mirror of
https://github.com/containers/podman.git
synced 2025-08-06 11:32:07 +08:00
942f789a88
The new golangci-lint version 1.60.1 has problems with typecheck when linting remote files. We have certain pakcages that should never be inlcuded in remote but the typecheck tries to compile all of them but this never works and it seems to ignore the exclude files we gave it. To fix this the proper way is to mark all packages we only use locally with !remote tags. This is a bit ugly but more correct. I also moved the DecodeChanges() code around as it is called from the client so the handles package which should only be remote doesn't really fit anyway. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
69 lines
2.0 KiB
Go
69 lines
2.0 KiB
Go
//go:build !remote
|
|
|
|
package compat
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/containers/common/pkg/auth"
|
|
DockerClient "github.com/containers/image/v5/docker"
|
|
"github.com/containers/image/v5/types"
|
|
"github.com/containers/podman/v5/libpod"
|
|
"github.com/containers/podman/v5/pkg/api/handlers/utils"
|
|
api "github.com/containers/podman/v5/pkg/api/types"
|
|
"github.com/containers/podman/v5/pkg/domain/entities"
|
|
"github.com/docker/docker/api/types/registry"
|
|
)
|
|
|
|
func Auth(w http.ResponseWriter, r *http.Request) {
|
|
var authConfig registry.AuthConfig
|
|
err := json.NewDecoder(r.Body).Decode(&authConfig)
|
|
if err != nil {
|
|
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to parse request: %w", err))
|
|
return
|
|
}
|
|
|
|
skipTLS := types.NewOptionalBool(false)
|
|
if strings.HasPrefix(authConfig.ServerAddress, "https://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "https://localhost:") || strings.HasPrefix(authConfig.ServerAddress, "localhost:") {
|
|
// support for local testing
|
|
skipTLS = types.NewOptionalBool(true)
|
|
}
|
|
|
|
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
|
|
sysCtx := runtime.SystemContext()
|
|
sysCtx.DockerInsecureSkipTLSVerify = skipTLS
|
|
|
|
loginOpts := &auth.LoginOptions{
|
|
Username: authConfig.Username,
|
|
Password: authConfig.Password,
|
|
Stdout: io.Discard,
|
|
NoWriteBack: true, // to prevent credentials to be written on disk
|
|
}
|
|
if err := auth.Login(r.Context(), sysCtx, loginOpts, []string{authConfig.ServerAddress}); err == nil {
|
|
utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
|
|
IdentityToken: "",
|
|
Status: "Login Succeeded",
|
|
})
|
|
} else {
|
|
var msg string
|
|
|
|
var unauthErr DockerClient.ErrUnauthorizedForCredentials
|
|
if errors.As(err, &unauthErr) {
|
|
msg = "401 Unauthorized"
|
|
} else {
|
|
msg = err.Error()
|
|
}
|
|
|
|
utils.WriteResponse(w, http.StatusInternalServerError, struct {
|
|
Message string `json:"message"`
|
|
}{
|
|
Message: "login attempt to " + authConfig.ServerAddress + " failed with status: " + msg,
|
|
})
|
|
}
|
|
}
|