
||||
service = LoginService.get(LoginService.name == service_name)
|
||||
federated_user = FederatedLogin.create(user=new_user, service=service,
|
||||
service_ident=service_id)
|
||||
|
||||
return new_user
|
||||
|
||||
except Exception as ex:
|
||||
raise DataModelException(ex.message)
|
||||
|
||||
|
||||
def verify_federated_login(service_name, service_id):
|
||||
selected = FederatedLogin.select(FederatedLogin, User)
|
||||
with_service = selected.join(LoginService)
|
||||
with_user = with_service.switch(FederatedLogin).join(User)
|
||||
found = with_user.where(FederatedLogin.service_ident == service_id,
|
||||
LoginService.name == service_name)
|
||||
|
||||
found_list = list(found)
|
||||
|
||||
if found_list:
|
||||
return found_list[0].user
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def create_confirm_email_code(user):
|
||||
code = EmailConfirmation.create(user=user, email_confirm=True)
|
||||
return code
|
||||
|
|
|
@ -4,6 +4,7 @@ import stripe
|
|||
from flask import request, make_response, jsonify, abort
|
||||
from flask.ext.login import login_required, current_user
|
||||
from functools import wraps
|
||||
from collections import defaultdict
|
||||
|
||||
from data import model
|
||||
from app import app
|
||||
|
@ -263,6 +264,31 @@ def role_view(repo_perm_obj):
|
|||
}
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/image/', methods=['GET'])
|
||||
@parse_repository_name
|
||||
def list_repository_images(namespace, repository):
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
if permission.can() or model.repository_is_public(namespace, repository):
|
||||
all_images = model.get_repository_images(namespace, repository)
|
||||
all_tags = model.list_repository_tags(namespace, repository)
|
||||
|
||||
tags_by_image_id = defaultdict(list)
|
||||
for tag in all_tags:
|
||||
tags_by_image_id[tag.image.docker_image_id].append(tag.name)
|
||||
|
||||
|
||||
def add_tags(image_json):
|
||||
image_json['tags'] = tags_by_image_id[image_json['id']]
|
||||
return image_json
|
||||
|
||||
|
||||
return jsonify({
|
||||
'images': [add_tags(image_view(image)) for image in all_images]
|
||||
})
|
||||
|
||||
abort(403)
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/tag/<tag>/images',
|
||||
methods=['GET'])
|
||||
@parse_repository_name
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import logging
|
||||
import requests
|
||||
|
||||
from flask import (abort, send_file, redirect, request, url_for,
|
||||
render_template, make_response)
|
||||
|
@ -66,7 +67,8 @@ def common_login(db_user):
|
|||
|
||||
@app.route('/signin', methods=['GET'])
|
||||
def render_signin_page():
|
||||
return render_template('signin.html')
|
||||
return render_template('signin.html',
|
||||
github_client_id=app.config['GITHUB_CLIENT_ID'])
|
||||
|
||||
|
||||
@app.route('/signin', methods=['POST'])
|
||||
|
@ -81,12 +83,66 @@ def signin():
|
|||
return redirect(request.args.get('next') or url_for('index'))
|
||||
else:
|
||||
return render_template('signin.html',
|
||||
needs_email_verification=True)
|
||||
needs_email_verification=True,
|
||||
github_client_id=app.config['GITHUB_CLIENT_ID'])
|
||||
|
||||
else:
|
||||
return render_template('signin.html',
|
||||
username=username,
|
||||
invalid_credentials=True)
|
||||
invalid_credentials=True,
|
||||
github_client_id=app.config['GITHUB_CLIENT_ID'])
|
||||
|
||||
|
||||
@app.route('/oauth2/github/callback', methods=['GET'])
|
||||
def github_oauth_callback():
|
||||
code = request.args.get('code')
|
||||
payload = {
|
||||
'client_id': app.config['GITHUB_CLIENT_ID'],
|
||||
'client_secret': app.config['GITHUB_CLIENT_SECRET'],
|
||||
'code': code,
