✨ Change auth service implement (#235)

README.md

@@ -11,7 +11,7 @@ Yet another OCI artifact manager. [Harbor](https://goharbor.io/) is a great prod
 
 ## Demo Server
 
-It runs on AWS ec2 (2C2G, Disk 20G), Linux distribution is Debian 12.1, Docker version 24.0.6.
+It runs on AWS ec2 (2C4G, Disk 40G), Linux distribution is Debian 12.1, Docker version 24.0.6.
 
 ``` sh
 # Install Docker from get.docker.com
@@ -32,10 +32,6 @@ Visit: <https://sigma.tosone.cn>, username/password: sigma/Admin@123
 
 I will periodically reboot the container, and since the container doesn't have any disk mount, every reboot will clear all the data.
 
-## Architecture
-
-I was hoping you could wait for me to finish drawing the architecture.
-
 ## Quick Start
 
 Now sigma is under very early development, so it's not easy to use. But you can try it.
@@ -45,6 +41,14 @@ cd web && yarn && yarn build && cd .. && make build && ./scripts/run_all.sh
 ./bin/sigma server -c ./conf/config.yaml
 ```
 
+## Architecture
+
+I was hoping you could wait for me to finish drawing the architecture.
+
+## Compatibility
+
+The sigma registry implements the OCI Distribution Spec version 1.1.0.
+
 ## Features
 
 - [x] Support docker registry v2 protocol.
@@ -66,3 +70,9 @@ cd web && yarn && yarn build && cd .. && make build && ./scripts/run_all.sh
 - There will be a major release in the middle and end of each year.
 - A minor release is released at the beginning of each month.
 - There will probably be a bugfix release in the middle of each week.
+
+## Alternatives
+
+- [Distribution](https://distribution.github.io/distribution/)
+- [Harbor](https://goharbor.io/)
+- [zot](https://zotregistry.io/)

cmd/server.go

@@ -19,7 +19,6 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 
-	"github.com/go-sigma/sigma/pkg/auth"
 	"github.com/go-sigma/sigma/pkg/cmds/server"
 	"github.com/go-sigma/sigma/pkg/configs"
 	"github.com/go-sigma/sigma/pkg/dal"
@@ -54,8 +53,6 @@ var serverCmd = &cobra.Command{
 			return
 		}
 
-		auth.Initialize()
-
 		err = server.Serve(server.ServerConfig{
 			WithoutDistribution: withoutDistribution,
 			WithoutWorker:       withoutWorker,

pkg/auth/artifact.go

@@ -0,0 +1,35 @@
+// Copyright 2023 sigma
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"github.com/labstack/echo/v4"
+	"github.com/rs/zerolog/log"
+
+	"github.com/go-sigma/sigma/pkg/types/enums"
+)
+
+// Tag ...
+func (s service) Artifact(c echo.Context, artifactID int64, auth enums.Auth) bool {
+	ctx := log.Logger.WithContext(c.Request().Context())
+
+	artifactService := s.artifactServiceFactory.New()
+	artifactObj, err := artifactService.Get(ctx, artifactID)
+	if err != nil {
+		log.Error().Err(err).Msg("Get artifact by id failed")
+		return false
+	}
+	return s.Repository(c, artifactObj.RepositoryID, auth)
+}

pkg/auth/auth.go

@@ -21,35 +21,57 @@ import (
 	"github.com/go-sigma/sigma/pkg/types/enums"
 )
 
+//go:generate mockgen -destination=mocks/service.go -package=mocks github.com/go-sigma/sigma/pkg/auth Service
+//go:generate mockgen -destination=mocks/service_factory.go -package=mocks github.com/go-sigma/sigma/pkg/auth ServiceFactory
+
 // Service is the interface for the auth service
 type Service interface {
 	// Namespace ...
 	Namespace(c echo.Context, namespaceID int64, auth enums.Auth) bool
 	// Repository ...
 	Repository(c echo.Context, repositoryID int64, auth enums.Auth) bool
+	// Tag ...
+	Tag(c echo.Context, tagID int64, auth enums.Auth) bool
+	// Artifact ...
+	Artifact(c echo.Context, artifactID int64, auth enums.Auth) bool
 }
 
