How to authenticate while using the cache (ratelimit)?

[Animeshz]

According to https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting, the ratelimit of non-authenticated user is around 60 request / hour, which can easily be reached with a few package.

How do we authenticate while performing a nix command such as for example nix profile install github:user/repo#pkg? Since authenticated user can perform 5k request / hour.

[linyinfeng]

I'm sorry that I didn't realize this issue because I test it using a registry docker container without authentication. As the reason described in #20 (comment), I'm not using it on the real ghcr.io.

oranc is originally designed to be an "OCI as S3" server. It receives credentials through AWS_ACCESS_KEY_ID.

export AWS_ACCESS_KEY_ID=(echo -n "{USERNAME}:{PASSWORD}" | base64)
export AWS_SECRET_ACCESS_KEY="_" # can be anything

Only s3 substitutes will use these environment variables, so the substitute URL should be like

s3://PACKAGE_NAME?endpoint=https://oranc.li7g.com/ghcr.io/USERNAME

I refactored the push part to a separate command and removed the push function from the server part, because before the refactor push speed is really slow.

After the refactor, receiving credentials through AWS_ACCESS_KEY_ID seems ugly and inconvenient. Seems HTTP basic authentication is a better choice, but currently I don't know how to make nix using HTTP basic authentication when querying and downloading from a specific substituter.