Skip to content

Commit

Permalink
fix: Use processed token when getting upload URL (eoftedal#41)
Browse files Browse the repository at this point in the history
Using raw supplied auth when getting the upload URL fails with e.g. GitLab when we need to process the authentication to get a valid token
  • Loading branch information
vehagn authored Jan 28, 2024
1 parent bc260ae commit 37175dc
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 23 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# Changelog

## [3.1.1] - 2024-01-28

### Fixed

- Use processed token instead of raw supplied auth to get upload URL

## [3.1.0] - 2024-01-27

### Added
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ This will take the `nginx:alpine` image, and copy the files from `./dist/` into

1. Create the repository in GitLab
2. Login using your username and password, [CI-credentials](https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html), or [obtain a token from GitLab](https://docs.gitlab.com/ee/api/container_registry.html#obtain-token-from-gitlab)
3. Example using CI-credentials `containerify --toToken "Basic $(echo -n '${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}' | base64)" --to registry.gitlab.com/<Gitlab organisation>/<repository>:<tag>`
3. Example using CI-credentials `containerify --toToken "Basic $(echo -n "${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}" | base64)" --to registry.gitlab.com/<Gitlab organisation>/<repository>:<tag>`

### Command line options

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "containerify",
"version": "3.1.0",
"version": "3.1.1",
"description": "Build node.js docker images without docker",
"main": "./lib/cli.js",
"scripts": {
Expand Down
44 changes: 24 additions & 20 deletions src/registry.ts
Original file line number Diff line number Diff line change
Expand Up @@ -160,31 +160,35 @@ async function processToken(
): Promise<string> {
const { hostname } = URL.parse(registryBaseUrl);
const image = parseImage(imagePath);
if (hostname?.endsWith(".docker.io") && !token) {
const resp = await dlJson<{ token: string }>(
`https://auth.docker.io/token?service=registry.docker.io&scope=repository:${image.path}:pull`,
{},
allowInsecure,
);
return `Bearer ${resp.token}`;
}
if (hostname?.endsWith(".gitlab.com") && token?.startsWith("Basic")) {
if (token?.includes(":")) {
token = "Basic " + Buffer.from(token?.replace("Basic ", "")).toString("base64");
}
const resp = await dlJson<{ token: string }>(
`https://gitlab.com/jwt/auth?service=container_registry&scope=repository:${image.path}:pull,push`,
{ Authorization: token },
allowInsecure,
);
return `Bearer ${resp.token}`;
}
if (hostname?.endsWith(".docker.io") && !token) return getDockerToken(image.path, allowInsecure)
if (!token) return ""; //We allow to pull from tokenless registries
if (hostname?.endsWith(".gitlab.com") && token.startsWith("Basic ")) return getGitLabToken(token, image.path, allowInsecure)
if (token.startsWith("Basic ")) return token;
if (token.startsWith("ghp_")) return "Bearer " + Buffer.from(token).toString("base64");
return "Bearer " + token;
}

async function getDockerToken(imagePath: string, allowInsecure: InsecureRegistrySupport) {
const resp = await dlJson<{ token: string }>(
`https://auth.docker.io/token?service=registry.docker.io&scope=repository:${imagePath}:pull`,
{},
allowInsecure,
);
return `Bearer ${resp.token}`;
}

async function getGitLabToken(token: string, imagePath: string, allowInsecure: InsecureRegistrySupport) {
if (token.includes(":")) {
token = "Basic " + Buffer.from(token?.replace("Basic ", "")).toString("base64");
}
const resp = await dlJson<{ token: string }>(
`https://gitlab.com/jwt/auth?service=container_registry&scope=repository:${imagePath}:pull,push`,
{ Authorization: token },
allowInsecure,
);
return `Bearer ${resp.token}`;
}

type Mount = { mount: string; from: string };
type UploadURL = { uploadUrl: string };
type UploadURLorMounted = UploadURL | { mountSuccess: true };
Expand Down Expand Up @@ -223,7 +227,7 @@ export async function createRegistry(
const url = `${registryBaseUrl}${image.path}/blobs/uploads/${parameters.size > 0 ? "?" + parameters : ""}`;
const options: https.RequestOptions = URL.parse(url);
options.method = "POST";
if (auth) options.headers = { authorization: auth };
if (token) options.headers = { authorization: token };
request(options, allowInsecure, (res) => {
logger.debug("POST", `${url}`, res.statusCode);
if (res.statusCode == 202) {
Expand Down
2 changes: 1 addition & 1 deletion src/version.ts
Original file line number Diff line number Diff line change
@@ -1 +1 @@
export const VERSION = "3.1.0";
export const VERSION = "3.1.1";

0 comments on commit 37175dc

Please sign in to comment.