vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints/index.py

208 lines
5.7 KiB
Python
Raw Blame History

import json
import urllib
import json
import logging
from flask import request, make_response, jsonify, abort
from functools import wraps
from data import model
from app import app
from auth.auth import (process_auth, get_authenticated_user,
get_validated_token)
from util import parse_namespace_repository, parse_repository_name
from auth.permissions import (ModifyRepositoryPermission,
ReadRepositoryPermission, UserPermission)
logger = logging.getLogger(__name__)
REGISTRY_SERVER = 'localhost:5003'
def generate_headers(access):
def add_headers(f):
@wraps(f)
def wrapper(namespace, repository, *args, **kwargs):
response = f(namespace, repository, *args, **kwargs)
response.headers['X-Docker-Endpoints'] = REGISTRY_SERVER
has_token_request = request.headers.get('X-Docker-Token', '')
if has_token_request and get_authenticated_user():
repo = model.get_repository(namespace, repository)
token = model.create_access_token(get_authenticated_user(), repo)
token_str = ('Token signature=%s,repository="%s/%s",access=%s' %
(token.code, namespace, repository, access))
response.headers['WWW-Authenticate'] = token_str
response.headers['X-Docker-Token'] = token_str
return response
return wrapper
return add_headers
@app.route('/v1/users', methods=['POST'])
@app.route('/v1/users/', methods=['POST'])
def create_user():
user_data = request.get_json()
model.create_user(user_data['username'], user_data['password'],
user_data['email'])
return make_response('Created', 201)
@app.route('/v1/users', methods=['GET'])
@app.route('/v1/users/', methods=['GET'])
@process_auth
def get_user():
if not get_authenticated_user():
abort(401)
return jsonify({
'username': get_authenticated_user().username,
'email': get_authenticated_user().email,
})
@app.route('/v1/users/<username>/', methods=['PUT'])
@process_auth
def update_user(username):
permission = UserPermission(username)
if permission.can():
update_request = request.get_json()
if 'password' in update_request:
logger.debug('Updating user password.')
model.change_password(get_authenticated_user(),
update_request['password'])
if 'email' in update_request:
logger.debug('Updating user email')
model.update_email(get_authenticated_user(), update_request['email'])
return jsonify({
'username': get_authenticated_user().username,
'email': get_authenticated_user().email,
})
abort(403)
@app.route('/v1/repositories/<path:repository>', methods=['PUT'])
@process_auth
@parse_repository_name
@generate_headers(access='write')
def create_repository(namespace, repository):
image_descriptions = json.loads(request.data)
repo = model.get_repository(namespace, repository)
if repo:
permission = ModifyRepositoryPermission(namespace, repository)
if not permission.can():
if get_validated_token() or get_authenticated_user():
abort(403)
else:
abort(401)
else:
if not get_authenticated_user():
abort(401)
if get_authenticated_user().username != namespace:
abort(403)
logger.debug('Creaing repository with owner: %s' %
get_authenticated_user().username)
repo = model.create_repository(namespace, repository,
get_authenticated_user())
new_repo_images = {desc['id']: desc for desc in image_descriptions}
added_images = dict(new_repo_images)
for existing in model.get_repository_images(namespace, repository):
if existing.image_id in new_repo_images:
added_images.pop(existing.image_id)
else:
existing.repositoryimage.delete()
for image_description in added_images.values():
image = model.create_image(image_description['id'])
model.assign_image_repository(repo, image, image_description['Tag'])
response = make_response('Created', 201)
return response
@app.route('/v1/repositories/<path:repository>/images', methods=['PUT'])
@process_auth
@parse_repository_name
@generate_headers(access='write')
def update_images(namespace, repository):
permission = ModifyRepositoryPermission(namespace, repository)
if permission.can():
image_with_checksums = json.loads(request.data)
for image in image_with_checksums:
model.set_image_checksum(image['id'], image['checksum'])
return make_response('Updated', 204)
abort(403)
@app.route('/v1/repositories/<path:repository>/images', methods=['GET'])
@process_auth
@parse_repository_name
@generate_headers(access='read')
def get_repository_images(namespace, repository):
permission = ReadRepositoryPermission(namespace, repository)
# TODO invalidate token?
if permission.can():
all_images = []
for image in model.get_repository_images(namespace, repository):
new_image_view = {
'id': image.image_id,
'tag': image.repositoryimage.tag,
'checksum': image.checksum,
}
all_images.append(new_image_view)
resp = make_response(json.dumps(all_images), 200)
resp.mimetype = 'application/json'
return resp
abort(403)
@app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])
@process_auth
@parse_repository_name
@generate_headers(access='delete')
def delete_repository_images(namespace, repository):
pass
@app.route('/v1/repositories/<path:repository>/auth', methods=['PUT'])
@parse_repository_name
def put_repository_auth(namespace, repository):
pass
@app.route('/v1/search', methods=['GET'])
def get_search():
pass
@app.route('/_ping')
@app.route('/v1/_ping')
def ping():
response = make_response('true', 200)
response.headers['X-Docker-Registry-Version'] = '0.6.0'
return response
Reference in a new issue View git blame Copy permalink