|
||||
}
|
||||
headers = {
|
||||
'Accept': 'application/json'
|
||||
}
|
||||
|
||||
get_access_token = requests.post(app.config['GITHUB_TOKEN_URL'],
|
||||
params=payload, headers=headers)
|
||||
|
||||
token = get_access_token.json()['access_token']
|
||||
|
||||
token_param = {
|
||||
'access_token': token,
|
||||
}
|
||||
get_user = requests.get(app.config['GITHUB_USER_URL'], params=token_param)
|
||||
|
||||
user_data = get_user.json()
|
||||
username = user_data['login']
|
||||
github_id = user_data['id']
|
||||
|
||||
v3_media_type = {
|
||||
'Accept': 'application/vnd.github.v3'
|
||||
}
|
||||
get_email = requests.get(app.config['GITHUB_USER_EMAILS'],
|
||||
params=token_param, headers=v3_media_type)
|
||||
|
||||
# We will accept any email, but we prefer the primary
|
||||
found_email = None
|
||||
for user_email in get_email.json():
|
||||
found_email = user_email['email']
|
||||
if user_email['primary']:
|
||||
break
|
||||
|
||||
to_login = model.verify_federated_login('github', github_id)
|
||||
if not to_login:
|
||||
# try to create the user
|
||||
to_login = model.create_federated_user(username, found_email, 'github',
|
||||
github_id)
|
||||
|
||||
if common_login(to_login):
|
||||
return redirect(url_for('index'))
|
||||
|
||||
# TODO something bad happened, we need to tell the user somehow
|
||||
return redirect(url_for('signin'))
|
||||
|
||||
|
||||
@app.route('/confirm', methods=['GET'])
|
||||
|
|
93
initdb.py
93
initdb.py
|
@ -1,4 +1,97 @@
|
|||
import logging
|
||||
import string
|
||||
|
||||
from random import SystemRandom
|
||||
from datetime import datetime
|
||||
|
||||
from data.database import initialize_db
|
||||
from data import model
|
||||
from app import app
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
logging.basicConfig(**app.config['LOGGING_CONFIG'])
|
||||
|
||||
|
||||
def __gen_hex_id(length=64):
|
||||
random = SystemRandom()
|
||||
return ''.join([random.choice('abcdef' + string.digits)
|
||||
for x in range(length)])
|
||||
|
||||
|
||||
def __gen_checksum():
|
||||
return 'tarsum+sha256:' + __gen_hex_id(64)
|
||||
|
||||
|
||||
def create_subtree(repo, structure, parent):
|
||||
num_nodes, subtrees, last_node_tags = structure
|
||||
|
||||
# create the nodes
|
||||
for i in range(num_nodes):
|
||||
docker_image_id = __gen_hex_id()
|
||||
checksum = __gen_checksum()
|
||||
|
||||
new_image = model.create_image(docker_image_id, repo)
|
||||
model.set_image_checksum(docker_image_id, repo, checksum)
|
||||
|
||||
new_image = model.set_image_metadata(docker_image_id, repo.namespace,
|
||||
repo.name, str(datetime.now()),
|
||||
'no comment', parent)
|
||||
|
||||
parent = new_image
|
||||
|
||||
if last_node_tags:
|
||||
if not isinstance(last_node_tags, list):
|
||||
last_node_tags = [last_node_tags]
|
||||
|
||||
for tag_name in last_node_tags:
|
||||
model.create_or_update_tag(repo.namespace, repo.name, tag_name,
|
||||
new_image.docker_image_id)
|
||||
|
||||
for subtree in subtrees:
|
||||
create_subtree(repo, subtree, new_image)
|
||||
|
||||
|
||||
def __generate_repository(user, name, is_public, permissions, structure):
|
||||
repo = model.create_repository(user.username, name, user)
|
||||
|
||||
if is_public:
|
||||
model.set_repository_visibility(repo, 'public')
|
||||
|
||||
for delegate, role in permissions:
|
||||
model.set_user_repo_permission(delegate.username, user.username, name,
|
||||
role)
|
||||
|
||||
create_subtree(repo, structure, None)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
initialize_db()
|
||||
|
||||
if app.config.get('POPULATE_DB_TEST_DATA', False):
|
||||
logger.debug('Populating the DB with test data.')
