# XXX This code is not yet ready to be run in production, and should remain disabled until such # XXX time as this notice is removed. import logging from flask import Blueprint, make_response, url_for, request from functools import wraps from urlparse import urlparse from app import metric_queue from endpoints.decorators import anon_protect, anon_allowed from auth.jwt_auth import process_jwt_auth from auth.auth_context import get_grant_user_context from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission, AdministerRepositoryPermission) from data import model from util.http import abort from util.saas.metricqueue import time_blueprint logger = logging.getLogger(__name__) v2_bp = Blueprint('v2', __name__) time_blueprint(v2_bp, metric_queue) def _require_repo_permission(permission_class, allow_public=False): def wrapper(func): @wraps(func) def wrapped(namespace, repo_name, *args, **kwargs): logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace, repo_name) permission = permission_class(namespace, repo_name) if (permission.can() or (allow_public and model.repository.repository_is_public(namespace, repo_name))): return func(namespace, repo_name, *args, **kwargs) raise abort(401) return wrapped return wrapper require_repo_read = _require_repo_permission(ReadRepositoryPermission, True) require_repo_write = _require_repo_permission(ModifyRepositoryPermission) require_repo_admin = _require_repo_permission(AdministerRepositoryPermission) def get_input_stream(flask_request): if flask_request.headers.get('transfer-encoding') == 'chunked': return flask_request.environ['wsgi.input'] return flask_request.stream @v2_bp.route('/') @process_jwt_auth @anon_allowed def v2_support_enabled(): response = make_response('true', 200) if get_grant_user_context() is None: response = make_response('true', 401) realm_hostname = urlparse(request.url).netloc realm_auth_path = url_for('v2.generate_registry_jwt') authenticate = 'Bearer realm="{0}{1}",service="quay"'.format(realm_hostname, realm_auth_path) response.headers['WWW-Authenticate'] = authenticate response.headers['Docker-Distribution-API-Version'] = 'registry/2.0' return response from endpoints.v2 import v2auth from endpoints.v2 import manifest from endpoints.v2 import blob