routes: changes required to do browser authentication #429

shimish2 · 2022-02-25T21:56:30Z

whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request
and in response accept Access-Control-Allow-Headers.

preflight request is in form of OPTIONS method, added new http handler func to set headers
and returns HTTP status ok in case of OPTIONS method.

in case of authorization, request contains authorization header
added authorization header in Access-Control-Allow-Headers list

added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request.

Signed-off-by: Shivam Mishra shimish2@cisco.com

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

codecov · 2022-02-25T22:25:55Z

Codecov Report

Merging #429 (9f19eac) into main (aee9421) will increase coverage by 0.04%.
The diff coverage is 88.88%.

@@            Coverage Diff             @@
##             main     #429      +/-   ##
==========================================
+ Coverage   83.73%   83.77%   +0.04%     
==========================================
  Files          49       49              
  Lines       10168    10194      +26     
==========================================
+ Hits         8514     8540      +26     
  Misses       1294     1294              
  Partials      360      360

Impacted Files	Coverage Δ
pkg/api/config/config.go	`79.31% <ø> (ø)`
pkg/api/authn.go	`79.26% <82.35%> (+1.76%)`	⬆️
pkg/api/controller.go	`90.94% <100.00%> (+0.28%)`	⬆️
pkg/api/routes.go	`74.27% <100.00%> (+0.05%)`	⬆️
pkg/extensions/extensions.go	`80.82% <100.00%> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aee9421...9f19eac. Read the comment docs.

golangcilint.yaml

pkg/api/config/config.go

pkg/api/controller.go

pkg/api/authn.go

pkg/api/controller.go

whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request and in response accept *Access-Control-Allow-Headers*. preflight request is in form of OPTIONS method, added new http handler func to set headers and returns HTTP status ok in case of OPTIONS method. in case of authorization, request contains authorization header added authorization header in Access-Control-Allow-Headers list added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request. Signed-off-by: Shivam Mishra <shimish2@cisco.com>

rchincha

lgtm

shimish2 force-pushed the ui-browser-auth branch from f63c259 to 22484ff Compare February 25, 2022 21:57

shimish2 force-pushed the ui-browser-auth branch 2 times, most recently from cb4efa0 to 078bc2d Compare March 3, 2022 01:51

shimish2 added the feature New feature or request label Mar 3, 2022

shimish2 added this to In progress in zot-core via automation Mar 3, 2022

shimish2 added this to In progress in zot-ui via automation Mar 3, 2022

rchincha added this to the v1.4.0 milestone Mar 3, 2022

shimish2 force-pushed the ui-browser-auth branch from 078bc2d to 85d194b Compare March 3, 2022 05:36

shimish2 marked this pull request as ready for review March 3, 2022 17:02

shimish2 requested a review from rchincha March 3, 2022 17:02

rchincha reviewed Mar 3, 2022

View reviewed changes

golangcilint.yaml Outdated Show resolved Hide resolved

pkg/api/config/config.go Show resolved Hide resolved

pkg/api/controller.go Show resolved Hide resolved

shimish2 force-pushed the ui-browser-auth branch from 85d194b to e8cab22 Compare March 7, 2022 20:56

shimish2 requested a review from rchincha March 7, 2022 21:52

shimish2 force-pushed the ui-browser-auth branch from e8cab22 to f47115c Compare March 7, 2022 21:58