willdot.net / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix authentication message

Evan Jarrett ab7e0f07 9a648048

+32 -45
+32 -45
pkg/auth/token/handler.go
··· 42 42 IssuedAt string `json:"issued_at,omitempty"` 43 43 } 44 44 45 + // getBaseURL extracts the base URL from the request, handling proxies 46 + func getBaseURL(r *http.Request) string { 47 + baseURL := r.Header.Get("X-Forwarded-Host") 48 + if baseURL == "" { 49 + baseURL = r.Host 50 + } 51 + if !strings.HasPrefix(baseURL, "http") { 52 + // Add scheme 53 + if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 54 + baseURL = "https://" + baseURL 55 + } else { 56 + baseURL = "http://" + baseURL 57 + } 58 + } 59 + return baseURL 60 + } 61 + 62 + // sendAuthError sends a formatted authentication error response 63 + func sendAuthError(w http.ResponseWriter, r *http.Request, message string) { 64 + baseURL := getBaseURL(r) 65 + w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 66 + http.Error(w, fmt.Sprintf(`%s 67 + 68 + To authenticate: 69 + 1. Install credential helper: %s/install 70 + 2. Or run: docker login %s 71 + (use your ATProto handle + app-password)`, message, baseURL, r.Host), http.StatusUnauthorized) 72 + } 73 + 45 74 // ServeHTTP handles the token request 46 75 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 47 76 fmt.Printf("DEBUG [token/handler]: Received %s request to %s\n", r.Method, r.URL.Path) ··· 56 85 username, password, ok := r.BasicAuth() 57 86 if !ok { 58 87 fmt.Printf("DEBUG [token/handler]: No Basic auth credentials provided\n") 59 - // Get base URL for install instructions 60 - baseURL := r.Header.Get("X-Forwarded-Host") 61 - if baseURL == "" { 62 - baseURL = r.Host 63 - } 64 - if !strings.HasPrefix(baseURL, "http") { 65 - // Add scheme 66 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 67 - baseURL = "https://" + baseURL 68 - } else { 69 - baseURL = "http://" + baseURL 70 - } 71 - } 72 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 73 - http.Error(w, fmt.Sprintf("authentication required - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 88 + sendAuthError(w, r, "authentication required") 74 89 return 75 90 } 76 91 ··· 101 116 device, err := h.deviceStore.ValidateDeviceSecret(password) 102 117 if err != nil { 103 118 fmt.Printf("DEBUG [token/handler]: Device secret validation failed: %v\n", err) 104 - // Get base URL for install instructions 105 - baseURL := r.Header.Get("X-Forwarded-Host") 106 - if baseURL == "" { 107 - baseURL = r.Host 108 - } 109 - if !strings.HasPrefix(baseURL, "http") { 110 - // Add scheme 111 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 112 - baseURL = "https://" + baseURL 113 - } else { 114 - baseURL = "http://" + baseURL 115 - } 116 - } 117 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 118 - http.Error(w, fmt.Sprintf("authentication failed - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 119 + sendAuthError(w, r, "authentication failed") 119 120 return 120 121 } 121 122 ··· 129 130 did, handle, accessToken, err = h.validator.CreateSessionAndGetToken(r.Context(), username, password) 130 131 if err != nil { 131 132 fmt.Printf("DEBUG [token/handler]: App password validation failed: %v\n", err) 132 - // Get base URL for install instructions 133 - baseURL := r.Header.Get("X-Forwarded-Host") 134 - if baseURL == "" { 135 - baseURL = r.Host 136 - } 137 - if !strings.HasPrefix(baseURL, "http") { 138 - // Add scheme 139 - if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" { 140 - baseURL = "https://" + baseURL 141 - } else { 142 - baseURL = "http://" + baseURL 143 - } 144 - } 145 - w.Header().Set("WWW-Authenticate", `Basic realm="ATCR Registry"`) 146 - http.Error(w, fmt.Sprintf("authentication failed - visit %s/install to authenticate or use 'docker login' with your ATProto app-password", baseURL), http.StatusUnauthorized) 133 + sendAuthError(w, r, "authentication failed") 147 134 return 148 135 } 149 136