github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/api/types/registry/authconfig.go (about) 1 package registry // import "github.com/docker/docker/api/types/registry" 2 import ( 3 "encoding/base64" 4 "encoding/json" 5 "io" 6 "strings" 7 8 "github.com/pkg/errors" 9 ) 10 11 // AuthHeader is the name of the header used to send encoded registry 12 // authorization credentials for registry operations (push/pull). 13 const AuthHeader = "X-Registry-Auth" 14 15 // AuthConfig contains authorization information for connecting to a Registry. 16 type AuthConfig struct { 17 Username string `json:"username,omitempty"` 18 Password string `json:"password,omitempty"` 19 Auth string `json:"auth,omitempty"` 20 21 // Email is an optional value associated with the username. 22 // This field is deprecated and will be removed in a later 23 // version of docker. 24 Email string `json:"email,omitempty"` 25 26 ServerAddress string `json:"serveraddress,omitempty"` 27 28 // IdentityToken is used to authenticate the user and get 29 // an access token for the registry. 30 IdentityToken string `json:"identitytoken,omitempty"` 31 32 // RegistryToken is a bearer token to be sent to a registry 33 RegistryToken string `json:"registrytoken,omitempty"` 34 } 35 36 // EncodeAuthConfig serializes the auth configuration as a base64url encoded 37 // RFC4648, section 5) JSON string for sending through the X-Registry-Auth header. 38 // 39 // For details on base64url encoding, see: 40 // - RFC4648, section 5: https://tools.ietf.org/html/rfc4648#section-5 41 func EncodeAuthConfig(authConfig AuthConfig) (string, error) { 42 buf, err := json.Marshal(authConfig) 43 if err != nil { 44 return "", errInvalidParameter{err} 45 } 46 return base64.URLEncoding.EncodeToString(buf), nil 47 } 48 49 // DecodeAuthConfig decodes base64url encoded (RFC4648, section 5) JSON 50 // authentication information as sent through the X-Registry-Auth header. 51 // 52 // This function always returns an AuthConfig, even if an error occurs. It is up 53 // to the caller to decide if authentication is required, and if the error can 54 // be ignored. 55 // 56 // For details on base64url encoding, see: 57 // - RFC4648, section 5: https://tools.ietf.org/html/rfc4648#section-5 58 func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) { 59 if authEncoded == "" { 60 return &AuthConfig{}, nil 61 } 62 63 authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded)) 64 return decodeAuthConfigFromReader(authJSON) 65 } 66 67 // DecodeAuthConfigBody decodes authentication information as sent as JSON in the 68 // body of a request. This function is to provide backward compatibility with old 69 // clients and API versions. Current clients and API versions expect authentication 70 // to be provided through the X-Registry-Auth header. 71 // 72 // Like DecodeAuthConfig, this function always returns an AuthConfig, even if an 73 // error occurs. It is up to the caller to decide if authentication is required, 74 // and if the error can be ignored. 75 func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) { 76 return decodeAuthConfigFromReader(rdr) 77 } 78 79 func decodeAuthConfigFromReader(rdr io.Reader) (*AuthConfig, error) { 80 authConfig := &AuthConfig{} 81 if err := json.NewDecoder(rdr).Decode(authConfig); err != nil { 82 // always return an (empty) AuthConfig to increase compatibility with 83 // the existing API. 84 return &AuthConfig{}, invalid(err) 85 } 86 return authConfig, nil 87 } 88 89 func invalid(err error) error { 90 return errInvalidParameter{errors.Wrap(err, "invalid X-Registry-Auth header")} 91 } 92 93 type errInvalidParameter struct{ error } 94 95 func (errInvalidParameter) InvalidParameter() {} 96 97 func (e errInvalidParameter) Cause() error { return e.error } 98 99 func (e errInvalidParameter) Unwrap() error { return e.error }