Migrate rubygems handler to OIDCRegistry

kbukum1 · kbukum1 · commit 83c2c9cfabed · 2026-04-03T00:05:41.000-05:00
Replace manual OIDC credential map and mutex with the shared
OIDCRegistry type. Rubygems already used url-with-host-fallback
as the key, so this is a pure structural refactor with no
behavior change.
diff --git a/internal/handlers/rubygems_server.go b/internal/handlers/rubygems_server.go
@@ -3,7 +3,6 @@ package handlers
 import (
 	"net/http"
 	"strings"
-	"sync"
 
 	"github.com/elazarl/goproxy"
 
@@ -15,9 +14,8 @@ import (
 
 // RubyGemsServerHandler handles requests to rubygems servers, adding auth.
 type RubyGemsServerHandler struct {
-	credentials     []rubyGemsServerCredentials
-	oidcCredentials map[string]*oidc.OIDCCredential
-	mutex           sync.RWMutex
+	credentials  []rubyGemsServerCredentials
+	oidcRegistry *oidc.OIDCRegistry
 }
 
 type rubyGemsServerCredentials struct {
@@ -29,8 +27,8 @@ type rubyGemsServerCredentials struct {
 // NewRubyGemsServerHandler returns a new RubyGemsServerHandler.
 func NewRubyGemsServerHandler(creds config.Credentials) *RubyGemsServerHandler {
 	handler := RubyGemsServerHandler{
-		credentials:     []rubyGemsServerCredentials{},
-		oidcCredentials: make(map[string]*oidc.OIDCCredential),
+		credentials:  []rubyGemsServerCredentials{},
+		oidcRegistry: oidc.NewOIDCRegistry(),
 	}
 
 	for _, cred := range creds {
@@ -41,16 +39,11 @@ func NewRubyGemsServerHandler(creds config.Credentials) *RubyGemsServerHandler {
 		host := cred.Host()
 		url := cred.GetString("url")
 
-		oidcCredential, _ := oidc.CreateOIDCCredential(cred)
-		if oidcCredential != nil {
-			hostURL := url
-			if hostURL == "" {
-				hostURL = host
-			}
-			if hostURL != "" {
-				handler.oidcCredentials[hostURL] = oidcCredential
-				logging.RequestLogf(nil, "registered %s OIDC credentials for rubygems server: %s", oidcCredential.Provider(), hostURL)
-			}
+		if oidcCred, _, ok := handler.oidcRegistry.Register(cred, []string{"url"}, "rubygems server"); ok {
+			continue
+		} else if oidcCred != nil {
+			// OIDC-configured but registration failed (e.g. no URL/host) — skip
+			// static credential processing to match original behavior.
 			continue
 		}
 
@@ -72,7 +65,7 @@ func (h *RubyGemsServerHandler) HandleRequest(req *http.Request, ctx *goproxy.Pr
 	}
 
 	// Try OIDC credentials first
-	if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) {
+	if h.oidcRegistry.TryAuth(req, ctx) {
 		return req, nil
 	}
 
