Fix registry auth

.github/workflows/deploy.yaml

@@ -13,11 +13,15 @@ jobs:
     runs-on: ubuntu-latest
     name: Build & Deploy
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "12.x"
+      - run: npm install
       - name: Publish
-        uses: cloudflare/wrangler-action@v3
+        uses: cloudflare/wrangler-action@2.0.0
         with:
           apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{secrets.CF_ACCOUNT_ID}}
-          command: deploy --env production --minify src/index.js
-          environment: production
+        env:
+          CF_ACCOUNT_ID: ${{secrets.CF_ACCOUNT_ID}}

.github/workflows/stage.yaml

@@ -1,21 +0,0 @@
-name: Deploy to Cloudflare Workers(Staging)
-
-on:
-  pull_request_target:
-    paths-ignore:
-      - '**.md'
-  repository_dispatch:
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    name: Build & Deploy
-    steps:
-      - uses: actions/checkout@v4
-      - name: Publish
-        uses: cloudflare/wrangler-action@v3
-        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{secrets.CF_ACCOUNT_ID}}
-          command: deploy --env staging --minify src/index.js
-          environment: staging

src/index.js

@@ -3,20 +3,14 @@ addEventListener("fetch", (event) => {
   event.respondWith(handleRequest(event.request));
 });
 
-const dockerHub = "https://registry-1.docker.io";
-
 const routes = {
-  // production
-  "docker.libcuda.so": dockerHub,
+  "docker.libcuda.so": "https://registry-1.docker.io",
   "quay.libcuda.so": "https://quay.io",
   "gcr.libcuda.so": "https://gcr.io",
   "k8s-gcr.libcuda.so": "https://k8s.gcr.io",
   "k8s.libcuda.so": "https://registry.k8s.io",
   "ghcr.libcuda.so": "https://ghcr.io",
   "cloudsmith.libcuda.so": "https://docker.cloudsmith.io",
-
-  // staging
-  "docker-staging.libcuda.so": dockerHub,
 };
 
 function routeByHosts(host) {
@@ -42,7 +36,6 @@ async function handleRequest(request) {
       }
     );
   }
-  const isDockerHub = upstream == dockerHub;
   const authorization = request.headers.get("Authorization");
   if (url.pathname == "/v2/") {
     const newUrl = new URL(upstream + "/v2/");
@@ -91,28 +84,7 @@ async function handleRequest(request) {
       return resp;
     }
     const wwwAuthenticate = parseAuthenticate(authenticateStr);
-    let scope = url.searchParams.get("scope");
-    // autocomplete repo part into scope for DockerHub library images
-    // Example: repository:busybox:pull => repository:library/busybox:pull
-    if (scope && isDockerHub) {
-      let scopeParts = scope.split(":");
-      if (scopeParts.length == 3 && !scopeParts[1].includes("/")) {
-        scopeParts[1] = "library/" + scopeParts[1];
-        scope = scopeParts.join(":");
-      }
-    }
-    return await fetchToken(wwwAuthenticate, scope, authorization);
-  }
-  // redirect for DockerHub library images
-  // Example: /v2/busybox/manifests/latest => /v2/library/busybox/manifests/latest
-  if (isDockerHub) {
-    const pathParts = url.pathname.split("/");
-    if (pathParts.length == 5) {
-      pathParts.splice(2, 0, "library");
-      const redirectUrl = new URL(url);
-      redirectUrl.pathname = pathParts.join("/");
-      return Response.redirect(redirectUrl, 301);
-    }
+    return await fetchToken(wwwAuthenticate, url.searchParams, authorization);
   }
   // foward requests
   const newUrl = new URL(upstream + url.pathname);
@@ -129,7 +101,7 @@ function parseAuthenticate(authenticateStr) {
   // match strings after =" and before "
   const re = /(?<=\=")(?:\\.|[^"\\])*(?=")/g;
   const matches = authenticateStr.match(re);
-  if (matches == null || matches.length < 2) {
+  if (matches === null || matches.length < 2) {
     throw new Error(`invalid Www-Authenticate Header: ${authenticateStr}`);
   }
   return {
@@ -138,13 +110,13 @@ function parseAuthenticate(authenticateStr) {
   };
 }
 
-async function fetchToken(wwwAuthenticate, scope, authorization) {
+async function fetchToken(wwwAuthenticate, searchParams, authorization) {
   const url = new URL(wwwAuthenticate.realm);
   if (wwwAuthenticate.service.length) {
     url.searchParams.set("service", wwwAuthenticate.service);
   }
-  if (scope) {
-    url.searchParams.set("scope", scope);
+  if (searchParams.get("scope")) {
+    url.searchParams.set("scope", searchParams.get("scope"));
   }
   headers = new Headers();
   if (authorization) {

wrangler.toml

@@ -1,35 +1,18 @@
 name = "cloudflare-docker-proxy"
-compatibility_date = "2023-12-01"
+workers_dev = true
+main = "src/index.js"
+compatibility_date = "2021-12-07"
 
 [dev]
 ip = "0.0.0.0"
 port = 8787
-local_protocol = "http"
+local_protocol="http"
+upstream_protocol="https"
+
+[vars]
+MODE="production"
+TARGET_UPSTREAM=""
 
 [env.dev.vars]
-MODE = "debug"
-TARGET_UPSTREAM = "https://registry-1.docker.io"
-
-[env.production]
-name = "cloudflare-docker-proxy"
-routes = [
-  { pattern = "docker.libcuda.so", custom_domain = true },
-  { pattern = "quey.libcuda.so", custom_domain = true },
-  { pattern = "gcr.libcuda.so", custom_domain = true },
-  { pattern = "k8s-gcr.libcuda.so", custom_domain = true },
-  { pattern = "k8s.libcuda.so", custom_domain = true },
-  { pattern = "ghcr.libcuda.so", custom_domain = true },
-  { pattern = "cloudsmith.libcuda.so", custom_domain = true },
-]
-
-[env.production.vars]
-MODE = "production"
-TARGET_UPSTREAM = ""
-
-[env.staging]
-name = "cloudflare-docker-proxy-staging"
-route = { pattern = "docker-staging.libcuda.so", custom_domain = true }
-
-[env.staging.vars]
-MODE = "staging"
-TARGET_UPSTREAM = ""
+MODE="debug"
+TARGET_UPSTREAM="https://registry-1.docker.io"