cuducos.me / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
fork atom

fix pull stats tracking

evan.jarrett.net 1f0705a2 347db5c3

verified
+16 -6
+8
pkg/appview/db/migrations/0007_add_artifact_type.yaml
··· 1 + description: Add artifact_type column to manifests table for Helm chart support 2 + query: | 3 + -- Add artifact_type column to track manifest types (container-image, helm-chart, unknown) 4 + -- Default to container-image for existing manifests 5 + ALTER TABLE manifests ADD COLUMN artifact_type TEXT NOT NULL DEFAULT 'container-image'; 6 + 7 + -- Add index for filtering by artifact type 8 + CREATE INDEX IF NOT EXISTS idx_manifests_artifact_type ON manifests(artifact_type);
+8 -6
pkg/hold/oci/xrpc.go
··· 254 254 return 255 255 } 256 256 257 - // Verify user DID matches token 258 - if req.UserDID != validatedUser.DID { 259 - RespondError(w, http.StatusForbidden, "user DID mismatch") 260 - return 261 - } 262 - 263 257 // Default operation to "push" for backward compatibility 264 258 operation := req.Operation 265 259 if operation == "" { ··· 269 263 // Validate operation 270 264 if operation != "push" && operation != "pull" { 271 265 RespondError(w, http.StatusBadRequest, fmt.Sprintf("invalid operation: %s (must be 'push' or 'pull')", operation)) 266 + return 267 + } 268 + 269 + // Verify user DID matches token - only for pushes 270 + // For pulls: userDID is the repo owner (for stats), but the token belongs to the puller 271 + // This allows anyone to pull from a public repo and have stats tracked under the owner 272 + if operation == "push" && req.UserDID != validatedUser.DID { 273 + RespondError(w, http.StatusForbidden, "user DID mismatch") 272 274 return 273 275 } 274 276