A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
1package storage
2
3import (
4 "atcr.io/pkg/appview/readme"
5 "atcr.io/pkg/atproto"
6 "atcr.io/pkg/auth"
7 "atcr.io/pkg/auth/oauth"
8)
9
10// HoldDIDLookup interface for querying hold DIDs from manifests
11type HoldDIDLookup interface {
12 GetLatestHoldDIDForRepo(did, repository string) (string, error)
13}
14
15// RegistryContext bundles all the context needed for registry operations
16// This includes both per-request data (DID, hold) and shared services
17type RegistryContext struct {
18 // Per-request identity and routing information
19 // Owner = the user whose repository is being accessed
20 // Puller = the authenticated user making the request (from JWT Subject)
21 DID string // Owner's DID - whose repo is being accessed (e.g., "did:plc:abc123")
22 Handle string // Owner's handle (e.g., "alice.bsky.social")
23 HoldDID string // Hold service DID (e.g., "did:web:hold01.atcr.io")
24 PDSEndpoint string // Owner's PDS endpoint URL
25 Repository string // Image repository name (e.g., "debian")
26 ServiceToken string // Service token for hold authentication (from puller's PDS)
27 ATProtoClient *atproto.Client // Authenticated ATProto client for the owner
28 AuthMethod string // Auth method used ("oauth" or "app_password")
29 PullerDID string // Puller's DID - who is making the request (from JWT Subject)
30 PullerPDSEndpoint string // Puller's PDS endpoint URL
31
32 // Shared services (same for all requests)
33 Database HoldDIDLookup // Database for hold DID lookups
34 Authorizer auth.HoldAuthorizer // Hold access authorization
35 Refresher *oauth.Refresher // OAuth session manager
36 ReadmeFetcher *readme.Fetcher // README fetcher for repo pages
37}