I do not like big commits, but sorta necessary on this, this makes do…

…cker registries 0.8.1 and below all work
ekristen · Sep 22, 2014 · 90a8fde · 90a8fde
1 parent bfa3121
commit 90a8fde
Show file tree

Hide file tree

Showing 14 changed files with 282 additions and 92 deletions.
diff --git a/app.js b/app.js
@@ -12,6 +12,10 @@ var logger = bunyan.createLogger({
 // Setup Redis Connection
 var redis = require('redis').createClient(config.redis.port, config.redis.host);
 
+redis.on('error', function(err) {
+  console.log(err);
+})
+
 // Setup Restify Endpoints
 var endpoints = new restify_endpoints.EndpointManager({
   endpointpath: __dirname + '/endpoints',
@@ -24,6 +28,10 @@ var server = restify.createServer({
   version: '1.0.0'
 });
 
+//server.on('uncaughtException', function (req, res, route, err) {
+//    console.log('uncaughtException', err.stack);
+//});
+
 // Basic Restify Middleware
 server.use(restify.acceptParser(server.acceptable));
 server.use(restify.queryParser());
@@ -51,35 +59,5 @@ server.listen(config.app.port, function () {
   console.log('%s listening at %s', server.name, server.url);
 });
 
-
-// Check and see if the system needs to be initialized,
-// if so create a unqiue token to authenticate against the server.
-redis.smembers('users', function(err, members) {
-  if (members.length == 0) {
-    // We'll assume that the system hasn't been initialzed and generate
-    // random token used for initial auth from the command line tool.
-
-    require('crypto').randomBytes(24, function(ex, buf) {
-      var token = buf.toString('hex');
-
-      redis.set('_initial_auth_token', token, function(err, result) {
-        redis.expire('_initial_auth_token', 1800, function(err, result) {
-          console.log('----------------------------------------------------------------------')
-          console.log()
-          console.log(' First Time Initialization Detected');
-          console.log()
-          console.log(' You will need the following token to authenticate with the');
-          console.log(' command line tool to add your first admin account, this token');
-          console.log(' will expire after 30 minutes, if you do not create your account');
-          console.log(' within that time, simply restart the server and a new token will');
-          console.log(' be generated');
-          console.log()
-          console.log(' Token: ' + token);
-          console.log()
-          console.log('----------------------------------------------------------------------')
-        });
-      });
-    });
-  }
-})
-
+require('./lib/firsttime.js')(config, redis);
+require('./lib/upgrades.js')(config, redis);
diff --git a/config/default.js b/config/default.js
@@ -10,6 +10,7 @@ module.exports = {
   loglevel: 'debug',
   registries: [
     // format: hostname [, hostname, hostname, hostname]
-    '192.168.1.114:5000'
-  ]
+    'localhost:5000'
+  ],
+  version: '1.2.0'
 }
diff --git a/endpoints/index_images.js b/endpoints/index_images.js
@@ -35,6 +35,19 @@ module.exports = function(config, redis, logger) {
         middleware: [ index_middleware.requireAuth ]
       },
 
+      {
+        name: 'getRepoImagesImageAccess',
+        description: '',
+        method: 'GET',
+        path: [
+          '/v1/repositories/:repo/layer/:image/access',
+          '/v1/repositories/:namespace/:repo/layer/:image/access'
+        ],
+        version: '1.0.0',
+        fn: index_images.repoImagesLayerAccess,
+        middleware: [ index_middleware.requireAuth ]
+      }
+
     ]
   };
 

diff --git a/endpoints/index_users.js b/endpoints/index_users.js
@@ -15,24 +15,15 @@ module.exports = function(config, redis, logger) {
         auth: false,
         path: '/v1/users',
         version: '1.0.0',
-        fn: function (req, res, next) {
-          res.send(200);
-          return next();
-        },
-        //middleware: [
-        //  index_middleware.requireAuth
-        //]
+        fn: index_users.validateUser
       },
 
       {
         name: 'Index -- Create / Login User',
         description: 'Endpoint from Index Spec, to login or create user',
         method: 'POST',
         path: '/v1/users',
-        fn: index_users.createUser,
-        middleware: [
-          index_middleware.requireAuth
-        ]
+        fn: index_users.createUser
       },
 
       {

diff --git a/index/helpers.js b/index/helpers.js
@@ -11,13 +11,13 @@ module.exports = function(redis) {
 
       var sha1 = shasum.digest('hex');
 
-      redis.set("token:" + sha1, JSON.stringify({repo: repo, access: access}), function(err, status) {
+      redis.set("tokens:" + sha1, JSON.stringify({repo: repo, access: access}), function(err, status) {
         if (err) cb(err);
         // TODO: better way to do this?
         // Set a 10 minute expiration, 10 minutes should be enough time to download images
         // in the case of a slow internet connection, this could be a problem, but we do not
         // want unused tokens remaining in the system either
-        redis.expire("token:" + sha1, 600, function(err, status) {
+        redis.expire("tokens:" + sha1, 600, function(err, status) {
           if (err) cb(err);
 
           cb(null, sha1);

diff --git a/index/images.js b/index/images.js
@@ -1,3 +1,5 @@
+var util = require('util');
+
 module.exports = function(redis, logger) {
 
   return {
@@ -32,6 +34,8 @@ module.exports = function(redis, logger) {
           res.send(500, err);
           return next();
         }
+
+        console.log(req.token_auth);
 
         if (status == 0) {
           redis.sadd('images', name, function(err) {
@@ -50,6 +54,27 @@ module.exports = function(redis, logger) {
           return next();
         }
       })
+    },
+
+    repoImagesLayerAccess: function (req, res, next) {
+      var key = util.format("tokens:%s:images:%s", req.token_auth.token, req.params.image);
+      redis.get(key, function(err, result) {
+        if (err) {
+          res.send(500, {error: err, access: false})
+          return next();
+        }
+
+        redis.del(key);
+
+        if (result == "1") {
+          res.send(200, {access: true})
+          return next();
+        }
+        else {
+          res.send(200, {access: false})
+          return next();
+        }
+      });
     }
 
