Fix OCI route mounting — integrate into authenticated /v2 group

NewRouter now accepts an optional OCI handler to mount inside the authenticated /v2 route group, avoiding chi's Mount conflict on an existing path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 22:22:31 -07:00
parent 8cf26895a3
commit 15a306dc4a
3 changed files with 15 additions and 9 deletions
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -1,10 +1,15 @@
 package server

-import "github.com/go-chi/chi/v5"
+import (
+	"net/http"
+
+	"github.com/go-chi/chi/v5"
+)

 // NewRouter builds the chi router with all OCI Distribution Spec
-// endpoints and auth middleware wired up.
-func NewRouter(validator TokenValidator, loginClient LoginClient, serviceName string) *chi.Mux {
+// endpoints and auth middleware wired up. If ociRouter is non-nil,
+// its routes are mounted under /v2 behind the auth middleware.
+func NewRouter(validator TokenValidator, loginClient LoginClient, serviceName string, ociRouter http.Handler) *chi.Mux {
 	r := chi.NewRouter()

 	// Token endpoint is NOT behind RequireAuth — clients use Basic auth
@@ -15,6 +20,9 @@ func NewRouter(validator TokenValidator, loginClient LoginClient, serviceName st
 	r.Route("/v2", func(v2 chi.Router) {
 		v2.Use(RequireAuth(validator, serviceName))
 		v2.Get("/", V2Handler())
+		if ociRouter != nil {
+			v2.Mount("/", ociRouter)
+		}
 	})

 	return r