This commit is contained in:
Joseph Schorr 2013-10-10 00:40:30 -04:00
commit b924fa5336
12 changed files with 276 additions and 12 deletions

2
app.py
View file

@ -28,8 +28,6 @@ else:
app.config.from_object(config)
logger = logging.getLogger(__name__)
Principal(app, use_sessions=True)
login_manager = LoginManager()

View file

@ -72,18 +72,33 @@ class MixpanelProdConfig(object):
MIXPANEL_KEY = '50ff2b2569faa3a51c8f5724922ffb7e'
class GitHubTestConfig(object):
GITHUB_CLIENT_ID = 'cfbc4aca88e5c1b40679'
GITHUB_CLIENT_SECRET = '7d1cc21e17e10cd8168410e2cd1e4561cb854ff9'
GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'
GITHUB_USER_URL = 'https://api.github.com/user'
GITHUB_USER_EMAILS = GITHUB_USER_URL + '/emails'
class GitHubProdConfig(GitHubTestConfig):
GITHUB_CLIENT_ID = '5a8c08b06c48d89d4d1e'
GITHUB_CLIENT_SECRET = 'f89d8bb28ea3bd4e1c68808500d185a816be53b1'
class DebugConfig(FlaskConfig, MailConfig, LocalStorage, SQLiteDB,
StripeTestConfig, MixpanelTestConfig):
StripeTestConfig, MixpanelTestConfig, GitHubTestConfig):
REGISTRY_SERVER = 'localhost:5000'
LOGGING_CONFIG = {
'level': logging.DEBUG,
'format': LOG_FORMAT
}
SEND_FILE_MAX_AGE_DEFAULT = 0
POPULATE_DB_TEST_DATA = True
class LocalHostedConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
StripeLiveConfig, MixpanelTestConfig):
StripeLiveConfig, MixpanelTestConfig,
GitHubProdConfig):
REGISTRY_SERVER = 'localhost:5000'
LOGGING_CONFIG = {
'level': logging.DEBUG,
@ -93,7 +108,8 @@ class LocalHostedConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
StripeLiveConfig, MixpanelProdConfig):
StripeLiveConfig, MixpanelProdConfig,
GitHubProdConfig):
REGISTRY_SERVER = 'quay.io'
LOGGING_CONFIG = {
'stream': sys.stderr,

View file

@ -36,12 +36,32 @@ class BaseModel(Model):
class User(BaseModel):
username = CharField(unique=True, index=True)
password_hash = CharField()
password_hash = CharField(null=True)
email = CharField(unique=True, index=True)
verified = BooleanField(default=False)
stripe_id = CharField(index=True, null=True)
class LoginService(BaseModel):
name = CharField(unique=True, index=True)
class FederatedLogin(BaseModel):
user = ForeignKeyField(User, index=True)
service = ForeignKeyField(LoginService, index=True)
service_ident = CharField()
class Meta:
database = db
indexes = (
# create a unique index on service and the local service id
(('service', 'service_ident'), True),
# a user may only have one federated login per service
(('service', 'user'), True),
)
class Visibility(BaseModel):
name = CharField(index=True)
@ -136,9 +156,10 @@ class RepositoryTag(BaseModel):
def initialize_db():
create_model_tables([User, Repository, Image, AccessToken, Role,
RepositoryPermission, Visibility, RepositoryTag,
EmailConfirmation])
EmailConfirmation, FederatedLogin, LoginService])
Role.create(name='admin')
Role.create(name='write')
Role.create(name='read')
Visibility.create(name='public')
Visibility.create(name='private')
LoginService.create(name='github')

View file

@ -34,6 +34,34 @@ def create_user(username, password, email):
raise DataModelException(ex.message)
def create_federated_user(username, email, service_name, service_id):
try:
new_user = User.create(username=username, email=email, verified=True)
service = LoginService.get(LoginService.name == service_name)
federated_user = FederatedLogin.create(user=new_user, service=service,
service_ident=service_id)
return new_user
except Exception as ex:
raise DataModelException(ex.message)
def verify_federated_login(service_name, service_id):
selected = FederatedLogin.select(FederatedLogin, User)
with_service = selected.join(LoginService)
with_user = with_service.switch(FederatedLogin).join(User)
found = with_user.where(FederatedLogin.service_ident == service_id,
LoginService.name == service_name)
found_list = list(found)
if found_list:
return found_list[0].user
return None
def create_confirm_email_code(user):
code = EmailConfirmation.create(user=user, email_confirm=True)
return code

