Support registry login (ciiiii#14)

* Fix dev env

* Support registry login

* Update README

.gitignore

@@ -1,5 +1,6 @@
 ### cloudflare worker ###
 worker
+.wrangler
 
 # Created by https://www.toptal.com/developers/gitignore/api/osx
 # Edit at https://www.toptal.com/developers/gitignore?templates=osx

README.md

@@ -2,15 +2,18 @@
 
 ![deploy](https://github.com/ciiiii/cloudflare-docker-proxy/actions/workflows/deploy.yaml/badge.svg)
 
+[![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/ciiiii/cloudflare-docker-proxy)
+
 > If you're looking for proxy for helm, maybe you can try [cloudflare-helm-proxy](https://github.com/ciiiii/cloudflare-helm-proxy).
 
 ## Deploy
-[![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/ciiiii/cloudflare-docker-proxy)
 
 1. fork this project
 2. modify the link of the above button to your fork url
 3. click the button, you will be redirected to the deploy page
 
+[![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/ciiiii/cloudflare-docker-proxy)
+
 ## Config tutorial
 
 1. use cloudflare worker host: only support proxy one registry

package.json

@@ -8,11 +8,13 @@
   "devDependencies": {
     "prettier": "^2.4.1",
     "webpack": "^5.65.0",
-    "webpack-cli": "^4.9.1"
+    "webpack-cli": "^4.9.1",
+    "wrangler": "^3.36.0"
   },
   "scripts": {
     "format": "prettier --write '**/*.{js,css,json,md}'",
-    "build": "webpack"
+    "build": "webpack",
+    "dev": "wrangler dev src/index.js --env dev"
   },
   "license": "MIT",
   "main": "src/index.js"

src/index.js

@@ -25,6 +25,27 @@ function routeByHosts(host) {
 
 async function handleRequest(request) {
   const url = new URL(request.url);
+  const authorization = request.headers.get("Authorization");
+  if (url.pathname == "/v2/") {
+    if (authorization === null || authorization === "") {
+      const headers = new Headers();
+      if (MODE == "debug") {
+        headers.set(
+          "Www-Authenticate",
+          `Bearer realm="http://${url.host}/v2/auth",service="cloudflare-docker-proxy"`
+        );
+      } else {
+        headers.set(
+          "Www-Authenticate",
+          `Bearer realm="https://${url.hostname}/v2/auth",service="cloudflare-docker-proxy"`
+        );
+      }
+      return new Response(JSON.stringify({ message: "UNAUTHORIZED" }), {
+        status: 401,
+        headers: headers,
+      });
+    }
+  }
   const upstream = routeByHosts(url.hostname);
   if (upstream === "") {
     return new Response(
@@ -80,7 +101,7 @@ async function handleRequest(request) {
       return resp;
     }
     const wwwAuthenticate = parseAuthenticate(authenticateStr);
-    return await fetchToken(wwwAuthenticate, url.searchParams);
+    return await fetchToken(wwwAuthenticate, url.searchParams, authorization);
   }
   // foward requests
   const newUrl = new URL(upstream + url.pathname);
@@ -106,13 +127,17 @@ function parseAuthenticate(authenticateStr) {
   };
 }
 
-async function fetchToken(wwwAuthenticate, searchParams) {
+async function fetchToken(wwwAuthenticate, searchParams, authorization) {
   const url = new URL(wwwAuthenticate.realm);
   if (wwwAuthenticate.service.length) {
     url.searchParams.set("service", wwwAuthenticate.service);
   }
   if (searchParams.get("scope")) {
     url.searchParams.set("scope", searchParams.get("scope"));
   }
-  return await fetch(url, { method: "GET", headers: {} });
+  headers = new Headers();
+  if (authorization) {
+    headers.set("Authorization", authorization);
+  }
+  return await fetch(url, { method: "GET", headers: headers });
 }

wrangler.toml

@@ -16,5 +16,4 @@ TARGET_UPSTREAM=""
 
 [env.dev.vars]
 MODE="debug"
-LOCAL_ADDRESS="http://192.168.10.102:8787"
 TARGET_UPSTREAM="https://registry-1.docker.io"