/auth: special case for docker-registry

2021-09-13 13:07:31 +02:00 · 2021-09-13 13:07:31 +02:00 · 5643713c54
parent 82233a4b84
commit 5643713c54
1 changed files with 17 additions and 5 deletions
--- a/login.go
+++ b/login.go
@ -5,6 +5,7 @@ import (
 	"html/template"
 	"log"
 	"net/http"
+	"strings"

 	"github.com/go-ldap/ldap/v3"
 )
@ -56,6 +57,7 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte(err.Error()))
+			return
 		} else {
 			w.Header().Set("X-Remote-User", user)
 			w.WriteHeader(http.StatusOK)
@ -66,11 +68,21 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
 					}
 				}
 			}
-
+			return
+		}
+	} else if v := r.Header.Get("X-Special-Auth"); v == "docker-registry" {
+		method := r.Header.Get("X-Original-Method")
+		uri := r.Header.Get("X-Original-URI")
+
+		if (method == "GET" || method == "HEAD") && uri != "" && uri != "/v2/" && !strings.HasPrefix(uri, "/v2/_") {
+			log.Printf("docker-registry: Permit anonymous login for URL %s", uri)
+			w.Header().Set("X-Remote-User", "anonymous")
+			w.WriteHeader(http.StatusOK)
+			return
 		}
-	} else {
-		w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
-		w.WriteHeader(http.StatusUnauthorized)
-		w.Write([]byte("Please login"))
 	}
+
+	w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
+	w.WriteHeader(http.StatusUnauthorized)
+	w.Write([]byte("Please login"))
 }