mirror of
https://github.com/project-zot/zot.git
synced 2024-12-30 22:34:13 -05:00
c6b822f3dd
fix(authz): fix isAdmin not using groups to determine if a user is admin. fix(authz): return 401 instead of 403 403 is correct as per HTTP spec However authz is not part of dist-spec and clients know only about 401 So this is a compromise. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
33 lines
711 B
Go
33 lines
711 B
Go
package uac
|
|
|
|
import (
|
|
"context"
|
|
|
|
"zotregistry.io/zot/errors"
|
|
)
|
|
|
|
// request-local context key.
|
|
var amwCtxKey = Key(1) //nolint: gochecknoglobals
|
|
|
|
// pointer needed for use in context.WithValue.
|
|
func GetAuthnMiddlewareCtxKey() *Key {
|
|
return &amwCtxKey
|
|
}
|
|
|
|
type AuthnMiddlewareContext struct {
|
|
AuthnType string
|
|
}
|
|
|
|
func GetAuthnMiddlewareContext(ctx context.Context) (*AuthnMiddlewareContext, error) {
|
|
authnMiddlewareCtxKey := GetAuthnMiddlewareCtxKey()
|
|
if authnMiddlewareCtx := ctx.Value(authnMiddlewareCtxKey); authnMiddlewareCtx != nil {
|
|
amCtx, ok := authnMiddlewareCtx.(AuthnMiddlewareContext)
|
|
if !ok {
|
|
return nil, errors.ErrBadType
|
|
}
|
|
|
|
return &amCtx, nil
|
|
}
|
|
|
|
return nil, nil //nolint: nilnil
|
|
}
|