middleware

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package middleware provides HTTP middleware for AppView, including authentication (session-based for web UI, token-based for registry), identity resolution (handle/DID to PDS endpoint), and hold discovery for routing blobs to storage endpoints.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractAuthMethod 

func ExtractAuthMethod(next http.Handler) http.Handler

ExtractAuthMethod is an HTTP middleware that extracts the auth method and puller DID from the JWT Authorization header and stores them in the request context for later use by the registry middleware. Also stores the HTTP method for routing decisions (GET/HEAD = pull, PUT/POST = push).

func GetGlobalAuthorizer 

func GetGlobalAuthorizer() auth.HoldAuthorizer

GetGlobalAuthorizer returns the global authorizer instance Used by components that need to clear denial cache (e.g., EnsureCrewMembership)

func GetUser 

func GetUser(r *http.Request) *db.User

GetUser retrieves the user from the request context

func GoImport added in v0.1.3 

func GoImport(modulePath, repoURL string) func(http.Handler) http.Handler

GoImport serves the `<meta name="go-import">` tag required by `go install` / `go get` to resolve the vanity path `atcr.io/...` to the source repository.

Go tooling requests `https://atcr.io/<subpath>?go-get=1` and expects an HTML document with a meta tag of the form: 

<meta name="go-import" content="<root> <vcs> <repo-url>">

The meta tag must be present on every subpath under the module root, so this runs as middleware at the top of the chain and short-circuits any request carrying `?go-get=1`.

func OptionalAuth 

func OptionalAuth(store *db.SessionStore, database *sql.DB) func(http.Handler) http.Handler

OptionalAuth is middleware that optionally includes user if authenticated

func RequireAuth 

func RequireAuth(store *db.SessionStore, database *sql.DB) func(http.Handler) http.Handler

RequireAuth is middleware that requires authentication

func RetryAfterMiddleware added in v0.1.3 

func RetryAfterMiddleware(next http.Handler) http.Handler

RetryAfterMiddleware installs a per-request RetryAfterCarrier in the request context and wraps the response writer so deeper handlers (e.g., the manifest store, when an upstream PDS returns 429) can cause a Retry-After header to be emitted on 429 responses.

func SetGlobalAuthorizer 

func SetGlobalAuthorizer(authorizer auth.HoldAuthorizer)

SetGlobalAuthorizer sets the authorizer instance during initialization Must be called before the registry starts serving requests

func SetGlobalDatabase 

func SetGlobalDatabase(database storage.HoldDIDLookup)

SetGlobalDatabase sets the database instance during initialization Must be called before the registry starts serving requests

func SetGlobalLabelChecker added in v0.1.3 

func SetGlobalLabelChecker(checker LabelChecker)

SetGlobalLabelChecker sets the label checker instance during initialization

func SetGlobalManifestRefChecker 

func SetGlobalManifestRefChecker(checker storage.ManifestReferenceChecker)

SetGlobalManifestRefChecker sets the manifest reference checker during initialization

func SetGlobalRefresher 

func SetGlobalRefresher(refresher *oauth.Refresher)

SetGlobalRefresher sets the OAuth refresher instance during initialization Must be called before the registry starts serving requests

func SetGlobalWebhookDispatcher 

func SetGlobalWebhookDispatcher(dispatcher storage.PushWebhookDispatcher)

SetGlobalWebhookDispatcher sets the push webhook dispatcher during initialization Must be called before the registry starts serving requests

func WithUser 

func WithUser(r *http.Request, user *db.User) *http.Request

WithUser returns a new request with the user set in the context. This is primarily useful for testing.

Types

type LabelChecker added in v0.1.3 

type LabelChecker interface {
	IsTakenDown(did, repository string) (bool, error)
}

LabelChecker checks whether content has been taken down via ATProto labels.

type NamespaceResolver 

type NamespaceResolver struct {
	distribution.Namespace
	// contains filtered or unexported fields
}

NamespaceResolver wraps a namespace and resolves names

func (*NamespaceResolver) BlobStatter 

func (nr *NamespaceResolver) BlobStatter() distribution.BlobStatter

BlobStatter delegates to underlying namespace

func (*NamespaceResolver) Blobs 

func (nr *NamespaceResolver) Blobs() distribution.BlobEnumerator

Blobs delegates to underlying namespace

func (*NamespaceResolver) Repositories 

func (nr *NamespaceResolver) Repositories(ctx context.Context, repos []string, last string) (int, error)

Repositories delegates to underlying namespace

func (*NamespaceResolver) Repository 

func (nr *NamespaceResolver) Repository(ctx context.Context, name reference.Named) (distribution.Repository, error)

Repository resolves the repository name and delegates to underlying namespace Handles names like: - atcr.io/alice/myimage → resolve alice to DID - atcr.io/did:plc:xyz123/myimage → use DID directly

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.