graphql: Apply authorization on /_search endpoint

- AccessControlContext now resides in a separate package from where it can be imported,
along with the contextKey that will be used to set and retrieve this context value.

- AccessControlContext has a new field called Username, that will be of use for future
implementations in graphQL resolvers.

- GlobalSearch resolver now uses this context to filter repos available to the logged user.

- moved logic for uploading images in tests so that it can be used in every package

- tests were added for multiple request scenarios, when zot-server requires authz
on specific repos

- added tests with injected errors for extended coverage

- added tests for status code error injection utilities

Closes https://github.com/project-zot/zot/issues/615

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>

pkg/api/routes.go

@@ -34,6 +34,7 @@ import (
 	"zotregistry.io/zot/pkg/api/constants"
 	ext "zotregistry.io/zot/pkg/extensions"
 	"zotregistry.io/zot/pkg/log"
+	localCtx "zotregistry.io/zot/pkg/requestcontext"
 	"zotregistry.io/zot/pkg/storage"
 	"zotregistry.io/zot/pkg/test" // nolint:goimports
 	// as required by swaggo.
@@ -1240,9 +1241,11 @@ func (rh *RouteHandler) ListRepositories(response http.ResponseWriter, request *
 	}
 
 	var repos []string
+	authzCtxKey := localCtx.GetContextKey()
+
 	// get passed context from authzHandler and filter out repos based on permissions
 	if authCtx := request.Context().Value(authzCtxKey); authCtx != nil {
-		acCtx, ok := authCtx.(AccessControlContext)
+		acCtx, ok := authCtx.(localCtx.AccessControlContext)
 		if !ok {
 			response.WriteHeader(http.StatusInternalServerError)
 
@@ -1250,7 +1253,7 @@ func (rh *RouteHandler) ListRepositories(response http.ResponseWriter, request *
 		}
 
 		for _, r := range combineRepoList {
-			if acCtx.isAdmin || matchesRepo(acCtx.globPatterns, r) {
+			if acCtx.IsAdmin || matchesRepo(acCtx.GlobPatterns, r) {
 				repos = append(repos, r)
 			}
 		}