Module: Dapp::DockerRegistry::Mod::Authorization

Included in:

Base

Defined in:

lib/dapp/docker_registry/mod/authorization.rb

Overview

Authorization

Instance Method Summary

• #authorization_auth ⇒ Object
• #authorization_options(url) ⇒ Object
• #authorization_token(authenticate_header) ⇒ Object
• #auths_section_from_docker_config ⇒ Object
• #parse_authenticate_header(header) ⇒ Object

Instance Method Details

#authorization_auth ⇒ Object

# File 'lib/dapp/docker_registry/mod/authorization.rb', line 37

def authorization_auth
  auths = auths_section_from_docker_config
  r = repo
  loop do
    break unless r.include?('/') && !auths.keys.any? { |auth| auth.start_with?(r) }
    r = chomp_name(r)
  end
  credential = (auths[r] || auths.find { |repo, _| repo == r })
  user_not_authorized! if credential.nil?
  credential['auth']
end

#authorization_options(url) ⇒ Object

# File 'lib/dapp/docker_registry/mod/authorization.rb', line 7

def authorization_options(url)
  @authorization_options ||= begin
    case authenticate_header = raw_request(url).headers['Www-Authenticate']
    when /Bearer/ then { headers: { Authorization: "Bearer #{authorization_token(authenticate_header)}" } }
    when /Basic/ then { headers: { Authorization: "Basic #{authorization_auth}" } }
    when nil then {}
    else raise Error::Registry, code: :authenticate_type_not_supported, data: { registry: api_url }
    end
  end
end

#authorization_token(authenticate_header) ⇒ Object

# File 'lib/dapp/docker_registry/mod/authorization.rb', line 18

def authorization_token(authenticate_header)
  options = parse_authenticate_header(authenticate_header)
  realm = options.delete(:realm)
  begin
    response = raw_request(realm, headers: { Authorization: "Basic #{authorization_auth}" }, query: options, expects: [200])
  rescue Error::Registry
    raise unless (response = raw_request(realm, query: options)).status == 200
  end
  JSON.load(response.body)['token']
end

#auths_section_from_docker_config ⇒ Object

# File 'lib/dapp/docker_registry/mod/authorization.rb', line 49

def auths_section_from_docker_config
  file = Pathname(File.join(Dir.home, '.docker', 'config.json'))
  user_not_authorized! unless file.exist?
  JSON.load(file.read)['auths'].tap { |auths| user_not_authorized! if auths.nil? }
end

#parse_authenticate_header(header) ⇒ Object

# File 'lib/dapp/docker_registry/mod/authorization.rb', line 29

def parse_authenticate_header(header)
  [:realm, :service, :scope].map do |option|
    /#{option}="([[^"].]*)/ =~ header
    next unless Regexp.last_match(1)
    [option, Regexp.last_match(1)]
  end.compact.to_h
end