A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
we only use service tokens now
+4
-3
+4
-3
pkg/hold/pds/xrpc.go
+4
-3
pkg/hold/pds/xrpc.go
···
120
120
// Stores validated user in request context
121
121
func (h *XRPCHandler) requireAuth(next http.Handler) http.Handler {
122
122
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
123
-
user, err := ValidateDPoPRequest(r, h.httpClient)
123
+
// Service token authentication
124
+
user, err := ValidateServiceToken(r, h.pds.did, h.httpClient)
124
125
if err != nil {
125
-
http.Error(w, fmt.Sprintf("authentication failed: %v", err), http.StatusUnauthorized)
126
-
return
126
+
http.Error(w, fmt.Sprintf("unauthorized: %v", err), http.StatusForbidden)
127
+
return
127
128
}
128
129
// Store user in context for handlers to access
129
130
ctx := context.WithValue(r.Context(), contextKeyUser, user)