0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-23 22:27:35 -05:00
zot/pkg/test/bearer.go
peusebiu 4d0bbf1e00
fix(mgmt): skip bearer authn for mgmt route (#1267)
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2023-03-16 12:02:59 -07:00

79 lines
1.7 KiB
Go

package test
import (
"fmt"
"net/http"
"net/http/httptest"
"regexp"
"strings"
"time"
"github.com/chartmuseum/auth"
"github.com/mitchellh/mapstructure"
)
type (
AccessTokenResponse struct {
AccessToken string `json:"access_token"` //nolint:tagliatelle // token format
}
AuthHeader struct {
Realm string
Service string
Scope string
}
)
func MakeAuthTestServer(serverKey string, unauthorizedNamespace string) *httptest.Server {
cmTokenGenerator, err := auth.NewTokenGenerator(&auth.TokenGeneratorOptions{
PrivateKeyPath: serverKey,
Audience: "Zot Registry",
Issuer: "Zot",
AddKIDHeader: true,
})
if err != nil {
panic(err)
}
authTestServer := httptest.NewServer(http.HandlerFunc(func(response http.ResponseWriter, request *http.Request) {
scope := request.URL.Query().Get("scope")
parts := strings.Split(scope, ":")
name := parts[1]
actions := strings.Split(parts[2], ",")
if name == unauthorizedNamespace {
actions = []string{}
}
access := []auth.AccessEntry{
{
Name: name,
Type: "repository",
Actions: actions,
},
}
token, err := cmTokenGenerator.GenerateToken(access, time.Minute*1)
if err != nil {
panic(err)
}
response.Header().Set("Content-Type", "application/json")
fmt.Fprintf(response, `{"access_token": "%s"}`, token)
}))
return authTestServer
}
func ParseBearerAuthHeader(authHeaderRaw string) *AuthHeader {
re := regexp.MustCompile(`([a-zA-z]+)="(.+?)"`)
matches := re.FindAllStringSubmatch(authHeaderRaw, -1)
matchmap := make(map[string]string)
for i := 0; i < len(matches); i++ {
matchmap[matches[i][1]] = matches[i][2]
}
var h AuthHeader
if err := mapstructure.Decode(matchmap, &h); err != nil {
panic(err)
}
return &h
}