github/distribution
1
0
Fork 0
mirror of https://github.com/distribution/distribution.git synced 2025-09-20 02:34:27 +00:00
Code Issues Projects Releases Wiki Activity

reg/auth: remove contexts from Authorized method

Browse Source 
The details of how request-scoped information is propagated through the
registry server app should be left as private implementation details so
they can be changed without fear of breaking compatibility with
third-party code which imports the distribution module. The
AccessController interface unnecessarily bakes into the public API
details of how authorization grants are propagated through request
contexts. In practice the only values the in-tree authorizers attach to
the request contexts are the UserInfo and Resources for the request.
Change the AccessController interface to return the UserInfo and
Resources directly to allow us to change how request contexts are used
within the app without altering the AccessController interface contract.

Signed-off-by: Cory Snider <csnider@mirantis.com>
This commit is contained in:
Cory Snider
2023-10-24 16:41:54 -04:00
parent 49e22cbf3e
commit bd80d7590d
8 changed files with 53 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
registry/auth/silly/access.go
View File

@@ -8,12 +8,10 @@
package silly
import (
"context"
"fmt"
"net/http"
"strings"
"github.com/distribution/distribution/v3/internal/dcontext"
"github.com/distribution/distribution/v3/registry/auth"
)
@@ -43,7 +41,7 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
// Authorized simply checks for the existence of the authorization header,
// responding with a bearer challenge if it doesn't exist.
func (ac *accessController) Authorized(req *http.Request, accessRecords ...auth.Access) (context.Context, error) {
func (ac *accessController) Authorized(req *http.Request, accessRecords ...auth.Access) (*auth.Grant, error) {
if req.Header.Get("Authorization") == "" {
challenge := challenge{
realm: ac.realm,
@@ -61,10 +59,7 @@ func (ac *accessController) Authorized(req *http.Request, accessRecords ...auth.
return nil, &challenge
}
ctx := auth.WithUser(req.Context(), auth.UserInfo{Name: "silly"})
ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, auth.UserNameKey, auth.UserKey))
return ctx, nil
return &auth.Grant{User: auth.UserInfo{Name: "silly"}}, nil
}
type challenge struct {