Files

 master

/

tokentransport.go

Blame

Blame

Latest commit

 

History

History

127 lines (106 loc) · 2.68 KB

 master

/

tokentransport.go

Top

File metadata and controls

• Code
• Blame

127 lines (106 loc) · 2.68 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

package registry

import (

"encoding/json"

"fmt"

"net/http"

"net/url"

)

type TokenTransport struct {

Transport http.RoundTripper

Username string

Password string

}

func (t *TokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {

resp, err := t.Transport.RoundTrip(req)

if err != nil {

return resp, err

}

if authService := isTokenDemand(resp); authService != nil {

resp, err = t.authAndRetry(authService, req)

}

return resp, err

}

type authToken struct {

Token string `json:"token"`

}

func (t *TokenTransport) authAndRetry(authService *authService, req *http.Request) (*http.Response, error) {

token, authResp, err := t.auth(authService)

if err != nil {

return authResp, err

}

retryResp, err := t.retry(req, token)

return retryResp, err

}

func (t *TokenTransport) auth(authService *authService) (string, *http.Response, error) {

authReq, err := authService.Request(t.Username, t.Password)

if err != nil {

return "", nil, err

}

client := http.Client{

Transport: t.Transport,

}

response, err := client.Do(authReq)

if err != nil {

return "", nil, err

}

if response.StatusCode != http.StatusOK {

return "", response, err

}

defer response.Body.Close()

var authToken authToken

decoder := json.NewDecoder(response.Body)

err = decoder.Decode(&authToken)

if err != nil {

return "", nil, err

}

return authToken.Token, nil, nil

}

func (t *TokenTransport) retry(req *http.Request, token string) (*http.Response, error) {

req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))

resp, err := t.Transport.RoundTrip(req)

return resp, err

}

type authService struct {

Realm string

Service string

Scope string

}

func (authService *authService) Request(username, password string) (*http.Request, error) {

url, err := url.Parse(authService.Realm)

if err != nil {

return nil, err

}

q := url.Query()

q.Set("service", authService.Service)

if authService.Scope != "" {

q.Set("scope", authService.Scope)

}

url.RawQuery = q.Encode()

request, err := http.NewRequest("GET", url.String(), nil)

if username != "" || password != "" {

request.SetBasicAuth(username, password)

}

return request, err

}

func isTokenDemand(resp *http.Response) *authService {

if resp == nil {

return nil

}

if resp.StatusCode != http.StatusUnauthorized {

return nil

}

return parseOauthHeader(resp)

}

func parseOauthHeader(resp *http.Response) *authService {

challenges := parseAuthHeader(resp.Header)

for _, challenge := range challenges {

if challenge.Scheme == "bearer" {

return &authService{

Realm: challenge.Parameters["realm"],

Service: challenge.Parameters["service"],

Scope: challenge.Parameters["scope"],

}

}

}

return nil

}