JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

authorizer: default token expiration to 60s 

When server does not return expiration time for token
default to 60s. This replaces previous solution
in error handling that broke cross-repo push.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
master
Tonis Tiigi 2022-02-13 21:51:15 -08:00
parent 9004de8804
commit ed0408ac52
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
session/auth/authprovider/authprovider.go
View File

@ -28,6 +28,8 @@ import (
"google.golang.org/grpc/status"
)
const defaultExpiration = 60
func NewDockerAuthProvider(stderr io.Writer) session.Attachable {
return &authProvider{
config: config.LoadDefaultConfigFile(stderr),
@ -196,6 +198,9 @@ func (ap *authProvider) getAuthorityKey(host string, salt []byte) (ed25519.Priva
}
func toTokenResponse(token string, issuedAt time.Time, expires int) *auth.FetchTokenResponse {
if expires == 0 {
expires = defaultExpiration
}
resp := &auth.FetchTokenResponse{
Token: token,
ExpiresIn: int64(expires),

14
util/resolver/authorizer.go
View File

@ -23,6 +23,8 @@ import (
"github.com/sirupsen/logrus"
)
const defaultExpiration = 60
type authHandlerNS struct {
counter int64 // needs to be 64bit aligned for 32bit systems
@ -351,6 +353,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = time.Unix(resp.IssuedAt, 0), int(resp.ExpiresIn)
token = resp.Token
return nil, nil
@ -378,6 +383,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.AccessToken
return nil, nil
@ -389,6 +397,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
}
return nil, err
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.Token
return nil, nil
@ -398,6 +409,9 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
if err != nil {
return nil, errors.Wrap(err, "failed to fetch anonymous token")
}
if resp.ExpiresIn == 0 {
resp.ExpiresIn = defaultExpiration
}
issuedAt, expires = resp.IssuedAt, resp.ExpiresIn
token = resp.Token