project-zot · rchincha · Nov 24, 2023 · Aug 22, 2023
@@ -38,7 +38,7 @@
 	var internalErr *Error
 	details := make(map[string]string)

 	if errors.As(err, &internalErr) {
 		details = internalErr.GetDetails()
 	}

@@ -164,6 +164,8 @@
 	ErrFileAlreadyClosed              = errors.New("storageDriver: file already closed")
 	ErrFileAlreadyCommitted           = errors.New("storageDriver: file already committed")
 	ErrInvalidOutputFormat            = errors.New("cli: invalid output format")
+	ErrServerIsRunning                = errors.New("server is running")
+	ErrDatabaseFileAlreadyInUse       = errors.New("boltdb file is already in use")
 	ErrFlagValueUnsupported           = errors.New("supported values ")
 	ErrUnknownSubcommand              = errors.New("cli: unknown subcommand")
 	ErrMultipleReposSameName          = errors.New("test: can't have multiple repos with the same name")

@@ -48,10 +48,11 @@
 type AuthnMiddleware struct {
 	credMap    map[string]string
 	ldapClient *LDAPClient
+	log        log.Logger
 }
 
 func AuthHandler(ctlr *Controller) mux.MiddlewareFunc {
-	authnMiddleware := &AuthnMiddleware{}
+	authnMiddleware := &AuthnMiddleware{log: ctlr.Log}
 
 	if ctlr.Config.IsBearerAuthEnabled() {
 		return bearerAuthHandler(ctlr)
@@ -279,21 +280,24 @@
 		if ctlr.Config.HTTP.Auth.LDAP.CACert != "" {
 			caCert, err := os.ReadFile(ctlr.Config.HTTP.Auth.LDAP.CACert)
 			if err != nil {
-				panic(err)
+				amw.log.Panic().Err(err).Str("caCert", ctlr.Config.HTTP.Auth.LDAP.CACert).
+					Msg("failed to read caCert")
 			}
 
 			caCertPool := x509.NewCertPool()
 
 			if !caCertPool.AppendCertsFromPEM(caCert) {
-				panic(zerr.ErrBadCACert)
+				amw.log.Panic().Err(zerr.ErrBadCACert).Str("caCert", ctlr.Config.HTTP.Auth.LDAP.CACert).
+					Msg("failed to read caCert")
 			}
 
 			amw.ldapClient.ClientCAs = caCertPool
 		} else {
 			// default to system cert pool
 			caCertPool, err := x509.SystemCertPool()
 			if err != nil {
-				panic(zerr.ErrBadCACert)
+				amw.log.Panic().Err(zerr.ErrBadCACert).Str("caCert", ctlr.Config.HTTP.Auth.LDAP.CACert).
+					Msg("failed to get system cert pool")
 			}
 
 			amw.ldapClient.ClientCAs = caCertPool
@@ -303,7 +307,8 @@
 	if ctlr.Config.IsHtpasswdAuthEnabled() {
 		credsFile, err := os.Open(ctlr.Config.HTTP.Auth.HTPasswd.Path)
 		if err != nil {
-			panic(err)
+			amw.log.Panic().Err(err).Str("credsFile", ctlr.Config.HTTP.Auth.HTPasswd.Path).
+				Msg("failed to open creds-file")
 		}
 		defer credsFile.Close()
 
@@ -324,10 +329,10 @@
 
 		for provider := range ctlr.Config.HTTP.Auth.OpenID.Providers {
 			if config.IsOpenIDSupported(provider) {
-				rp := NewRelyingPartyOIDC(ctlr.Config, provider)
+				rp := NewRelyingPartyOIDC(ctlr.Config, provider, ctlr.Log)
 				ctlr.RelyingParties[provider] = rp
 			} else if config.IsOauth2Supported(provider) {
-				rp := NewRelyingPartyGithub(ctlr.Config, provider)
+				rp := NewRelyingPartyGithub(ctlr.Config, provider, ctlr.Log)
 				ctlr.RelyingParties[provider] = rp
 			}
 		}
@@ -557,19 +562,20 @@
 	}
 }
 
-func NewRelyingPartyOIDC(config *config.Config, provider string) rp.RelyingParty {
-	issuer, clientID, clientSecret, redirectURI, scopes, options := getRelyingPartyArgs(config, provider)
+func NewRelyingPartyOIDC(config *config.Config, provider string, log log.Logger) rp.RelyingParty {
+	issuer, clientID, clientSecret, redirectURI, scopes, options := getRelyingPartyArgs(config, provider, log)
 
 	relyingParty, err := rp.NewRelyingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes, options...)
 	if err != nil {
-		panic(err)
+		log.Panic().Err(err).Str("issuer", issuer).Str("redirectURI", redirectURI).Strs("scopes", scopes).
+			Msg("failed to get new relying party oicd")
 	}
 
 	return relyingParty
 }
 
-func NewRelyingPartyGithub(config *config.Config, provider string) rp.RelyingParty {
-	_, clientID, clientSecret, redirectURI, scopes, options := getRelyingPartyArgs(config, provider)
+func NewRelyingPartyGithub(config *config.Config, provider string, log log.Logger) rp.RelyingParty {
+	_, clientID, clientSecret, redirectURI, scopes, options := getRelyingPartyArgs(config, provider, log)
 
 	rpConfig := &oauth2.Config{
 		ClientID:     clientID,
@@ -581,17 +587,18 @@
 
 	relyingParty, err := rp.NewRelyingPartyOAuth(rpConfig, options...)
 	if err != nil {
-		panic(err)
+		log.Panic().Err(err).Str("redirectURI", redirectURI).Strs("scopes", scopes).
+			Msg("failed to get new relying party oauth")
 	}
 
 	return relyingParty
 }
 
-func getRelyingPartyArgs(cfg *config.Config, provider string) (
+func getRelyingPartyArgs(cfg *config.Config, provider string, log log.Logger) (
 	string, string, string, string, []string, []rp.Option,
 ) {
 	if _, ok := cfg.HTTP.Auth.OpenID.Providers[provider]; !ok {
-		panic(zerr.ErrOpenIDProviderDoesNotExist)
+		log.Panic().Err(zerr.ErrOpenIDProviderDoesNotExist).Str("provider", provider).Msg("")
 	}
 
 	clientID := cfg.HTTP.Auth.OpenID.Providers[provider].ClientID

@@ -192,13 +192,17 @@ func (c *Controller) Run(reloadCtx context.Context) error {
 
 			caCert, err := os.ReadFile(c.Config.HTTP.TLS.CACert)
 			if err != nil {
-				panic(err)
+				c.Log.Error().Err(err).Str("caCert", c.Config.HTTP.TLS.CACert).Msg("failed to read file")
+
+				return err
 			}
 
 			caCertPool := x509.NewCertPool()
 
 			if !caCertPool.AppendCertsFromPEM(caCert) {
-				panic(errors.ErrBadCACert)
+				c.Log.Error().Err(errors.ErrBadCACert).Msg("failed to append certs from pem")
+
+				return errors.ErrBadCACert
 			}
 
 			server.TLSConfig.ClientAuth = clientAuth