fix(api): manage registry authentication in the API (#1751)

2025-07-24 07:49:41 +02:00 · 2018-03-23 08:44:43 +10:00 · 2018-03-23 08:44:43 +10:00 · 30dfd3d616
commit 30dfd3d616
parent c267f8bf57
11 changed files with 183 additions and 42 deletions
--- a/api/http/proxy/registry.go
+++ b/api/http/proxy/registry.go
@ -0,0 +1,37 @@
+package proxy
+
+import (
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/security"
+)
+
+func createRegistryAuthenticationHeader(serverAddress string, accessContext *registryAccessContext) *registryAuthenticationHeader {
+	var authenticationHeader *registryAuthenticationHeader
+
+	if serverAddress == "" {
+		authenticationHeader = &registryAuthenticationHeader{
+			Username:      accessContext.dockerHub.Username,
+			Password:      accessContext.dockerHub.Password,
+			Serveraddress: "docker.io",
+		}
+	} else {
+		var matchingRegistry *portainer.Registry
+		for _, registry := range accessContext.registries {
+			if registry.URL == serverAddress &&
+				(accessContext.isAdmin || (!accessContext.isAdmin && security.AuthorizedRegistryAccess(&registry, accessContext.userID, accessContext.teamMemberships))) {
+				matchingRegistry = &registry
+				break
+			}
+		}
+
+		if matchingRegistry != nil {
+			authenticationHeader = &registryAuthenticationHeader{
+				Username:      matchingRegistry.Username,
+				Password:      matchingRegistry.Password,
+				Serveraddress: matchingRegistry.URL,
+			}
+		}
+	}
+
+	return authenticationHeader
+}