-var _ Service = &service{}
+// ServiceFactory is the interface that provides the artifact service factory methods.
+type ServiceFactory interface {
+	New() Service
+}
 
 type service struct {
 	roleServiceFactory       dao.NamespaceMemberServiceFactory
 	namespaceServiceFactory  dao.NamespaceServiceFactory
 	repositoryServiceFactory dao.RepositoryServiceFactory
+	tagServiceFactory        dao.TagServiceFactory
+	artifactServiceFactory   dao.ArtifactServiceFactory
 }
 
 type inject struct {
 	roleServiceFactory       dao.NamespaceMemberServiceFactory
 	namespaceServiceFactory  dao.NamespaceServiceFactory
 	repositoryServiceFactory dao.RepositoryServiceFactory
+	tagServiceFactory        dao.TagServiceFactory
+	artifactServiceFactory   dao.ArtifactServiceFactory
 }
 
-var s Service
+type serviceFactory struct {
+	roleServiceFactory       dao.NamespaceMemberServiceFactory
+	namespaceServiceFactory  dao.NamespaceServiceFactory
+	repositoryServiceFactory dao.RepositoryServiceFactory
+	tagServiceFactory        dao.TagServiceFactory
+	artifactServiceFactory   dao.ArtifactServiceFactory
+}
 
-// Initialize ...
-func Initialize(injects ...inject) {
+// NewServiceFactory creates a new artifact service factory.
+func NewServiceFactory(injects ...inject) ServiceFactory {
 	roleServiceFactory := dao.NewNamespaceMemberServiceFactory()
 	namespaceServiceFactory := dao.NewNamespaceServiceFactory()
 	repositoryServiceFactory := dao.NewRepositoryServiceFactory()
+	tagServiceFactory := dao.NewTagServiceFactory()
+	artifactServiceFactory := dao.NewArtifactServiceFactory()
 	if len(injects) > 0 {
 		ij := injects[0]
 		if ij.roleServiceFactory != nil {
@@ -61,15 +83,32 @@ func Initialize(injects ...inject) {
 		if ij.repositoryServiceFactory != nil {
 			repositoryServiceFactory = ij.repositoryServiceFactory
 		}
+		if ij.tagServiceFactory != nil {
+			tagServiceFactory = ij.tagServiceFactory
+		}
+		if ij.artifactServiceFactory != nil {
+			artifactServiceFactory = ij.artifactServiceFactory
+		}
 	}
-	s = &service{
+	return &serviceFactory{
 		roleServiceFactory:       roleServiceFactory,
 		namespaceServiceFactory:  namespaceServiceFactory,
 		repositoryServiceFactory: repositoryServiceFactory,
+		tagServiceFactory:        tagServiceFactory,
+		artifactServiceFactory:   artifactServiceFactory,
 	}
 }
 
-// GetInstance ...
-func GetInstance() Service {
+// New ...
+func (f *serviceFactory) New() Service {
+	s := &service{
+		roleServiceFactory:       f.roleServiceFactory,
+		namespaceServiceFactory:  f.namespaceServiceFactory,
+		repositoryServiceFactory: f.repositoryServiceFactory,
+		tagServiceFactory:        f.tagServiceFactory,
+		artifactServiceFactory:   f.artifactServiceFactory,
+	}
 	return s
 }
+
+var _ Service = &service{}

pkg/auth/namespace.go

@@ -40,8 +40,14 @@ func (s service) Namespace(c echo.Context, namespaceID int64, auth enums.Auth) b
 		log.Error().Msg("Convert user from header failed")
 		return false
 	}
+
+	// 1. check user is admin or not
+	if user.Role == enums.UserRoleAdmin || user.Role == enums.UserRoleRoot {
+		return true
+	}
+
+	// 2. check namespace visibility
 	namespaceService := s.namespaceServiceFactory.New()
-	// 1. check namespace visibility
 	namespaceObj, err := namespaceService.Get(ctx, namespaceID)
 	if err != nil {
 		log.Error().Err(err).Msg("Get namespace by id failed")
@@ -50,10 +56,7 @@ func (s service) Namespace(c echo.Context, namespaceID int64, auth enums.Auth) b
 	if namespaceObj.Visibility == enums.VisibilityPublic && auth == enums.AuthRead {
 		return true
 	}
-	// 2. check user is admin or not
-	if user.Role == enums.UserRoleAdmin || user.Role == enums.UserRoleRoot {
-		return true
-	}
+
 	// 3. check user is member of the namespace
 	roleService := s.roleServiceFactory.New()
 	namespaceMemberObj, err := roleService.GetNamespaceMember(ctx, namespaceID, user.ID)