/auth: special case for docker-registry

login.go

@@ -5,6 +5,7 @@ import (
 	"html/template"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/go-ldap/ldap/v3"
 )
@@ -56,6 +57,7 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte(err.Error()))
+			return
 		} else {
 			w.Header().Set("X-Remote-User", user)
 			w.WriteHeader(http.StatusOK)
@@ -66,11 +68,21 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
 					}
 				}
 			}
-
+			return
 		}
-	} else {
+	} else if v := r.Header.Get("X-Special-Auth"); v == "docker-registry" {
+		method := r.Header.Get("X-Original-Method")
+		uri := r.Header.Get("X-Original-URI")
+
+		if (method == "GET" || method == "HEAD") && uri != "" && uri != "/v2/" && !strings.HasPrefix(uri, "/v2/_") {
+			log.Printf("docker-registry: Permit anonymous login for URL %s", uri)
+			w.Header().Set("X-Remote-User", "anonymous")
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+	}
+
 	w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
 	w.WriteHeader(http.StatusUnauthorized)
 	w.Write([]byte("Please login"))
 }
-}