working on better private/public registry support, allow users accoun…

…t stubs to be created, but disabled by default
ekristen · Jul 29, 2014 · bfa3121 · bfa3121
1 parent 902a478
commit bfa3121
Show file tree

Hide file tree

Showing 9 changed files with 75 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 runtime.json
-node_modules
+node_modules
+local.js
diff --git a/config/default.js b/config/default.js
@@ -6,6 +6,7 @@ module.exports = {
     port: 6379,
     host: 'localhost'
   },
+  private: true,
   loglevel: 'debug',
   registries: [
     // format: hostname [, hostname, hostname, hostname]

diff --git a/endpoints/index_defaults.js b/endpoints/index_defaults.js
@@ -15,7 +15,7 @@ module.exports = function(config, redis, logger) {
         version: '1.0.0',
         fn: function(req, res, next) {
           // TODO: pass through to the actual registry??
-    	    res.setHeader('X-Docker-Registry-Version', '0.6.5');
+    	    res.setHeader('X-Docker-Registry-Version', '0.8.0');
     	    res.send(200);
           next();
         }
@@ -30,7 +30,7 @@ module.exports = function(config, redis, logger) {
         version: '1.0.0',
         fn: function(req, res, next) {
           // TODO: pass through to the actual registry??
-    	    res.setHeader('X-Docker-Registry-Version', '0.6.5');
+    	    res.setHeader('X-Docker-Registry-Version', '0.8.0');
     	    res.send(200);
           next();
         }

diff --git a/endpoints/index_users.js b/endpoints/index_users.js
@@ -19,9 +19,9 @@ module.exports = function(config, redis, logger) {
           res.send(200);
           return next();
         },
-        middleware: [
-          index_middleware.requireAuth
-        ]
+        //middleware: [
+        //  index_middleware.requireAuth
+        //]
       },
 
       {

diff --git a/endpoints/internal_users.js b/endpoints/internal_users.js
@@ -42,6 +42,21 @@ module.exports = function(config, redis, logger) {
           internal_middleware.requireAuth
         ]
       },
+
+      {
+        name: 'Enable User',
+        description: 'Enable a Single User',
+        method: 'PUT',
+        path: [
+          '/users/:username/enable',
+          '/users/:username/disable'
+        ],
+        version: '1.0.0',
+        fn: internal_users.enableDisableUser,
+        middleware: [
+          internal_middleware.requireAuth
+        ]
+      },
 
       {
         name: 'Get Permissions',

diff --git a/index/middleware.js b/index/middleware.js
@@ -95,6 +95,8 @@ module.exports = function(config, redis, logger) {
                 break;
             }
 
+            req.authed = true;
+
             index_helpers.generateToken(repo, access, function(err, token) {
               var repo = req.params.namespace + '/' + req.params.repo;
               var token = 'signature=' + token + ', repository="' + repo + '", access=' + access;

diff --git a/index/users.js b/index/users.js
@@ -1,4 +1,5 @@
 var crypto = require('crypto');
+var config = require('config');
 
 module.exports = function(redis, logger) {
   return {
@@ -12,25 +13,33 @@ module.exports = function(redis, logger) {
         var user = JSON.parse(value) || {};
 
         // Check to make sure a user was found.
+        /*
         if (user.length == 0) {
           res.send(403, {message: "bad username and/or password (1)"});
           return next();
         }
-
+        */
+
         var shasum = crypto.createHash("sha1");
         shasum.update(req.body.password);
         var sha1 = shasum.digest("hex");
 
+        var userObj = {};
+
+        userObj.username = req.body.username;
+        userObj.password = sha1;
+        userObj.email = req.body.email;
+
         // Check to make sure the password is valid.
-        if (user.password != sha1) {
+        if (userObj.password != sha1) {
           res.send(403, {message: "bad username and/or password (2)"});
           return next();
         }
 
-        user.password = sha1;
-        user.email = req.body.email;
+        if (config.private == true)
+          userObj.disabled = true;
 
-        redis.set("user:" + req.body.username, JSON.stringify(user), function(err, status) {
+        redis.set("user:" + userObj.username, JSON.stringify(userObj), function(err, status) {
           if (err) {
             res.send(500, err);
             return next();

diff --git a/internal/middleware.js b/internal/middleware.js
@@ -41,10 +41,11 @@ module.exports = function(config, redis, logger) {
           if (value.password == sha1pwd) {
             req.username = user;
 
-            if (value.admin == true) {
+            if (value.admin == true || value.admin == "true") {
               req.admin = true;
             }
             else {
+              logger.debug({message: 'access denied, no admin value set'});
               res.send(403, {message: 'access denied'});
             }
 

diff --git a/internal/users.js b/internal/users.js
@@ -145,7 +145,40 @@ module.exports = function(redis, logger) {
       });
     });
   };
-
+
+  endpoints.enableDisableUser = function(req, res, next) {
+    redis.get('user:' + req.params.username, function(err, user) {
+      if (err) {
+        res.send(500, {message: err, error: true});
+        return next();
+      }
+
+      if (user == null) {
+        res.send(409, {message: 'user does not exist', error: true});
+        return next();
+      }
+
+      var userObj = user;
+
+      if (req.path.indexOf('enable') !== -1) {
+        userObj.disabled = false;
+      } else {
+        userObj.disabled = true;
+      }
+
+      redis.set('user:' + req.params.username, JSON.stringify(userObj), function(err) {
+        if (err) {
+          logger.error({err: err}, "Redis Error -- Unable to Set Key");
+          res.send(500, {err: err});
+          return next();
+        }
+
+        res.send(201, {message: "account enabled", user: req.params.username});
+        return next();
+      })
+    })
+  };
+
   return endpoints;
 
 };