From bfa312174cfd1e78dc6d201cc214c85f3c81f2ce Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Tue, 29 Jul 2014 15:59:41 -0400 Subject: [PATCH] working on better private/public registry support, allow users account stubs to be created, but disabled by default --- .gitignore | 3 ++- config/default.js | 1 + endpoints/index_defaults.js | 4 ++-- endpoints/index_users.js | 6 +++--- endpoints/internal_users.js | 15 +++++++++++++++ index/middleware.js | 2 ++ index/users.js | 19 ++++++++++++++----- internal/middleware.js | 3 ++- internal/users.js | 35 ++++++++++++++++++++++++++++++++++- 9 files changed, 75 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 059d771..8eabaa3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ runtime.json -node_modules \ No newline at end of file +node_modules +local.js diff --git a/config/default.js b/config/default.js index 48fa964..ae8f6c0 100644 --- a/config/default.js +++ b/config/default.js @@ -6,6 +6,7 @@ module.exports = { port: 6379, host: 'localhost' }, + private: true, loglevel: 'debug', registries: [ // format: hostname [, hostname, hostname, hostname] diff --git a/endpoints/index_defaults.js b/endpoints/index_defaults.js index a15aa76..668f090 100644 --- a/endpoints/index_defaults.js +++ b/endpoints/index_defaults.js @@ -15,7 +15,7 @@ module.exports = function(config, redis, logger) { version: '1.0.0', fn: function(req, res, next) { // TODO: pass through to the actual registry?? - res.setHeader('X-Docker-Registry-Version', '0.6.5'); + res.setHeader('X-Docker-Registry-Version', '0.8.0'); res.send(200); next(); } @@ -30,7 +30,7 @@ module.exports = function(config, redis, logger) { version: '1.0.0', fn: function(req, res, next) { // TODO: pass through to the actual registry?? - res.setHeader('X-Docker-Registry-Version', '0.6.5'); + res.setHeader('X-Docker-Registry-Version', '0.8.0'); res.send(200); next(); } diff --git a/endpoints/index_users.js b/endpoints/index_users.js index cd00e92..7c6737a 100644 --- a/endpoints/index_users.js +++ b/endpoints/index_users.js @@ -19,9 +19,9 @@ module.exports = function(config, redis, logger) { res.send(200); return next(); }, - middleware: [ - index_middleware.requireAuth - ] + //middleware: [ + // index_middleware.requireAuth + //] }, { diff --git a/endpoints/internal_users.js b/endpoints/internal_users.js index 69df3d4..7ea8975 100644 --- a/endpoints/internal_users.js +++ b/endpoints/internal_users.js @@ -42,6 +42,21 @@ module.exports = function(config, redis, logger) { internal_middleware.requireAuth ] }, + + { + name: 'Enable User', + description: 'Enable a Single User', + method: 'PUT', + path: [ + '/users/:username/enable', + '/users/:username/disable' + ], + version: '1.0.0', + fn: internal_users.enableDisableUser, + middleware: [ + internal_middleware.requireAuth + ] + }, { name: 'Get Permissions', diff --git a/index/middleware.js b/index/middleware.js index 6e38ce1..d40435b 100644 --- a/index/middleware.js +++ b/index/middleware.js @@ -95,6 +95,8 @@ module.exports = function(config, redis, logger) { break; } + req.authed = true; + index_helpers.generateToken(repo, access, function(err, token) { var repo = req.params.namespace + '/' + req.params.repo; var token = 'signature=' + token + ', repository="' + repo + '", access=' + access; diff --git a/index/users.js b/index/users.js index 664cb9b..8e5e35b 100644 --- a/index/users.js +++ b/index/users.js @@ -1,4 +1,5 @@ var crypto = require('crypto'); +var config = require('config'); module.exports = function(redis, logger) { return { @@ -12,25 +13,33 @@ module.exports = function(redis, logger) { var user = JSON.parse(value) || {}; // Check to make sure a user was found. + /* if (user.length == 0) { res.send(403, {message: "bad username and/or password (1)"}); return next(); } - + */ + var shasum = crypto.createHash("sha1"); shasum.update(req.body.password); var sha1 = shasum.digest("hex"); + var userObj = {}; + + userObj.username = req.body.username; + userObj.password = sha1; + userObj.email = req.body.email; + // Check to make sure the password is valid. - if (user.password != sha1) { + if (userObj.password != sha1) { res.send(403, {message: "bad username and/or password (2)"}); return next(); } - user.password = sha1; - user.email = req.body.email; + if (config.private == true) + userObj.disabled = true; - redis.set("user:" + req.body.username, JSON.stringify(user), function(err, status) { + redis.set("user:" + userObj.username, JSON.stringify(userObj), function(err, status) { if (err) { res.send(500, err); return next(); diff --git a/internal/middleware.js b/internal/middleware.js index 22d64b1..d14bbff 100644 --- a/internal/middleware.js +++ b/internal/middleware.js @@ -41,10 +41,11 @@ module.exports = function(config, redis, logger) { if (value.password == sha1pwd) { req.username = user; - if (value.admin == true) { + if (value.admin == true || value.admin == "true") { req.admin = true; } else { + logger.debug({message: 'access denied, no admin value set'}); res.send(403, {message: 'access denied'}); } diff --git a/internal/users.js b/internal/users.js index 96c8e70..40f4544 100644 --- a/internal/users.js +++ b/internal/users.js @@ -145,7 +145,40 @@ module.exports = function(redis, logger) { }); }); }; - + + endpoints.enableDisableUser = function(req, res, next) { + redis.get('user:' + req.params.username, function(err, user) { + if (err) { + res.send(500, {message: err, error: true}); + return next(); + } + + if (user == null) { + res.send(409, {message: 'user does not exist', error: true}); + return next(); + } + + var userObj = user; + + if (req.path.indexOf('enable') !== -1) { + userObj.disabled = false; + } else { + userObj.disabled = true; + } + + redis.set('user:' + req.params.username, JSON.stringify(userObj), function(err) { + if (err) { + logger.error({err: err}, "Redis Error -- Unable to Set Key"); + res.send(500, {err: err}); + return next(); + } + + res.send(201, {message: "account enabled", user: req.params.username}); + return next(); + }) + }) + }; + return endpoints; };