84 lines
1.9 KiB
Go
84 lines
1.9 KiB
Go
package dockerdist
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/coreos/clair/cmd/clairctl/config"
|
|
)
|
|
|
|
//ErrUnauthorized is return when requested user don't have access to the resource
|
|
var ErrUnauthorized = errors.New("unauthorized access")
|
|
|
|
//bearerAuthParams parse Bearer Token on Www-Authenticate header
|
|
func bearerAuthParams(r *http.Response) map[string]string {
|
|
s := strings.SplitN(r.Header.Get("Www-Authenticate"), " ", 2)
|
|
if len(s) != 2 || s[0] != "Bearer" {
|
|
return nil
|
|
}
|
|
result := map[string]string{}
|
|
|
|
for _, kv := range strings.Split(s[1], ",") {
|
|
parts := strings.Split(kv, "=")
|
|
if len(parts) != 2 {
|
|
continue
|
|
}
|
|
result[strings.Trim(parts[0], "\" ")] = strings.Trim(parts[1], "\" ")
|
|
}
|
|
return result
|
|
}
|
|
|
|
//AuthenticateResponse add authentication headers on request
|
|
func AuthenticateResponse(client *http.Client, dockerResponse *http.Response, request *http.Request) error {
|
|
bearerToken := bearerAuthParams(dockerResponse)
|
|
url := bearerToken["realm"] + "?service=" + url.QueryEscape(bearerToken["service"])
|
|
if bearerToken["scope"] != "" {
|
|
url += "&scope=" + bearerToken["scope"]
|
|
}
|
|
req, err := http.NewRequest("GET", url, nil)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
authConfig, err := GetAuthCredentials(config.ImageName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
req.SetBasicAuth(authConfig.Username, authConfig.Password)
|
|
|
|
response, err := client.Do(req)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer response.Body.Close()
|
|
|
|
if response.StatusCode == http.StatusUnauthorized {
|
|
return ErrUnauthorized
|
|
}
|
|
|
|
if response.StatusCode != http.StatusOK {
|
|
return fmt.Errorf("authentication server response: %v - %v", response.StatusCode, response.Status)
|
|
}
|
|
|
|
type token struct {
|
|
Value string `json:"token"`
|
|
}
|
|
var tok token
|
|
err = json.NewDecoder(response.Body).Decode(&tok)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
request.Header.Set("Authorization", "Bearer "+tok.Value)
|
|
|
|
return nil
|
|
}
|