Make container registry support Apple Container (basic auth) (#36920)
Fix #36907
This commit is contained in:
@@ -120,17 +120,19 @@ func apiErrorDefined(ctx *context.Context, err *namedError) {
|
||||
})
|
||||
}
|
||||
|
||||
func apiUnauthorizedError(ctx *context.Context) {
|
||||
func APIUnauthorizedError(ctx *context.Context) {
|
||||
// container registry requires that the "/v2" must be in the root, so the sub-path in AppURL should be removed
|
||||
realmURL := httplib.GuessCurrentHostURL(ctx) + "/v2/token"
|
||||
ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+realmURL+`",service="container_registry",scope="*"`)
|
||||
// support apple container like: container registry login <gitea-host> -u
|
||||
ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Gitea Container Registry"`)
|
||||
apiErrorDefined(ctx, errUnauthorized)
|
||||
}
|
||||
|
||||
// ReqContainerAccess is a middleware which checks the current user valid (real user or ghost if anonymous access is enabled)
|
||||
func ReqContainerAccess(ctx *context.Context) {
|
||||
if ctx.Doer == nil || (setting.Service.RequireSignInViewStrict && ctx.Doer.IsGhost()) {
|
||||
apiUnauthorizedError(ctx)
|
||||
APIUnauthorizedError(ctx)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -156,7 +158,7 @@ func Authenticate(ctx *context.Context) {
|
||||
packageScope := auth_service.GetAccessScope(ctx.Data)
|
||||
if u == nil {
|
||||
if setting.Service.RequireSignInViewStrict {
|
||||
apiUnauthorizedError(ctx)
|
||||
APIUnauthorizedError(ctx)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -170,7 +172,7 @@ func Authenticate(ctx *context.Context) {
|
||||
if err != nil {
|
||||
log.Error("Error checking access scope: %v", err)
|
||||
}
|
||||
apiUnauthorizedError(ctx)
|
||||
APIUnauthorizedError(ctx)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user