View file

@ -4,6 +4,7 @@ import stripe
from flask import request, make_response, jsonify, abort
from flask.ext.login import login_required, current_user
from functools import wraps
from collections import defaultdict
from data import model
from app import app
@ -263,6 +264,31 @@ def role_view(repo_perm_obj):
}
@app.route('/api/repository/<path:repository>/image/', methods=['GET'])
@parse_repository_name
def list_repository_images(namespace, repository):
permission = ReadRepositoryPermission(namespace, repository)
if permission.can() or model.repository_is_public(namespace, repository):
all_images = model.get_repository_images(namespace, repository)
all_tags = model.list_repository_tags(namespace, repository)
tags_by_image_id = defaultdict(list)
for tag in all_tags:
tags_by_image_id[tag.image.docker_image_id].append(tag.name)
def add_tags(image_json):
image_json['tags'] = tags_by_image_id[image_json['id']]
return image_json
return jsonify({
'images': [add_tags(image_view(image)) for image in all_images]
})
abort(403)
@app.route('/api/repository/<path:repository>/tag/<tag>/images',
methods=['GET'])
@parse_repository_name

View file

@ -1,4 +1,5 @@
import logging
import requests
from flask import (abort, send_file, redirect, request, url_for,
render_template, make_response)
@ -66,7 +67,8 @@ def common_login(db_user):
@app.route('/signin', methods=['GET'])
def render_signin_page():
return render_template('signin.html')
return render_template('signin.html',
github_client_id=app.config['GITHUB_CLIENT_ID'])
@app.route('/signin', methods=['POST'])
@ -81,12 +83,66 @@ def signin():
return redirect(request.args.get('next') or url_for('index'))
else:
return render_template('signin.html',
needs_email_verification=True)
needs_email_verification=True,
github_client_id=app.config['GITHUB_CLIENT_ID'])
else:
return render_template('signin.html',
username=username,
invalid_credentials=True)
invalid_credentials=True,
github_client_id=app.config['GITHUB_CLIENT_ID'])
@app.route('/oauth2/github/callback', methods=['GET'])
def github_oauth_callback():
code = request.args.get('code')
payload = {
'client_id': app.config['GITHUB_CLIENT_ID'],
'client_secret': app.config['GITHUB_CLIENT_SECRET'],
'code': code,
}
headers = {
'Accept': 'application/json'
}
get_access_token = requests.post(app.config['GITHUB_TOKEN_URL'],
params=payload, headers=headers)
token = get_access_token.json()['access_token']
token_param = {
'access_token': token,
}
get_user = requests.get(app.config['GITHUB_USER_URL'], params=token_param)
user_data = get_user.json()
username = user_data['login']
github_id = user_data['id']
v3_media_type = {
'Accept': 'application/vnd.github.v3'
}
get_email = requests.get(app.config['GITHUB_USER_EMAILS'],
params=token_param, headers=v3_media_type)
# We will accept any email, but we prefer the primary
found_email = None
for user_email in get_email.json():
found_email = user_email['email']
if user_email['primary']:
break
to_login = model.verify_federated_login('github', github_id)
if not to_login:
# try to create the user
to_login = model.create_federated_user(username, found_email, 'github',
github_id)
if common_login(to_login):
return redirect(url_for('index'))
# TODO something bad happened, we need to tell the user somehow
return redirect(url_for('signin'))
@app.route('/confirm', methods=['GET'])

