Hacker-Software
/
docker-repo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

This commit is contained in:
Stefan Hacker 2026-02-12 12:10:30 +01:00
commit 272e2d6090
8 changed files with 400 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
README.md Normal file
View File

12
auth-app/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
FROM python:3.12-alpine
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 5000
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "1", "app:app"]

178
auth-app/app.py Normal file
View File

@ -0,0 +1,178 @@
import os
import sqlite3
from functools import wraps
import bcrypt as bc
from flask import (
Flask,
flash,
redirect,
render_template,
request,
session,
url_for,
)
app = Flask(__name__)
app.secret_key = os.environ.get("SECRET_KEY", "default-secret-key")
ADMIN_USER = os.environ.get("ADMIN_USER", "admin")
ADMIN_PASSWORD = os.environ.get("ADMIN_PASSWORD", "changeme")
DB_PATH = os.environ.get("DB_PATH", "/data/users.db")
HTPASSWD_PATH = os.environ.get("HTPASSWD_PATH", "/auth/htpasswd")
def get_db():
conn = sqlite3.connect(DB_PATH)
conn.row_factory = sqlite3.Row
return conn
def init_db():
os.makedirs(os.path.dirname(DB_PATH), exist_ok=True)
os.makedirs(os.path.dirname(HTPASSWD_PATH), exist_ok=True)
conn = get_db()
conn.execute(
"""
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)
"""
)
conn.commit()
conn.close()
def hash_password(password):
"""Hash password with bcrypt, using $2y$ identifier for htpasswd compatibility."""
hashed = bc.hashpw(password.encode("utf-8"), bc.gensalt(rounds=12))
return hashed.decode("utf-8").replace("$2b$", "$2y$", 1)
def sync_htpasswd():
"""Regenerate htpasswd file from all users in SQLite."""
conn = get_db()
users = conn.execute("SELECT username, password_hash FROM users").fetchall()
conn.close()
with open(HTPASSWD_PATH, "w") as f:
for user in users:
f.write(f"{user['username']}:{user['password_hash']}\n")
def login_required(f):
@wraps(f)
def decorated(*args, **kwargs):
if not session.get("logged_in"):
return redirect(url_for("login"))
return f(*args, **kwargs)
return decorated
@app.route("/login", methods=["GET", "POST"])
def login():
if request.method == "POST":
username = request.form.get("username", "")
password = request.form.get("password", "")
if username == ADMIN_USER and password == ADMIN_PASSWORD:
session["logged_in"] = True
return redirect(url_for("users"))
flash("Ungueltige Anmeldedaten.", "error")
return render_template("login.html")
@app.route("/logout")
def logout():
session.pop("logged_in", None)
return redirect(url_for("login"))
@app.route("/")
@login_required
def users():
conn = get_db()
user_list = conn.execute(
"SELECT id, username, created_at FROM users ORDER BY username"
).fetchall()
conn.close()
return render_template("users.html", users=user_list)
@app.route("/add", methods=["POST"])
@login_required
def add_user():
username = request.form.get("username", "").strip()
password = request.form.get("password", "")
if not username or not password:
flash("Benutzername und Passwort sind erforderlich.", "error")
return redirect(url_for("users"))
if len(password) < 6:
flash("Passwort muss mindestens 6 Zeichen lang sein.", "error")
return redirect(url_for("users"))
password_h = hash_password(password)
conn = get_db()
try:
conn.execute(
"INSERT INTO users (username, password_hash) VALUES (?, ?)",
(username, password_h),
)
conn.commit()
sync_htpasswd()
flash(f'Benutzer "{username}" wurde erstellt.', "success")
except sqlite3.IntegrityError:
flash(f'Benutzer "{username}" existiert bereits.', "error")
finally:
conn.close()
return redirect(url_for("users"))
@app.route("/password/<int:user_id>", methods=["POST"])
@login_required
def change_password(user_id):
password = request.form.get("password", "")
if not password or len(password) < 6:
flash("Passwort muss mindestens 6 Zeichen lang sein.", "error")
return redirect(url_for("users"))
password_h = hash_password(password)
conn = get_db()
conn.execute(
"UPDATE users SET password_hash = ? WHERE id = ?",
(password_h, user_id),
)
conn.commit()
conn.close()
sync_htpasswd()
flash("Passwort wurde geaendert.", "success")
return redirect(url_for("users"))
@app.route("/delete/<int:user_id>", methods=["POST"])
@login_required
def delete_user(user_id):
conn = get_db()
user = conn.execute(
"SELECT username FROM users WHERE id = ?", (user_id,)
).fetchone()
if user:
conn.execute("DELETE FROM users WHERE id = ?", (user_id,))
conn.commit()
sync_htpasswd()
flash(f'Benutzer "{user["username"]}" wurde geloescht.', "success")
conn.close()
return redirect(url_for("users"))
# Initialize database and htpasswd on startup
init_db()
sync_htpasswd()

