diff --git a/internal/handlers/composer.go b/internal/handlers/composer.go index ce54101..2865fad 100644 --- a/internal/handlers/composer.go +++ b/internal/handlers/composer.go @@ -2,7 +2,6 @@ package handlers import ( "net/http" - "sync" "github.com/elazarl/goproxy" @@ -14,9 +13,8 @@ import ( // ComposerHandler handles requests to PHP registries, adding auth. type ComposerHandler struct { - credentials []composerCredentials - oidcCredentials map[string]*oidc.OIDCCredential - mutex sync.RWMutex + credentials []composerCredentials + oidcRegistry *oidc.OIDCRegistry } type composerCredentials struct { @@ -30,8 +28,8 @@ type composerCredentials struct { // NewComposerHandler returns a new ComposerHandler. func NewComposerHandler(creds config.Credentials) *ComposerHandler { handler := ComposerHandler{ - credentials: []composerCredentials{}, - oidcCredentials: make(map[string]*oidc.OIDCCredential), + credentials: []composerCredentials{}, + oidcRegistry: oidc.NewOIDCRegistry(), } for _, cred := range creds { @@ -42,20 +40,8 @@ func NewComposerHandler(creds config.Credentials) *ComposerHandler { registry := cred.GetString("registry") url := cred.GetString("url") - oidcCredential, _ := oidc.CreateOIDCCredential(cred) - if oidcCredential != nil { - host := url - if host == "" { - host = registry - } - hostURL, err := helpers.ParseURLLax(host) - if err == nil { - host = hostURL.Hostname() - } - if host != "" { - handler.oidcCredentials[host] = oidcCredential - logging.RequestLogf(nil, "registered %s OIDC credentials for composer repository: %s", oidcCredential.Provider(), host) - } + // OIDC credentials are not used as static credentials. + if oidcCred, _, _ := handler.oidcRegistry.Register(cred, []string{"url", "registry"}, "composer repository"); oidcCred != nil { continue } @@ -79,7 +65,7 @@ func (h *ComposerHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx } // Try OIDC credentials first - if oidc.TryAuthOIDCRequestWithPrefix(&h.mutex, h.oidcCredentials, req, ctx) { + if h.oidcRegistry.TryAuth(req, ctx) { return req, nil } diff --git a/internal/handlers/oidc_handling_test.go b/internal/handlers/oidc_handling_test.go index dc742e6..40a6724 100644 --- a/internal/handlers/oidc_handling_test.go +++ b/internal/handlers/oidc_handling_test.go @@ -155,7 +155,7 @@ func TestOIDCURLsAreAuthenticated(t *testing.T) { }, urlMocks: []mockHttpRequest{}, expectedLogLines: []string{ - "registered aws OIDC credentials for composer repository: composer.example.com", + "registered aws OIDC credentials for composer repository: https://composer.example.com", }, urlsToAuthenticate: []string{ "https://composer.example.com/some-package", @@ -177,7 +177,7 @@ func TestOIDCURLsAreAuthenticated(t *testing.T) { }, urlMocks: []mockHttpRequest{}, expectedLogLines: []string{ - "registered azure OIDC credentials for composer repository: composer.example.com", + "registered azure OIDC credentials for composer repository: https://composer.example.com", }, urlsToAuthenticate: []string{ "https://composer.example.com/some-package", @@ -199,7 +199,7 @@ func TestOIDCURLsAreAuthenticated(t *testing.T) { }, urlMocks: []mockHttpRequest{}, expectedLogLines: []string{ - "registered jfrog OIDC credentials for composer repository: jfrog.example.com", + "registered jfrog OIDC credentials for composer repository: https://jfrog.example.com", }, urlsToAuthenticate: []string{ "https://jfrog.example.com/some-package", @@ -222,7 +222,7 @@ func TestOIDCURLsAreAuthenticated(t *testing.T) { }, urlMocks: []mockHttpRequest{}, expectedLogLines: []string{ - "registered cloudsmith OIDC credentials for composer repository: cloudsmith.example.com", + "registered cloudsmith OIDC credentials for composer repository: https://cloudsmith.example.com", }, urlsToAuthenticate: []string{ "https://cloudsmith.example.com/some-package",