4ad802ce2f
fix: bump prometheus 0.13->0.14 and bytes 1.11.0->1.11.1 (CVE-2025-53605, CVE-2026-25541)
2026-02-24 11:36:07 +00:00
dependabot[bot]
bcd172f23f
chore(deps): bump toml from 0.8.23 to 1.0.3+spec-1.1.0 ( #7 )
...
Bumps [toml](https://github.com/toml-rs/toml ) from 0.8.23 to 1.0.3+spec-1.1.0.
- [Commits](https://github.com/toml-rs/toml/compare/toml-v0.8.23...toml-v1.0.3 )
---
updated-dependencies:
- dependency-name: toml
dependency-version: 1.0.3+spec-1.1.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:52 +01:00
dependabot[bot]
a5a7c4f8be
chore(deps): bump flate2 from 1.1.8 to 1.1.9 ( #6 )
...
Bumps [flate2](https://github.com/rust-lang/flate2-rs ) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases )
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.1.8...1.1.9 )
---
updated-dependencies:
- dependency-name: flate2
dependency-version: 1.1.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-24 12:22:46 +01:00
b29a0309d4
feat: add S3 authentication and fix Docker multi-segment routes
...
S3 Storage:
- Implement AWS Signature v4 for S3-compatible storage (MinIO, AWS)
- Add s3_access_key, s3_secret_key, s3_region config options
- Support both authenticated and anonymous S3 access
- Add proper URI encoding for S3 canonical requests
Docker Registry:
- Fix routing for multi-segment image names (e.g., library/alpine)
- Add namespace routes for two-segment paths (/v2/{ns}/{name}/...)
- Add debug tracing for upstream proxy operations
Config:
- Add NORA_STORAGE_S3_ACCESS_KEY env var
- Add NORA_STORAGE_S3_SECRET_KEY env var
- Add NORA_STORAGE_S3_REGION env var (default: us-east-1)
2026-01-30 23:22:22 +00:00
ee4e01467a
feat: add secrets provider architecture
...
Trait-based secrets management for secure credential handling:
- SecretsProvider trait for pluggable backends
- EnvProvider as default (12-Factor App pattern)
- ProtectedString with zeroize (memory zeroed on drop)
- Redacted Debug impl prevents secret leakage in logs
- S3Credentials struct for future AWS S3 integration
- Config: [secrets] section with provider and clear_env options
Foundation for AWS Secrets Manager, Vault, K8s (v0.4.0+)
2026-01-30 10:02:58 +00:00
f1cda800a2
Fix Docker push/pull: add PATCH endpoint for chunked uploads
...
- Add PATCH handler for /v2/{name}/blobs/uploads/{uuid} to support
chunked blob uploads (Docker sends data chunks via PATCH)
- Include Range header in PATCH response to indicate bytes received
- Add Docker-Content-Digest header to GET manifest responses
- Store manifests by both tag and digest for proper pull support
- Add parking_lot dependency for upload session state management
2026-01-26 12:01:05 +00:00
7ed3444d86
test: add comprehensive unit tests for storage and auth
...
- LocalStorage tests: put/get, list, stat, health_check, nested dirs
- S3Storage tests with wiremock HTTP mocking
- Auth/htpasswd tests: loading, validation, public paths
- Token lifecycle tests: create, verify, expire, revoke
Total: 75 tests passing
2026-01-26 00:02:09 +00:00
586420a476
feat: initialize NORA artifact registry
...
Cloud-native multi-protocol artifact registry in Rust.
- Docker Registry v2
- Maven (+ proxy)
- npm (+ proxy)
- Cargo, PyPI
- Web UI, Swagger, Prometheus
- Local & S3 storage
- 32MB Docker image
Created by DevITWay
https://getnora.io
2026-01-25 17:33:15 +00:00