3
auth-app/requirements.txt Normal file
View File

@ -0,0 +1,3 @@
flask>=3.0
bcrypt>=4.0
gunicorn>=21.0

58
auth-app/templates/base.html Normal file
View File

@ -0,0 +1,58 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}Docker Registry{% endblock %}</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: #f3f4f6; color: #1f2937; min-height: 100vh; }
header { background: #1e293b; color: #fff; padding: 1rem 2rem; display: flex; justify-content: space-between; align-items: center; }
header h1 { font-size: 1.25rem; font-weight: 600; }
header a { color: #94a3b8; text-decoration: none; font-size: 0.9rem; }
header a:hover { color: #fff; }
.container { max-width: 900px; margin: 2rem auto; padding: 0 1rem; }
.card { background: #fff; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); padding: 1.5rem; margin-bottom: 1.5rem; }
.card h2 { font-size: 1.1rem; margin-bottom: 1rem; color: #374151; }
.flash { padding: 0.75rem 1rem; border-radius: 6px; margin-bottom: 1rem; font-size: 0.9rem; }
.flash.success { background: #dcfce7; color: #166534; border: 1px solid #bbf7d0; }
.flash.error { background: #fef2f2; color: #991b1b; border: 1px solid #fecaca; }
table { width: 100%; border-collapse: collapse; }
th, td { text-align: left; padding: 0.75rem; border-bottom: 1px solid #e5e7eb; }
th { font-size: 0.8rem; text-transform: uppercase; color: #6b7280; font-weight: 600; }
tr:last-child td { border-bottom: none; }
input[type="text"], input[type="password"] { padding: 0.5rem 0.75rem; border: 1px solid #d1d5db; border-radius: 6px; font-size: 0.9rem; width: 100%; }
input:focus { outline: none; border-color: #2563eb; box-shadow: 0 0 0 3px rgba(37,99,235,0.1); }
.btn { padding: 0.5rem 1rem; border: none; border-radius: 6px; font-size: 0.85rem; cursor: pointer; font-weight: 500; }
.btn-primary { background: #2563eb; color: #fff; }
.btn-primary:hover { background: #1d4ed8; }
.btn-danger { background: #dc2626; color: #fff; }
.btn-danger:hover { background: #b91c1c; }
.btn-secondary { background: #6b7280; color: #fff; }
.btn-secondary:hover { background: #4b5563; }
.form-row { display: flex; gap: 0.75rem; align-items: end; }
.form-group { flex: 1; }
.form-group label { display: block; font-size: 0.8rem; font-weight: 600; color: #374151; margin-bottom: 0.25rem; }
.actions { display: flex; gap: 0.5rem; align-items: center; }
.inline-form { display: flex; gap: 0.5rem; align-items: center; }
.inline-form input { width: 150px; }
.empty { text-align: center; padding: 2rem; color: #9ca3af; }
</style>
</head>
<body>
<header>
<h1>Docker Registry</h1>
{% if session.get('logged_in') %}
<a href="{{ url_for('logout') }}">Abmelden</a>
{% endif %}
</header>
<div class="container">
{% with messages = get_flashed_messages(with_categories=true) %}
{% for category, message in messages %}
<div class="flash {{ category }}">{{ message }}</div>
{% endfor %}
{% endwith %}
{% block content %}{% endblock %}
</div>
</body>
</html>

