cuducos.me / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix test

Evan Jarrett 2026780e 2f27f226

+5 -34
+1 -1
pkg/hold/pds/auth.go
··· 6 6 "encoding/json" 7 7 "fmt" 8 8 "io" 9 + "log" 9 10 "net/http" 10 11 "slices" 11 12 "strings" 12 13 "time" 13 - "log" 14 14 15 15 "atcr.io/pkg/atproto" 16 16 "github.com/bluesky-social/indigo/atproto/atcrypto"
+4 -4
pkg/hold/pds/xrpc.go
··· 116 116 }) 117 117 } 118 118 119 - // requireAuth middleware - validates DPoP authentication 119 + // requireAuth middleware - validates service token authentication 120 120 // Stores validated user in request context 121 121 func (h *XRPCHandler) requireAuth(next http.Handler) http.Handler { 122 122 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 123 123 // Service token authentication 124 - user, err := ValidateServiceToken(r, h.pds.did, h.httpClient) 124 + user, err := ValidateServiceToken(r, h.pds.did, h.httpClient) 125 125 if err != nil { 126 - http.Error(w, fmt.Sprintf("unauthorized: %v", err), http.StatusForbidden) 127 - return 126 + http.Error(w, fmt.Sprintf("unauthorized: %v", err), http.StatusUnauthorized) 127 + return 128 128 } 129 129 // Store user in context for handlers to access 130 130 ctx := context.WithValue(r.Context(), contextKeyUser, user)
-29
pkg/hold/pds/xrpc_test.go
··· 2059 2059 } 2060 2060 } 2061 2061 2062 - // TestRequireAuth_ValidDPoP tests middleware allows valid DPoP token 2063 - func TestRequireAuth_ValidDPoP(t *testing.T) { 2064 - handler, _ := setupTestXRPCHandler(t) 2065 - 2066 - r := chi.NewRouter() 2067 - handler.RegisterHandlers(r) 2068 - 2069 - // requestCrew requires auth 2070 - dpopHelper, err := NewDPoPTestHelper("did:plc:newcrew123", "https://test.pds") 2071 - if err != nil { 2072 - t.Fatalf("Failed to create DPoP helper: %v", err) 2073 - } 2074 - 2075 - req := httptest.NewRequest("POST", atproto.HoldRequestCrew, bytes.NewReader([]byte("{}"))) 2076 - req.Header.Set("Content-Type", "application/json") 2077 - 2078 - if err := dpopHelper.AddDPoPToRequest(req); err != nil { 2079 - t.Fatalf("Failed to add DPoP: %v", err) 2080 - } 2081 - 2082 - w := httptest.NewRecorder() 2083 - r.ServeHTTP(w, req) 2084 - 2085 - // Should not get auth error (may get other errors like "crew not allowed") 2086 - if w.Code == http.StatusUnauthorized { 2087 - t.Errorf("Expected valid DPoP to not get 401, got %d: %s", w.Code, w.Body.String()) 2088 - } 2089 - } 2090 - 2091 2062 // TestRequireAuth_MissingAuth tests middleware returns 401 without auth 2092 2063 func TestRequireAuth_MissingAuth(t *testing.T) { 2093 2064 handler, _ := setupTestXRPCHandler(t)