   } // end return

diff --git a/index/middleware.js b/index/middleware.js
@@ -28,21 +28,29 @@ module.exports = function(config, redis, logger) {
         shasum.update(pass);
         var sha1pwd = shasum.digest('hex');
 
-        redis.get("user:" + user, function(err, value) {
+        redis.get("users:" + user, function(err, value) {
           if (err) {
             logger.error({err: err, user: user});
             res.send(500, err);
             return next();
           }
 
           if (value == null) {
-            logger.debug({req: req, permission: req.permission, statusCode: 403, message: 'access denied: user not found'});
+            logger.debug({permission: req.permission, statusCode: 403, message: 'access denied: user not found'});
             res.send(403, 'access denied (1)')
             return next();
           }
 
           value = JSON.parse(value);
 
+          // If the account is disabled, do not let it do anything at all
+          if (value.disabled == true || value.disabled == "true") {
+            logger.debug({message: "account is disabled", user: value.username});
+            res.send(401, {message: "access denied (2)"})
+            return next();
+          }
+
+          // Check that passwords match
           if (value.password == sha1pwd) {
             // TODO: Better handling for non repo images urls
             if (req.url == '/v1/users/') {
@@ -99,6 +107,9 @@ module.exports = function(config, redis, logger) {
 
             index_helpers.generateToken(repo, access, function(err, token) {
               var repo = req.params.namespace + '/' + req.params.repo;
+
+              req.token_auth = {token: token, repo: repo, access: access};
+
               var token = 'signature=' + token + ', repository="' + repo + '", access=' + access;
 
               logger.debug({namespace: req.params.namespace, repo: req.params.repo, token: token, access: access});
@@ -111,7 +122,7 @@ module.exports = function(config, redis, logger) {
             })
           }
           else {
-            logger.debug({req: req, statusCode: 401, message: 'access denied: valid authorization information is required'});
+            logger.debug({statusCode: 401, message: 'access denied: valid authorization information is required'});
             res.send(401, 'Authorization required');
             return next();
           }
@@ -125,7 +136,9 @@ module.exports = function(config, redis, logger) {
         var repo   = matches[1].split('=')[1].replace(/\"/g, '');
         var access = matches[2].split('=')[1];
 
-        redis.get("token:" + sig, function(err, value) {
+        req.token_auth = { token: sig, repo: repo, access: access };
+
+        redis.get("tokens:" + sig, function(err, value) {
           if (err) {
             logger.error({err: err, token: sig});
             res.send(500, err);
@@ -134,12 +147,12 @@ module.exports = function(config, redis, logger) {
 
           value = JSON.parse(value);
 
-          redis.del("token:" + sig, function (err) {
-            if (err) {
-              logger.error({err: err, token: sig});
-              res.send(500, err);
-              return next();
-            }
+          //redis.del("token:" + sig, function (err) {
+          //  if (err) {
+          //    logger.error({err: err, token: sig});
+          //    res.send(500, err);
+          //    return next();
+          //  }
 
             if (value.repo == repo && value.access == access) {
               return next();
@@ -148,7 +161,7 @@ module.exports = function(config, redis, logger) {
               res.send(401, 'Authorization required');
               return next();
             }
-          });
+            //});
 
         });
       }

diff --git a/index/repos.js b/index/repos.js
@@ -1,11 +1,14 @@
+var async = require('async');
+var util = require('util');
+
 module.exports = function(redis, logger) {
 
   return {
 
     repoGet: function (req, res, next) {
       if (!req.params.namespace)
         req.params.namespace = 'library';
-
+        
       if (req.permission != 'admin' && req.permission != 'write') {
         res.send(403, 'access denied');
         return next();
@@ -66,15 +69,37 @@ module.exports = function(redis, logger) {
           final_images.push(images[key]);
         }
 
-        redis.set('images:' + req.params.namespace + '_' + req.params.repo, JSON.stringify(final_images), function(err, status) {
+        var image_key = util.format("images:%s_%s", req.params.namespace, req.params.repo);
+        redis.set(image_key, JSON.stringify(final_images), function(err, status) {
           if (err) {
             logger.error({err: err, type: 'redis', namespace: req.params.namespace, repo: req.params.repo});
             res.send(500, err);
             return next();
           }
 
-          res.send(200, "")
-          return next();
+          async.each(final_images, function(image, cb) {
+            var token_key = util.format("tokens:%s:images:%s", req.token_auth.token, image.id);
+            redis.set(token_key, 1, function(err, resp) {
+              if (err) {
+                cb(err);
+              }
+              redis.expire(token_key, 60, function(err, resp2) {
+                if (err) {
+                  cb(err);
+                }
+
+                cb();
+              });
+            });
+          }, function(err) {
+            if (err) {
+              res.send(500, "something went wrong");
+              return next();
+            }
+
+            res.send(200);
+            return next();
+          });
         })
       });
     },