feat: add S3 authentication and fix Docker multi-segment routes

S3 Storage: - Implement AWS Signature v4 for S3-compatible storage (MinIO, AWS) - Add s3_access_key, s3_secret_key, s3_region config options - Support both authenticated and anonymous S3 access - Add proper URI encoding for S3 canonical requests Docker Registry: - Fix routing for multi-segment image names (e.g., library/alpine) - Add namespace routes for two-segment paths (/v2/{ns}/{name}/...) - Add debug tracing for upstream proxy operations Config: - Add NORA_STORAGE_S3_ACCESS_KEY env var - Add NORA_STORAGE_S3_SECRET_KEY env var - Add NORA_STORAGE_S3_REGION env var (default: us-east-1)
2026-04-12 17:20:33 +00:00 · 2026-01-30 23:22:22 +00:00
parent 38003db6f8
commit b29a0309d4
9 changed files with 490 additions and 226 deletions
--- a/nora-registry/src/config.rs
+++ b/nora-registry/src/config.rs
@@ -53,6 +53,19 @@ pub struct StorageConfig {
    pub s3_url: String,
    #[serde(default = "default_bucket")]
    pub bucket: String,
+    /// S3 access key (optional, uses anonymous access if not set)
+    #[serde(default)]
+    pub s3_access_key: Option<String>,
+    /// S3 secret key (optional, uses anonymous access if not set)
+    #[serde(default)]
+    pub s3_secret_key: Option<String>,
+    /// S3 region (default: us-east-1)
+    #[serde(default = "default_s3_region")]
+    pub s3_region: String,
+}
+
+fn default_s3_region() -> String {
+    "us-east-1".to_string()
 }

 fn default_storage_path() -> String {
@@ -325,6 +338,15 @@ impl Config {
        if let Ok(val) = env::var("NORA_STORAGE_BUCKET") {
            self.storage.bucket = val;
        }
+        if let Ok(val) = env::var("NORA_STORAGE_S3_ACCESS_KEY") {
+            self.storage.s3_access_key = if val.is_empty() { None } else { Some(val) };
+        }
+        if let Ok(val) = env::var("NORA_STORAGE_S3_SECRET_KEY") {
+            self.storage.s3_secret_key = if val.is_empty() { None } else { Some(val) };
+        }
+        if let Ok(val) = env::var("NORA_STORAGE_S3_REGION") {
+            self.storage.s3_region = val;
+        }

        // Auth config
        if let Ok(val) = env::var("NORA_AUTH_ENABLED") {
@@ -455,6 +477,9 @@ impl Default for Config {
                path: String::from("data/storage"),
                s3_url: String::from("http://127.0.0.1:3000"),
                bucket: String::from("registry"),
+                s3_access_key: None,
+                s3_secret_key: None,
+                s3_region: String::from("us-east-1"),
            },
            maven: MavenConfig::default(),
            npm: NpmConfig::default(),