|
||||
|
||||
new_user_1 = model.create_user('devtable', 'password',
|
||||
'jake@devtable.com')
|
||||
new_user_1.verified = True
|
||||
new_user_1.save()
|
||||
|
||||
new_user_2 = model.create_user('public', 'password',
|
||||
'jacob.moshenko@gmail.com')
|
||||
new_user_2.verified = True
|
||||
new_user_2.save()
|
||||
|
||||
__generate_repository(new_user_1, 'simple', False, [], (4, [],
|
||||
['latest', 'prod']))
|
||||
|
||||
__generate_repository(new_user_1, 'complex', False, [],
|
||||
(2, [(3, [], 'v2.0'),
|
||||
(1, [(1, [(1, [], ['latest', 'prod'])],
|
||||
'staging'),
|
||||
(1, [], None)], None)], None))
|
||||
|
||||
__generate_repository(new_user_2, 'publicrepo', True, [],
|
||||
(10, [], 'latest'))
|
||||
|
||||
__generate_repository(new_user_1, 'shared', False,
|
||||
[(new_user_2, 'write')], (5, [], 'latest'))
|
||||
|
|
|
@ -8,6 +8,7 @@ body {
|
|||
max-width: 330px;
|
||||
padding: 15px;
|
||||
margin: 0 auto;
|
||||
text-align: center;
|
||||
}
|
||||
.form-signin .form-signin-heading,
|
||||
.form-signin .checkbox {
|
||||
|
@ -42,4 +43,20 @@ body {
|
|||
.alert {
|
||||
max-width: 300px;
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
.social-alternate {
|
||||
color: #777;
|
||||
font-size: 3em;
|
||||
margin-left: 43px;
|
||||
}
|
||||
|
||||
.social-alternate .inner-text {
|
||||
text-align: center;
|
||||
position: relative;
|
||||
color: white;
|
||||
left: -43px;
|
||||
top: -9px;
|
||||
font-weight: bold;
|
||||
font-size: .4em;
|
||||
}
|
|
@ -123,8 +123,8 @@ quayApp = angular.module('quay', ['restangular', 'angularMoment', 'angulartics',
|
|||
when('/repository/', {title: 'Repositories', templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}).
|
||||
when('/user', {title: 'User Admin', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}).
|
||||
when('/guide/', {title: 'Getting Started Guide', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}).
|
||||
when('/plans/', {title: 'Quay Plans', templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
|
||||
when('/', {title: 'Quay: Private docker repository hosting', templateUrl: '/static/partials/landing.html', controller: LandingCtrl}).
|
||||
when('/plans/', {title: 'Plans and Pricing', templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
|
||||
when('/', {title: 'Hosted Private Docker Registry', templateUrl: '/static/partials/landing.html', controller: LandingCtrl}).
|
||||
otherwise({redirectTo: '/'});
|
||||
}]).
|
||||
config(function(RestangularProvider) {
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
<title ng-bind="title + ' · Quay'">Quay - Private Docker Repository</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta name="description" content="Hosted private docker repositories. Includes full user management and history. Free for public repositories.">
|
||||
<meta name="google-site-verification" content="GalDznToijTsHYmLjJvE4QaB9uk_IP16aaGDz5D75T4" />
|
||||
|
||||
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.min.css">
|
||||
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
<title>Sign In - Quay</title>
|
||||
|
||||
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">
|
||||
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.min.css">
|
||||
|
||||
<link rel="stylesheet" href="static/css/signin.css">
|
||||
</head>
|
||||
|
@ -13,6 +14,13 @@
|
|||
<input type="text" class="form-control" placeholder="Username" name="username" value="{{ username }}"autofocus>
|
||||
<input type="password" class="form-control" placeholder="Password" name="password">
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign In</button>
|
||||
|
||||
<span class="social-alternate">
|
||||
<i class="icon-circle"></i>
|
||||
<span class="inner-text">OR</i>
|
||||
</span>
|
||||
|
||||
<a href="https://github.com/login/oauth/authorize?client_id={{ github_client_id }}&scope=user:email" class="btn btn-primary btn-lg btn-block"><i class="icon-github icon-large"></i> Sign In with GitHub</a>
|
||||
</form>
|
||||
|
||||
{% if invalid_credentials %}
|
||||
|
|
BIN
test.db
BIN
test.db
Binary file not shown.
Reference in a new issue