/auth: special case for docker-registry

This commit is contained in:
nemunaire 2021-09-13 13:07:31 +02:00
parent 82233a4b84
commit 5643713c54

View File

@ -5,6 +5,7 @@ import (
"html/template" "html/template"
"log" "log"
"net/http" "net/http"
"strings"
"github.com/go-ldap/ldap/v3" "github.com/go-ldap/ldap/v3"
) )
@ -56,6 +57,7 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(err.Error())) w.Write([]byte(err.Error()))
return
} else { } else {
w.Header().Set("X-Remote-User", user) w.Header().Set("X-Remote-User", user)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
@ -66,11 +68,21 @@ func httpBasicAuth(w http.ResponseWriter, r *http.Request) {
} }
} }
} }
return
} }
} else { } else if v := r.Header.Get("X-Special-Auth"); v == "docker-registry" {
method := r.Header.Get("X-Original-Method")
uri := r.Header.Get("X-Original-URI")
if (method == "GET" || method == "HEAD") && uri != "" && uri != "/v2/" && !strings.HasPrefix(uri, "/v2/_") {
log.Printf("docker-registry: Permit anonymous login for URL %s", uri)
w.Header().Set("X-Remote-User", "anonymous")
w.WriteHeader(http.StatusOK)
return
}
}
w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="nemunai.re restricted"`)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Please login")) w.Write([]byte("Please login"))
}
} }