Skip to content

Commit 71c69e7

Browse files
kbukum1kbukum1
authored
Migrate pub handler to OIDCRegistry (#89)
1 parent cb8fe5e commit 71c69e7

1 file changed

Lines changed: 12 additions & 12 deletions

File tree

internal/handlers/pub_repository.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package handlers
22

33
import (
44
"net/http"
5-
"sync"
65

76
"github.com/elazarl/goproxy"
87
"github.com/sirupsen/logrus"
@@ -17,9 +16,8 @@ import (
1716
// the v2 spec.
1817
// https://github.com/dart-lang/pub/blob/db003f2ec3a0751337a1c8d4ff22d4863a28afe6/doc/repository-spec-v2.md
1918
type PubRepositoryHandler struct {
20-
credentials []pubRepositoryCredentials
21-
oidcCredentials map[string]*oidc.OIDCCredential
22-
mutex sync.RWMutex
19+
credentials []pubRepositoryCredentials
20+
oidcRegistry *oidc.OIDCRegistry
2321
}
2422

2523
type pubRepositoryCredentials struct {
@@ -29,8 +27,8 @@ type pubRepositoryCredentials struct {
2927

3028
func NewPubRepositoryHandler(credentials config.Credentials) *PubRepositoryHandler {
3129
handler := PubRepositoryHandler{
32-
credentials: []pubRepositoryCredentials{},
33-
oidcCredentials: make(map[string]*oidc.OIDCCredential),
30+
credentials: []pubRepositoryCredentials{},
31+
oidcRegistry: oidc.NewOIDCRegistry(),
3432
}
3533

3634
for _, credential := range credentials {
@@ -40,12 +38,14 @@ func NewPubRepositoryHandler(credentials config.Credentials) *PubRepositoryHandl
4038

4139
url := credential.GetString("url")
4240

43-
oidcCredential, _ := oidc.CreateOIDCCredential(credential)
44-
if oidcCredential != nil {
45-
if url != "" {
46-
handler.oidcCredentials[url] = oidcCredential
47-
logging.RequestLogf(nil, "registered %s OIDC credentials for pub repository: %s", oidcCredential.Provider(), url)
41+
// Pub credentials must remain URL-scoped; do not allow OIDC
42+
// registration to fall back to host-only matching when url is empty.
43+
// OIDC credentials are not used as static credentials.
44+
if url != "" {
45+
if oidcCred, _, _ := handler.oidcRegistry.Register(credential, []string{"url"}, "pub repository"); oidcCred != nil {
46+
continue
4847
}
48+
} else if oidcCred, _ := oidc.CreateOIDCCredential(credential); oidcCred != nil {
4949
continue
5050
}
5151

@@ -72,7 +72,7 @@ func (h *PubRepositoryHandler) HandleRequest(req *http.Request, ctx *goproxy.Pro
7272
}
7373

7474
// Try OIDC credentials first
75-
if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) {
75+
if h.oidcRegistry.TryAuth(req, ctx) {
7676
return req, nil
7777
}
7878

0 commit comments

Comments
 (0)