2016-02-01 11:59:10 +00:00
|
|
|
/*
|
|
|
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
2016-02-26 10:54:14 +00:00
|
|
|
|
2016-04-15 05:17:32 +00:00
|
|
|
package token
|
2016-02-01 11:59:10 +00:00
|
|
|
|
|
|
|
import (
|
2016-02-24 06:31:52 +00:00
|
|
|
"net/http"
|
2016-02-01 11:59:10 +00:00
|
|
|
|
2016-02-25 05:40:08 +00:00
|
|
|
"github.com/vmware/harbor/auth"
|
2016-02-01 11:59:10 +00:00
|
|
|
"github.com/vmware/harbor/models"
|
2016-04-15 05:17:32 +00:00
|
|
|
//svc_utils "github.com/vmware/harbor/service/utils"
|
2016-03-25 01:31:50 +00:00
|
|
|
"github.com/vmware/harbor/utils/log"
|
2016-02-01 11:59:10 +00:00
|
|
|
|
|
|
|
"github.com/astaxie/beego"
|
|
|
|
"github.com/docker/distribution/registry/auth/token"
|
|
|
|
)
|
|
|
|
|
2016-04-15 05:17:32 +00:00
|
|
|
// Handler handles request on /service/token, which is the auth provider for registry.
|
|
|
|
type Handler struct {
|
2016-02-01 11:59:10 +00:00
|
|
|
beego.Controller
|
|
|
|
}
|
|
|
|
|
2016-02-26 10:35:55 +00:00
|
|
|
// Get handles GET request, it checks the http header for user credentials
|
|
|
|
// and parse service and scope based on docker registry v2 standard,
|
|
|
|
// checkes the permission agains local DB and generates jwt token.
|
2016-04-15 05:17:32 +00:00
|
|
|
func (h *Handler) Get() {
|
2016-02-01 11:59:10 +00:00
|
|
|
|
2016-04-15 05:17:32 +00:00
|
|
|
request := h.Ctx.Request
|
2016-03-26 16:18:11 +00:00
|
|
|
log.Infof("request url: %v", request.URL.String())
|
2016-03-08 03:53:13 +00:00
|
|
|
username, password, _ := request.BasicAuth()
|
2016-02-01 11:59:10 +00:00
|
|
|
authenticated := authenticate(username, password)
|
2016-04-15 05:17:32 +00:00
|
|
|
service := h.GetString("service")
|
|
|
|
scopes := h.GetStrings("scope")
|
2016-04-05 11:48:13 +00:00
|
|
|
log.Debugf("scopes: %+v", scopes)
|
2016-02-01 11:59:10 +00:00
|
|
|
|
2016-04-05 11:48:13 +00:00
|
|
|
if len(scopes) == 0 && !authenticated {
|
2016-03-25 01:08:44 +00:00
|
|
|
log.Info("login request with invalid credentials")
|
2016-04-15 05:17:32 +00:00
|
|
|
h.CustomAbort(http.StatusUnauthorized, "")
|
2016-02-01 11:59:10 +00:00
|
|
|
}
|
2016-04-15 05:17:32 +00:00
|
|
|
access := GetResourceActions(scopes)
|
2016-02-01 11:59:10 +00:00
|
|
|
for _, a := range access {
|
2016-04-15 05:17:32 +00:00
|
|
|
FilterAccess(username, authenticated, a)
|
2016-02-01 11:59:10 +00:00
|
|
|
}
|
2016-04-15 05:17:32 +00:00
|
|
|
h.serveToken(username, service, access)
|
2016-02-01 11:59:10 +00:00
|
|
|
}
|
|
|
|
|
2016-04-15 05:17:32 +00:00
|
|
|
func (h *Handler) serveToken(username, service string, access []*token.ResourceActions) {
|
|
|
|
writer := h.Ctx.ResponseWriter
|
2016-02-01 11:59:10 +00:00
|
|
|
//create token
|
2016-04-15 05:17:32 +00:00
|
|
|
rawToken, err := MakeToken(username, service, access)
|
2016-02-01 11:59:10 +00:00
|
|
|
if err != nil {
|
2016-03-25 01:08:44 +00:00
|
|
|
log.Errorf("Failed to make token, error: %v", err)
|
2016-02-24 06:31:52 +00:00
|
|
|
writer.WriteHeader(http.StatusInternalServerError)
|
2016-02-01 11:59:10 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
tk := make(map[string]string)
|
|
|
|
tk["token"] = rawToken
|
2016-04-15 05:17:32 +00:00
|
|
|
h.Data["json"] = tk
|
|
|
|
h.ServeJSON()
|
2016-02-01 11:59:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func authenticate(principal, password string) bool {
|
2016-04-15 05:17:32 +00:00
|
|
|
user, err := auth.Login(models.AuthModel{
|
|
|
|
Principal: principal,
|
|
|
|
Password: password,
|
|
|
|
})
|
2016-02-01 11:59:10 +00:00
|
|
|
if err != nil {
|
2016-03-25 01:08:44 +00:00
|
|
|
log.Errorf("Error occurred in UserLogin: %v", err)
|
2016-02-01 11:59:10 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
if user == nil {
|
|
|
|
return false
|
|
|
|
}
|
2016-02-25 06:00:29 +00:00
|
|
|
|
|
|
|
return true
|
2016-02-01 11:59:10 +00:00
|
|
|
}
|