Skip to content

Commit 11f1602

Browse files
kbukum1kbukum1
committed
Migrate hex handler to OIDCRegistry
1 parent 71c69e7 commit 11f1602

1 file changed

Lines changed: 12 additions & 12 deletions

File tree

internal/handlers/hex_repository.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package handlers
33
import (
44
"net/http"
55
"strings"
6-
"sync"
76

87
"github.com/elazarl/goproxy"
98

@@ -15,9 +14,8 @@ import (
1514

1615
// HexRepositoryHandler handles requests to private hex repositories, adding auth
1716
type HexRepositoryHandler struct {
18-
credentials []hexRepositoryCredentials
19-
oidcCredentials map[string]*oidc.OIDCCredential
20-
mutex sync.RWMutex
17+
credentials []hexRepositoryCredentials
18+
oidcRegistry *oidc.OIDCRegistry
2119
}
2220

2321
type hexRepositoryCredentials struct {
@@ -27,8 +25,8 @@ type hexRepositoryCredentials struct {
2725

2826
func NewHexRepositoryHandler(creds config.Credentials) *HexRepositoryHandler {
2927
handler := HexRepositoryHandler{
30-
credentials: []hexRepositoryCredentials{},
31-
oidcCredentials: make(map[string]*oidc.OIDCCredential),
28+
credentials: []hexRepositoryCredentials{},
29+
oidcRegistry: oidc.NewOIDCRegistry(),
3230
}
3331

3432
for _, cred := range creds {
@@ -38,12 +36,14 @@ func NewHexRepositoryHandler(creds config.Credentials) *HexRepositoryHandler {
3836

3937
url := cred.GetString("url")
4038

41-
oidcCredential, _ := oidc.CreateOIDCCredential(cred)
42-
if oidcCredential != nil {
43-
if url != "" {
44-
handler.oidcCredentials[url] = oidcCredential
45-
logging.RequestLogf(nil, "registered %s OIDC credentials for hex repository: %s", oidcCredential.Provider(), url)
39+
// Hex credentials must remain URL-scoped; do not allow OIDC
40+
// registration to fall back to host-only matching when url is empty.
41+
// OIDC credentials are not used as static credentials.
42+
if url != "" {
43+
if oidcCred, _, _ := handler.oidcRegistry.Register(cred, []string{"url"}, "hex repository"); oidcCred != nil {
44+
continue
4645
}
46+
} else if oidcCred, _ := oidc.CreateOIDCCredential(cred); oidcCred != nil {
4747
continue
4848
}
4949

@@ -70,7 +70,7 @@ func (h *HexRepositoryHandler) HandleRequest(req *http.Request, ctx *goproxy.Pro
7070
}
7171

7272
// Try OIDC credentials first
73-
if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) {
73+
if h.oidcRegistry.TryAuth(req, ctx) {
7474
return req, nil
7575
}
7676

0 commit comments

Comments
 (0)