20
auth-app/templates/login.html Normal file
View File

@ -0,0 +1,20 @@
{% extends "base.html" %}
{% block title %}Anmelden - Docker Registry{% endblock %}
{% block content %}
<div style="max-width: 400px; margin: 4rem auto;">
<div class="card">
<h2>Anmelden</h2>
<form method="post" action="{{ url_for('login') }}">
<div class="form-group" style="margin-bottom: 1rem;">
<label for="username">Benutzername</label>
<input type="text" id="username" name="username" required autofocus>
</div>
<div class="form-group" style="margin-bottom: 1rem;">
<label for="password">Passwort</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit" class="btn btn-primary" style="width: 100%;">Anmelden</button>
</form>
</div>
</div>
{% endblock %}

70
auth-app/templates/users.html Normal file
View File

@ -0,0 +1,70 @@
{% extends "base.html" %}
{% block title %}Benutzerverwaltung - Docker Registry{% endblock %}
{% block content %}
<div class="card">
<h2>Neuen Benutzer anlegen</h2>
<form method="post" action="{{ url_for('add_user') }}">
<div class="form-row">
<div class="form-group">
<label for="username">Benutzername</label>
<input type="text" id="username" name="username" required placeholder="z.B. deploy-user">
</div>
<div class="form-group">
<label for="password">Passwort</label>
<input type="password" id="password" name="password" required placeholder="Min. 6 Zeichen" minlength="6">
</div>
<div>
<button type="submit" class="btn btn-primary">Anlegen</button>
</div>
</div>
</form>
</div>
<div class="card">
<h2>Registry-Benutzer</h2>
{% if users %}
<table>
<thead>
<tr>
<th>Benutzername</th>
<th>Erstellt am</th>
<th>Passwort aendern</th>
<th></th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr>
<td><strong>{{ user.username }}</strong></td>
<td>{{ user.created_at }}</td>
<td>
<form method="post" action="{{ url_for('change_password', user_id=user.id) }}" class="inline-form">
<input type="password" name="password" placeholder="Neues Passwort" required minlength="6">
<button type="submit" class="btn btn-secondary">Aendern</button>
</form>
</td>
<td>
<form method="post" action="{{ url_for('delete_user', user_id=user.id) }}"
onsubmit="return confirm('Benutzer &quot;{{ user.username }}&quot; wirklich loeschen?')">
<button type="submit" class="btn btn-danger">Loeschen</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% else %}
<p class="empty">Noch keine Benutzer angelegt.</p>
{% endif %}
</div>
<div class="card">
<h2>Nutzung</h2>
<p style="font-size: 0.9rem; color: #6b7280; line-height: 1.6;">
Nach dem Anlegen eines Benutzers kann sich dieser mit <code>docker login {{ request.host }}</code> anmelden
und Images pushen/pullen.
</p>
</div>
{% endblock %}

59
docker-compose.yml Normal file
View File

@ -0,0 +1,59 @@
services:
caddy:
image: caddy:2-alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./data/caddy/data:/data
- ./data/caddy/config:/config
entrypoint: ["sh", "-c"]
command:
- |
echo '${DOMAIN} {
handle /v2/* {
reverse_proxy registry:5000
}
handle {
reverse_proxy auth:5000
}
}' | caddy run --adapter caddyfile --config -
depends_on:
- registry
- auth
networks:
- registry_net
registry:
image: registry:2
restart: unless-stopped
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Docker Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_STORAGE_DELETE_ENABLED: "true"
volumes:
- ./data/registry:/var/lib/registry
- ./data/htpasswd:/auth:ro
networks:
- registry_net
auth:
build: ./auth-app
restart: unless-stopped
environment:
ADMIN_USER: ${ADMIN_USER}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
SECRET_KEY: ${SECRET_KEY}
DB_PATH: /data/users.db
HTPASSWD_PATH: /auth/htpasswd
volumes:
- ./data/auth:/data
- ./data/htpasswd:/auth
networks:
- registry_net
networks:
registry_net: