taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 12:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add RBAC (read/write/admin) and persistent audit log

Browse Source 
- Add Role enum to tokens: Read, Write, Admin (default: Read)
- Enforce role-based access in auth middleware (read-only tokens blocked from PUT/POST/DELETE)
- Add role field to token create/list/verify API
- Add persistent audit log (append-only JSONL) for all registry operations
- Audit logging across all registries: docker, npm, maven, pypi, cargo, raw

DevITWay
This commit is contained in:
devitway
2026-03-03 10:40:59 +00:00
parent f560e5f76b
commit 402d2321ef
10 changed files with 181 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nora-registry/src/registry/docker.rs
View File

@@ -2,6 +2,7 @@
// SPDX-License-Identifier: MIT
use crate::activity_log::{ActionType, ActivityEntry};
use crate::audit::AuditEntry;
use crate::registry::docker_auth::DockerAuth;
use crate::storage::Storage;
use crate::validation::{validate_digest, validate_docker_name, validate_docker_reference};
@@ -488,6 +489,7 @@ async fn put_manifest(
"docker",
"LOCAL",
));
state.audit.log(AuditEntry::new("push", "api", &format!("{}:{}", name, reference), "docker", "manifest"));
state.repo_index.invalidate("docker");
let location = format!("/v2/{}/manifests/{}", name, reference);