View file

@ -1,4 +1,97 @@
import logging
import string
from random import SystemRandom
from datetime import datetime
from data.database import initialize_db
from data import model
from app import app
logger = logging.getLogger(__name__)
logging.basicConfig(**app.config['LOGGING_CONFIG'])
def __gen_hex_id(length=64):
random = SystemRandom()
return ''.join([random.choice('abcdef' + string.digits)
for x in range(length)])
def __gen_checksum():
return 'tarsum+sha256:' + __gen_hex_id(64)
def create_subtree(repo, structure, parent):
num_nodes, subtrees, last_node_tags = structure
# create the nodes
for i in range(num_nodes):
docker_image_id = __gen_hex_id()
checksum = __gen_checksum()
new_image = model.create_image(docker_image_id, repo)
model.set_image_checksum(docker_image_id, repo, checksum)
new_image = model.set_image_metadata(docker_image_id, repo.namespace,
repo.name, str(datetime.now()),
'no comment', parent)
parent = new_image
if last_node_tags:
if not isinstance(last_node_tags, list):
last_node_tags = [last_node_tags]
for tag_name in last_node_tags:
model.create_or_update_tag(repo.namespace, repo.name, tag_name,
new_image.docker_image_id)
for subtree in subtrees:
create_subtree(repo, subtree, new_image)
def __generate_repository(user, name, is_public, permissions, structure):
repo = model.create_repository(user.username, name, user)
if is_public:
model.set_repository_visibility(repo, 'public')
for delegate, role in permissions:
model.set_user_repo_permission(delegate.username, user.username, name,
role)
create_subtree(repo, structure, None)
if __name__ == '__main__':
initialize_db()
if app.config.get('POPULATE_DB_TEST_DATA', False):
logger.debug('Populating the DB with test data.')
new_user_1 = model.create_user('devtable', 'password',
'jake@devtable.com')
new_user_1.verified = True
new_user_1.save()
new_user_2 = model.create_user('public', 'password',
'jacob.moshenko@gmail.com')
new_user_2.verified = True
new_user_2.save()
__generate_repository(new_user_1, 'simple', False, [], (4, [],
['latest', 'prod']))
__generate_repository(new_user_1, 'complex', False, [],
(2, [(3, [], 'v2.0'),
(1, [(1, [(1, [], ['latest', 'prod'])],
'staging'),
(1, [], None)], None)], None))
__generate_repository(new_user_2, 'publicrepo', True, [],
(10, [], 'latest'))
__generate_repository(new_user_1, 'shared', False,
[(new_user_2, 'write')], (5, [], 'latest'))

View file

@ -8,6 +8,7 @@ body {
max-width: 330px;
padding: 15px;
margin: 0 auto;
text-align: center;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
@ -42,4 +43,20 @@ body {
.alert {
max-width: 300px;
margin: 0 auto;
}
.social-alternate {
color: #777;
font-size: 3em;
margin-left: 43px;
}
.social-alternate .inner-text {
text-align: center;
position: relative;
color: white;
left: -43px;
top: -9px;
font-weight: bold;
font-size: .4em;
}

View file

@ -123,8 +123,8 @@ quayApp = angular.module('quay', ['restangular', 'angularMoment', 'angulartics',
when('/repository/', {title: 'Repositories', templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}).
when('/user', {title: 'User Admin', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}).
when('/guide/', {title: 'Getting Started Guide', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}).
when('/plans/', {title: 'Quay Plans', templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
when('/', {title: 'Quay: Private docker repository hosting', templateUrl: '/static/partials/landing.html', controller: LandingCtrl}).
when('/plans/', {title: 'Plans and Pricing', templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
when('/', {title: 'Hosted Private Docker Registry', templateUrl: '/static/partials/landing.html', controller: LandingCtrl}).
otherwise({redirectTo: '/'});
}]).
config(function(RestangularProvider) {

View file

@ -4,6 +4,7 @@
<title ng-bind="title + ' · Quay'">Quay - Private Docker Repository</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Hosted private docker repositories. Includes full user management and history. Free for public repositories.">
<meta name="google-site-verification" content="GalDznToijTsHYmLjJvE4QaB9uk_IP16aaGDz5D75T4" />
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.min.css">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">

View file

@ -4,6 +4,7 @@
<title>Sign In - Quay</title>
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.min.css">
<link rel="stylesheet" href="static/css/signin.css">
</head>
@ -13,6 +14,13 @@
<input type="text" class="form-control" placeholder="Username" name="username" value="{{ username }}"autofocus>
<input type="password" class="form-control" placeholder="Password" name="password">
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign In</button>
<span class="social-alternate">
<i class="icon-circle"></i>
<span class="inner-text">OR</i>
</span>
<a href="https://github.com/login/oauth/authorize?client_id={{ github_client_id }}&scope=user:email" class="btn btn-primary btn-lg btn-block"><i class="icon-github icon-large"></i> Sign In with GitHub</a>
</form>
{% if invalid_credentials %}

BIN
test.db

Binary file not shown.