feat(registry): add declarative protocol routing and request-scoped storage hook context across registries

2026-04-16 10:42:33 +00:00
parent 09335d41f3
commit 9643ef98b9
28 changed files with 2327 additions and 1919 deletions
@@ -42,18 +42,7 @@ export class OciRegistry extends BaseRegistry {
    this.ociTokens = ociTokens;
    this.upstreamProvider = upstreamProvider || null;

-    // Initialize logger
-    this.logger = new Smartlog({
-      logContext: {
-        company: 'push.rocks',
-        companyunit: 'smartregistry',
-        containerName: 'oci-registry',
-        environment: (process.env.NODE_ENV as any) || 'development',
-        runtime: 'node',
-        zone: 'oci'
-      }
-    });
-    this.logger.enableConsole();
+    this.logger = this.createProtocolLogger('oci-registry', 'oci');

    if (upstreamProvider) {
      this.logger.log('info', 'OCI upstream provider configured');
@@ -112,76 +101,70 @@ export class OciRegistry extends BaseRegistry {
    // Remove base path from URL
    const path = context.path.replace(this.basePath, '');

-    // Extract token from Authorization header
-    const authHeader = context.headers['authorization'] || context.headers['Authorization'];
-    const tokenString = authHeader?.replace(/^Bearer\s+/i, '');
+    const tokenString = this.extractBearerToken(context);
    const token = tokenString ? await this.authManager.validateToken(tokenString, 'oci') : null;

-    // Build actor from context and validated token
-    const actor: IRequestActor = {
-      ...context.actor,
-      userId: token?.userId,
-      ip: context.headers['x-forwarded-for'] || context.headers['X-Forwarded-For'],
-      userAgent: context.headers['user-agent'] || context.headers['User-Agent'],
-    };
+    const actor: IRequestActor = this.buildRequestActor(context, token);

-    // Route to appropriate handler
-    // OCI spec: GET /v2/ is the version check endpoint
-    if (path === '/' || path === '' || path === '/v2/' || path === '/v2') {
-      return this.handleVersionCheck();
-    }
+    return this.storage.withContext({ protocol: 'oci', actor }, async () => {
+      // Route to appropriate handler
+      // OCI spec: GET /v2/ is the version check endpoint
+      if (path === '/' || path === '' || path === '/v2/' || path === '/v2') {
+        return this.handleVersionCheck();
+      }

-    // Manifest operations: /{name}/manifests/{reference}
-    const manifestMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/manifests\/([^\/]+)$/);
-    if (manifestMatch) {
-      const [, name, reference] = manifestMatch;
-      // Prefer rawBody for content-addressable operations to preserve exact bytes
-      const bodyData = context.rawBody || context.body;
-      return this.handleManifestRequest(context.method, name, reference, token, bodyData, context.headers, actor);
-    }
+      // Manifest operations: /{name}/manifests/{reference}
+      const manifestMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/manifests\/([^\/]+)$/);
+      if (manifestMatch) {
+        const [, name, reference] = manifestMatch;
+        // Prefer rawBody for content-addressable operations to preserve exact bytes
+        const bodyData = context.rawBody || context.body;
+        return this.handleManifestRequest(context.method, name, reference, token, bodyData, context.headers, actor);
+      }

-    // Blob operations: /{name}/blobs/{digest}
-    const blobMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/(sha256:[a-f0-9]{64})$/);
-    if (blobMatch) {
-      const [, name, digest] = blobMatch;
-      return this.handleBlobRequest(context.method, name, digest, token, context.headers, actor);
-    }
+      // Blob operations: /{name}/blobs/{digest}
+      const blobMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/(sha256:[a-f0-9]{64})$/);
+      if (blobMatch) {
+        const [, name, digest] = blobMatch;
+        return this.handleBlobRequest(context.method, name, digest, token, context.headers, actor);
+      }

-    // Blob upload operations: /{name}/blobs/uploads/
-    const uploadInitMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/uploads\/?$/);
-    if (uploadInitMatch && context.method === 'POST') {
-      const [, name] = uploadInitMatch;
-      // Prefer rawBody for content-addressable operations to preserve exact bytes
-      const bodyData = context.rawBody || context.body;
-      return this.handleUploadInit(name, token, context.query, bodyData);
-    }
+      // Blob upload operations: /{name}/blobs/uploads/
+      const uploadInitMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/uploads\/?$/);
+      if (uploadInitMatch && context.method === 'POST') {
+        const [, name] = uploadInitMatch;
+        // Prefer rawBody for content-addressable operations to preserve exact bytes
+        const bodyData = context.rawBody || context.body;
+        return this.handleUploadInit(name, token, context.query, bodyData);
+      }

-    // Blob upload operations: /{name}/blobs/uploads/{uuid}
-    const uploadMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/uploads\/([^\/]+)$/);
-    if (uploadMatch) {
-      const [, name, uploadId] = uploadMatch;
-      return this.handleUploadSession(context.method, uploadId, token, context);
-    }
+      // Blob upload operations: /{name}/blobs/uploads/{uuid}
+      const uploadMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/blobs\/uploads\/([^\/]+)$/);
+      if (uploadMatch) {
+        const [, name, uploadId] = uploadMatch;
+        return this.handleUploadSession(context.method, uploadId, token, context);
+      }

-    // Tags list: /{name}/tags/list
-    const tagsMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/tags\/list$/);
-    if (tagsMatch) {
-      const [, name] = tagsMatch;
-      return this.handleTagsList(name, token, context.query);
-    }
+      // Tags list: /{name}/tags/list
+      const tagsMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/tags\/list$/);
+      if (tagsMatch) {
+        const [, name] = tagsMatch;
+        return this.handleTagsList(name, token, context.query);
+      }

-    // Referrers: /{name}/referrers/{digest}
-    const referrersMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/referrers\/(sha256:[a-f0-9]{64})$/);
-    if (referrersMatch) {
-      const [, name, digest] = referrersMatch;
-      return this.handleReferrers(name, digest, token, context.query);
-    }
+      // Referrers: /{name}/referrers/{digest}
+      const referrersMatch = path.match(/^\/([^\/]+(?:\/[^\/]+)*)\/referrers\/(sha256:[a-f0-9]{64})$/);
+      if (referrersMatch) {
+        const [, name, digest] = referrersMatch;
+        return this.handleReferrers(name, digest, token, context.query);
+      }

-    return {
-      status: 404,
-      headers: { 'Content-Type': 'application/json' },
-      body: this.createError('NOT_FOUND', 'Endpoint not found'),
-    };
+      return {
+        status: 404,
+        headers: { 'Content-Type': 'application/json' },
+        body: this.createError('NOT_FOUND', 'Endpoint not found'),
+      };
+    });
  }

  protected async checkPermission(