mirror of https://github.com/containers/podman.git
				
				
				
			
		
			
				
	
	
		
			69 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
			
		
		
	
	
			69 lines
		
	
	
		
			2.0 KiB
		
	
	
	
		
			Go
		
	
	
	
| //go:build !remote
 | |
| 
 | |
| package compat
 | |
| 
 | |
| import (
 | |
| 	"encoding/json"
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 	"io"
 | |
| 	"net/http"
 | |
| 	"strings"
 | |
| 
 | |
| 	"github.com/containers/common/pkg/auth"
 | |
| 	DockerClient "github.com/containers/image/v5/docker"
 | |
| 	"github.com/containers/image/v5/types"
 | |
| 	"github.com/containers/podman/v5/libpod"
 | |
| 	"github.com/containers/podman/v5/pkg/api/handlers/utils"
 | |
| 	api "github.com/containers/podman/v5/pkg/api/types"
 | |
| 	"github.com/containers/podman/v5/pkg/domain/entities"
 | |
| 	"github.com/docker/docker/api/types/registry"
 | |
| )
 | |
| 
 | |
| func Auth(w http.ResponseWriter, r *http.Request) {
 | |
| 	var authConfig registry.AuthConfig
 | |
| 	err := json.NewDecoder(r.Body).Decode(&authConfig)
 | |
| 	if err != nil {
 | |
| 		utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to parse request: %w", err))
 | |
| 		return
 | |
| 	}
 | |
| 
 | |
| 	skipTLS := types.NewOptionalBool(false)
 | |
| 	if strings.HasPrefix(authConfig.ServerAddress, "https://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "https://localhost:") || strings.HasPrefix(authConfig.ServerAddress, "localhost:") {
 | |
| 		// support for local testing
 | |
| 		skipTLS = types.NewOptionalBool(true)
 | |
| 	}
 | |
| 
 | |
| 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
 | |
| 	sysCtx := runtime.SystemContext()
 | |
| 	sysCtx.DockerInsecureSkipTLSVerify = skipTLS
 | |
| 
 | |
| 	loginOpts := &auth.LoginOptions{
 | |
| 		Username:    authConfig.Username,
 | |
| 		Password:    authConfig.Password,
 | |
| 		Stdout:      io.Discard,
 | |
| 		NoWriteBack: true, // to prevent credentials to be written on disk
 | |
| 	}
 | |
| 	if err := auth.Login(r.Context(), sysCtx, loginOpts, []string{authConfig.ServerAddress}); err == nil {
 | |
| 		utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
 | |
| 			IdentityToken: "",
 | |
| 			Status:        "Login Succeeded",
 | |
| 		})
 | |
| 	} else {
 | |
| 		var msg string
 | |
| 
 | |
| 		var unauthErr DockerClient.ErrUnauthorizedForCredentials
 | |
| 		if errors.As(err, &unauthErr) {
 | |
| 			msg = "401 Unauthorized"
 | |
| 		} else {
 | |
| 			msg = err.Error()
 | |
| 		}
 | |
| 
 | |
| 		utils.WriteResponse(w, http.StatusInternalServerError, struct {
 | |
| 			Message string `json:"message"`
 | |
| 		}{
 | |
| 			Message: "login attempt to " + authConfig.ServerAddress + " failed with status: " + msg,
 | |
| 		})
 | |
| 	}
 | |
| }
 |