feat: integrate openID auth logic and user profile management (#1381)

This change introduces OpenID authn by using providers such as Github, Gitlab, Google and Dex. User sessions are now used for web clients to identify and persist an authenticated users session, thus not requiring every request to use credentials. Another change is apikey feature, users can create/revoke their api keys and use them to authenticate when using cli clients such as skopeo. eg: login: /auth/login?provider=github /auth/login?provider=gitlab and so on logout: /auth/logout redirectURL: /auth/callback/github /auth/callback/gitlab and so on If network policy doesn't allow inbound connections, this callback wont work! for more info read documentation added in this commit. Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro> Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> Co-authored-by: Alex Stan <alexandrustan96@yahoo.ro>
2026-06-16 04:17:55 +08:00 · 2023-07-07 19:27:10 +03:00
parent 5494a1b8d6
commit 17d1338af1
51 changed files with 5467 additions and 624 deletions
@@ -80,7 +80,14 @@ var (
 	ErrMediaTypeNotSupported          = errors.New("repodb: media type is not supported")
 	ErrTimeout                        = errors.New("operation timeout")
 	ErrNotImplemented                 = errors.New("not implemented")
-	ErrUnableToCreateUserBucket       = errors.New("repodb: unable to create a user bucket for user")
+	ErrDedupeRebuild                  = errors.New("dedupe: couldn't rebuild dedupe index")
+	ErrMissingAuthHeader              = errors.New("auth: required authorization header is missing")
+	ErrUserAPIKeyNotFound             = errors.New("userDB: user info for given API key hash not found")
+	ErrUserSessionNotFound            = errors.New("userDB: user session for given ID not found")
+	ErrBucketDoesNotExist             = errors.New("DB: bucket does not exist")
+	ErrOpenIDProviderDoesNotExist     = errors.New("openID: provider does not exist in given config")
+	ErrHashKeyNotCreated              = errors.New("cookiestore: generated random hash key is nil, not continuing")
+	ErrFailedTypeAssertion            = errors.New("type assertion failed")
 	ErrInvalidOldUserStarredRepos     = errors.New("repodb: invalid old entry for user starred repos")
 	ErrUnmarshalledRepoListIsNil      = errors.New("repodb: list of repos is still nil")
 	ErrCouldNotMarshalStarredRepos    = errors.New("repodb: could not repack entry for user starred repos")
@@ -89,7 +96,6 @@ var (
 	ErrUserDataNotFound               = errors.New("repodb: user data not found for given user identifier")
 	ErrUserDataNotAllowed             = errors.New("repodb: user data operations are not allowed")
 	ErrCouldNotPersistData            = errors.New("repodb: could not persist to db")
-	ErrDedupeRebuild                  = errors.New("dedupe: couldn't rebuild dedupe index")
 	ErrSignConfigDirNotSet            = errors.New("signatures: signature config dir not set")
 	ErrBadManifestDigest              = errors.New("signatures: bad manifest digest")
 	ErrInvalidSignatureType           = errors.New("signatures: invalid signature type")
@@ -100,4 +106,5 @@ var (
 	ErrInvalidTruststoreType          = errors.New("signatures: invalid truststore type")
 	ErrInvalidTruststoreName          = errors.New("signatures: invalid truststore name")
 	ErrInvalidCertificateContent      = errors.New("signatures: invalid certificate content")
+	ErrInvalidStateCookie             = errors.New("auth: state cookie not present or differs from original state")
 )