Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit Registry Authentication #212

Open
jay-dee7 opened this issue Oct 25, 2022 · 0 comments
Open

Revisit Registry Authentication #212

jay-dee7 opened this issue Oct 25, 2022 · 0 comments
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work
Milestone
IPFS Milestone 1

Comments

@jay-dee7
Copy link
Member

It's been a while since we revisited our authentication/authorisation flow (which we should do as soon as we can). This ticket is going to act like a spike/research placeholder. Let's prepare a diagram of the entire flow.

  • What happens if you want to push an image?
  • What happens if you want to pull an image?
  • What if it's a HEAD, POST, PUT, PATCH, GET requests?

Also probably a good idea to close this issue out and migrate all the work over here?
#13

When doing some work, today I realised that we've been comparing the wrong values inside our BasicAuth middleware:

From main:
https://github.com/containerish/OpenRegistry/blob/main/auth/basic_auth.go#L50

This line tries to compare like

if ctx.Request().RequestURI != "/v2/" {
 ...
}

Request URI is always in the follow this pattern - <host>:<port>/<path>

What we need to do here is:

// ctx is echo.Context
if ctx.Request().URL.Path != "/v2/" {
  ...
}

Same is true for https://github.com/containerish/OpenRegistry/blob/main/auth/basic_auth.go#L56

While we're at it, probably do it the way official registry (https://github.com/distribution/distribution) does it?

Auth Interface - https://github.com/distribution/distribution/blob/main/registry/auth/auth.go
@jay-dee7 jay-dee7 added this to the IPFS Milestone 1 milestone Oct 25, 2022
@jay-dee7 jay-dee7 added the Security Security enhancement related work label Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request needs-triage This label refers to a non-final decision on implementation, when an important feature/bug is added P1 P1 label is used for this that we see of highest priority. Critical bugs, security issues, etc Security Security enhancement related work
Projects
Containerish Road Map 2023-24
Status: Todo
Milestone
IPFS Milestone 1
Development

No branches or pull requests
1 participant
@jay-dee7