evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
80
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix authentication message

Evan Jarrett ab7e0f07 9a648048

+32 -45
+32 -45
pkg/auth/token/handler.go
··· 42 42 IssuedAt string `json:"issued_at,omitempty"` 43 43 } 44 44 45 + // getBaseURL extracts the base URL from the request, handling proxies 46 + func getBaseURL(r *http.Request) string { 47 + baseURL := r.Header.Get("X-Forwarded-Host") 48 + if baseURL == "" { 49 + baseURL = r.Host 50 + } 51 + if !strings.HasPrefix(baseURL, "http") { 52 + // Add scheme 53 + if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 54 + baseURL = "https://" + baseURL 55 + } else { 56 + baseURL = "http://" + baseURL 57 + } 58 + } 59 + return baseURL 60 + } 61 + 62 + // sendAuthError sends a formatted authentication error response 63 + func sendAuthError(w http.ResponseWriter, r *http.Request, message string) { 64 + baseURL := getBaseURL(r) 65 + w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 66 + http.Error(w, fmt.Sprintf(`%s 67 + 68 + To authenticate: 69 + 1. Install credential helper: %s/install 70 + 2. Or run: docker login %s 71 + (use your ATProto handle + app-password)`, message, baseURL, r.Host), http.StatusUnauthorized) 72 + } 73 + 45 74 // ServeHTTP handles the token request 46 75 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 47 76 fmt.Printf("DEBUG [token/handler]: Received %s request to %s\n", r.Method, r.URL.Path) ··· 56 85 username, password, ok := r.BasicAuth() 57 86 if !ok { 58 87 fmt.Printf("DEBUG [token/handler]: No Basic auth credentials provided\n") 59 - // Get base URL for install instructions 60 - baseURL := r.Header.Get("X-Forwarded-Host") 61 - if baseURL == "" { 62 - baseURL = r.Host 63 - } 64 - if !strings.HasPrefix(baseURL, "http") { 65 - // Add scheme 66 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 67 - baseURL = "https://" + baseURL 68 - } else { 69 - baseURL = "http://" + baseURL 70 - } 71 - } 72 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 73 - http.Error(w, fmt.Sprintf("authentication required - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 88 + sendAuthError(w, r, "authentication required") 74 89 return 75 90 } 76 91 ··· 101 116 device, err := h.deviceStore.ValidateDeviceSecret(password) 102 117 if err != nil { 103 118 fmt.Printf("DEBUG [token/handler]: Device secret validation failed: %v\n", err) 104 - // Get base URL for install instructions 105 - baseURL := r.Header.Get("X-Forwarded-Host") 106 - if baseURL == "" { 107 - baseURL = r.Host 108 - } 109 - if !strings.HasPrefix(baseURL, "http") { 110 - // Add scheme 111 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 112 - baseURL = "https://" + baseURL 113 - } else { 114 - baseURL = "http://" + baseURL 115 - } 116 - } 117 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 118 - http.Error(w, fmt.Sprintf("authentication failed - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 119 + sendAuthError(w, r, "authentication failed") 119 120 return 120 121 } 121 122 ··· 129 130 did, handle, accessToken, err = h.validator.CreateSessionAndGetToken(r.Context(), username, password) 130 131 if err != nil { 131 132 fmt.Printf("DEBUG [token/handler]: App password validation failed: %v\n", err) 132 - // Get base URL for install instructions 133 - baseURL := r.Header.Get("X-Forwarded-Host") 134 - if baseURL == "" { 135 - baseURL = r.Host 136 - } 137 - if !strings.HasPrefix(baseURL, "http") { 138 - // Add scheme 139 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 140 - baseURL = "https://" + baseURL 141 - } else { 142 - baseURL = "http://" + baseURL 143 - } 144 - } 145 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 146 - http.Error(w, fmt.Sprintf("authentication failed - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 133 + sendAuthError(w, r, "authentication failed") 147 134 return 148 135 } 149 136