feat: add S3 authentication and fix Docker multi-segment routes

S3 Storage: - Implement AWS Signature v4 for S3-compatible storage (MinIO, AWS) - Add s3_access_key, s3_secret_key, s3_region config options - Support both authenticated and anonymous S3 access - Add proper URI encoding for S3 canonical requests Docker Registry: - Fix routing for multi-segment image names (e.g., library/alpine) - Add namespace routes for two-segment paths (/v2/{ns}/{name}/...) - Add debug tracing for upstream proxy operations Config: - Add NORA_STORAGE_S3_ACCESS_KEY env var - Add NORA_STORAGE_S3_SECRET_KEY env var - Add NORA_STORAGE_S3_REGION env var (default: us-east-1)
2026-04-12 09:10:32 +00:00 · 2026-01-30 23:22:22 +00:00
parent 38003db6f8
commit b29a0309d4
9 changed files with 490 additions and 226 deletions
--- a/nora-registry/src/main.rs
+++ b/nora-registry/src/main.rs
@@ -104,10 +104,18 @@ async fn main() {
                info!(
                    s3_url = %config.storage.s3_url,
                    bucket = %config.storage.bucket,
+                    region = %config.storage.s3_region,
+                    has_credentials = config.storage.s3_access_key.is_some(),
                    "Using S3 storage"
                );
            }
-            Storage::new_s3(&config.storage.s3_url, &config.storage.bucket)
+            Storage::new_s3(
+                &config.storage.s3_url,
+                &config.storage.bucket,
+                &config.storage.s3_region,
+                config.storage.s3_access_key.as_deref(),
+                config.storage.s3_secret_key.as_deref(),
+            )
        }
    };

@@ -131,7 +139,13 @@ async fn main() {
        Some(Commands::Migrate { from, to, dry_run }) => {
            let source = match from.as_str() {
                "local" => Storage::new_local(&config.storage.path),
-                "s3" => Storage::new_s3(&config.storage.s3_url, &config.storage.bucket),
+                "s3" => Storage::new_s3(
+                    &config.storage.s3_url,
+                    &config.storage.bucket,
+                    &config.storage.s3_region,
+                    config.storage.s3_access_key.as_deref(),
+                    config.storage.s3_secret_key.as_deref(),
+                ),
                _ => {
                    error!("Invalid source: '{}'. Use 'local' or 's3'", from);
                    std::process::exit(1);
@@ -140,7 +154,13 @@ async fn main() {

            let dest = match to.as_str() {
                "local" => Storage::new_local(&config.storage.path),
-                "s3" => Storage::new_s3(&config.storage.s3_url, &config.storage.bucket),
+                "s3" => Storage::new_s3(
+                    &config.storage.s3_url,
+                    &config.storage.bucket,
+                    &config.storage.s3_region,
+                    config.storage.s3_access_key.as_deref(),
+                    config.storage.s3_secret_key.as_deref(),
+                ),
                _ => {
                    error!("Invalid destination: '{}'. Use 'local' or 's3'", to);
                    std::process::exit(1);