server

package
v0.2.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2025 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RepositoryAccessType = "repository"
	RegistryAccessType   = "registry"
	PullAction           = "pull"
	PushAction           = "push"
	CatalogAction        = "*"
	DeleteAction         = "delete"
	AnonymousUser        = "_anonymous"
	BasicPrefix          = "Basic "
	BearerPrefix         = "Bearer "
	PBKDF2Prefix         = "PBKDF2:"
	SecretKey            = "config"
)

Variables

View Source 
var (
	ErrAuthFailed          = fmt.Errorf("wrong username or password")
	ErrNotHandleAuthHeader = fmt.Errorf("no need to process authorization header")
)

Functions

func IsScopeActionMatch 

func IsScopeActionMatch(req *http.Request, resultScope AccessScope, requestScope AccessScope) bool

func NewThirdpartyAuth 

func NewThirdpartyAuth(logger *zap.Logger, thirdpartyServer string, p *AuthProcessor) error

func WatchConfigFile 

func WatchConfigFile(path string, stop <-chan struct{}, p *AuthProcessor) error

func WatchSecret 

func WatchSecret(client kubernetes.Interface, namespace, labelSelector string, stop <-chan struct{}, p *AuthProcessor) error

Types

type AccessScope 

type AccessScope []ClaimAccess

func DecodeScope 

func DecodeScope(req *http.Request) (AccessScope, error)

func DecodeScopeFromUrl 

func DecodeScopeFromUrl(req *http.Request) (AccessScope, error)

func (AccessScope) String 

func (s AccessScope) String() string

type AuthProcessor 

type AuthProcessor struct {
	Issuer         string
	TokenDuration  time.Duration
	StaticUsers    map[string]string
	SecretUsers    map[string]string
	StaticAuths    map[string][]Authorization
	SecretAuths    map[string][]Authorization
	ThirdpartyAuth ThirdpartyAuth
	// contains filtered or unexported fields
}

func NewAuthProcessor 

func NewAuthProcessor(privateKeyFile, publicCertFile, issuer string, tokenDuration int) (*AuthProcessor, error)

func (*AuthProcessor) Authenticate 

func (a *AuthProcessor) Authenticate(header string) (string, error)

func (*AuthProcessor) Authorize 

func (a *AuthProcessor) Authorize(user string, scope AccessScope) AccessScope

func (*AuthProcessor) LoadFromFile 

func (a *AuthProcessor) LoadFromFile(data []byte) error

func (*AuthProcessor) LoadFromSecret 

func (a *AuthProcessor) LoadFromSecret(dataOld, dataNew map[string][]byte) error

func (*AuthProcessor) Sign 

func (a *AuthProcessor) Sign(user, service string, scope AccessScope) (*Token, error)

type Authorization 

type Authorization struct {
	Type      string   `json:"type" yaml:"type"`
	Target    string   `json:"target" yaml:"target"`
	UseRegexp bool     `json:"useRegexp" yaml:"useRegexp"`
	Actions   []string `json:"actions" yaml:"actions"`
	// contains filtered or unexported fields
}

type ClaimAccess 

type ClaimAccess struct {
	Type    string
	Name    string
	Actions []string
}

func (*ClaimAccess) String 

func (ca *ClaimAccess) String() string

type Claims 

type Claims struct {
	Issuer    string           `json:"iss,omitempty"`
	Subject   string           `json:"sub,omitempty"`
	Audience  string           `json:"aud,omitempty"`
	Expiry    *jwt.NumericDate `json:"exp,omitempty"`
	NotBefore *jwt.NumericDate `json:"nbf,omitempty"`
	IssuedAt  *jwt.NumericDate `json:"iat,omitempty"`
	ID        string           `json:"jti,omitempty"`
	Access    []ClaimAccess    `json:"access"`
}

type ConfigFile 

type ConfigFile struct {
	Users map[string]string          `json:"users" yaml:"users"`
	Auths map[string][]Authorization `json:"auths" yaml:"auths"`
}

type ScopeDecoder 

type ScopeDecoder func(r *http.Request) (AccessScope, error)

type ScopeMatcher 

type ScopeMatcher func(req *http.Request, result AccessScope, request AccessScope) bool

type Server 

type Server struct {
	BasicConfig  config.BasicConfig
	ServerConfig config.ServerConfig

	Log *zap.Logger
	// contains filtered or unexported fields
}

Server conole data

func New 

func New() *Server

New creates new instance

func (*Server) ApplyToServer 

func (s *Server) ApplyToServer() error

ApplyToServer apply to server

func (*Server) Container 

func (s *Server) Container() *restful.Container

func (*Server) HandleAuth 

func (s *Server) HandleAuth(req *restful.Request, res *restful.Response)

HandleAuth handle registry auth

func (*Server) HandleProxy 

func (s *Server) HandleProxy(res http.ResponseWriter, req *http.Request)

func (*Server) L 

func (s *Server) L() *zap.Logger

func (*Server) Start 

func (s *Server) Start(ctx context.Context) error

type ThirdpartyAuth 

type ThirdpartyAuth interface {
	Login(username, password string) (string, error)
	UserAuthorization(username string) ([]Authorization, bool)
}

type Token 

type Token struct {
	Token string `json:"token"`
}

type UserAuthorization 

type UserAuthorization struct {
	Authorization
	User string `json:"user"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.