Module: Dapp::Dimg::DockerRegistry::Base::Authorization

Included in:
Dapp::Dimg::DockerRegistry::Base
Defined in:
lib/dapp/dimg/docker_registry/base/authorization.rb

Instance Method Summary collapse

Instance Method Details

#authorization_authObject



36
37
38
39
40
41
42
43
44
45
46
# File 'lib/dapp/dimg/docker_registry/base/authorization.rb', line 36

def authorization_auth
  auths = auths_section_from_docker_config
  r = repo
  loop do
    break unless r.include?('/') && !auths.keys.any? { |auth| auth.start_with?(r) }
    r = chomp_name(r)
  end
  credential = (auths[r] || auths.find { |repo, _| repo == r })
  user_not_authorized! if credential.nil?
  credential['auth']
end

#authorization_options(url) ⇒ Object



6
7
8
9
10
11
12
13
14
15
# File 'lib/dapp/dimg/docker_registry/base/authorization.rb', line 6

def authorization_options(url)
  @authorization_options ||= begin
    case authenticate_header = raw_request(url).headers['Www-Authenticate']
    when /Bearer/ then { headers: { Authorization: "Bearer #{authorization_token(authenticate_header)}" } }
    when /Basic/ then { headers: { Authorization: "Basic #{authorization_auth}" } }
    when nil then {}
    else raise Error::Registry, code: :authenticate_type_not_supported, data: { registry: api_url }
    end
  end
end

#authorization_token(authenticate_header) ⇒ Object



17
18
19
20
21
22
23
24
25
26
# File 'lib/dapp/dimg/docker_registry/base/authorization.rb', line 17

def authorization_token(authenticate_header)
  options = parse_authenticate_header(authenticate_header)
  realm = options.delete(:realm)
  begin
    response = raw_request(realm, headers: { Authorization: "Basic #{authorization_auth}" }, query: options, expects: [200])
  rescue Error::Registry
    raise unless (response = raw_request(realm, query: options)).status == 200
  end
  JSON.load(response.body)['token']
end

#auths_section_from_docker_configObject



48
49
50
51
52
# File 'lib/dapp/dimg/docker_registry/base/authorization.rb', line 48

def auths_section_from_docker_config
  file = Pathname(File.join(::Dapp::Dapp.host_docker_config_dir, 'config.json'))
  user_not_authorized! unless file.exist?
  JSON.load(file.read)['auths'].tap { |auths| user_not_authorized! if auths.nil? }
end

#parse_authenticate_header(header) ⇒ Object



28
29
30
31
32
33
34
# File 'lib/dapp/dimg/docker_registry/base/authorization.rb', line 28

def parse_authenticate_header(header)
  [:realm, :service, :scope].map do |option|
    /#{option}="([[^"].]*)/ =~ header
    next unless Regexp.last_match(1)
    [option, Regexp.last_match(1)]
  end.compact.to_h
end