Phases 5, 6, 8: OCI pull/push paths and admin REST API

Phase 5 (OCI pull): internal/oci/ package with manifest GET/HEAD by tag/digest, blob GET/HEAD with repo membership check, tag listing with OCI pagination, catalog listing. Multi-segment repo names via parseOCIPath() right-split routing. DB query layer in internal/db/repository.go. Phase 6 (OCI push): blob uploads (monolithic and chunked) with uploadManager tracking in-progress BlobWriters, manifest push implementing full ARCHITECTURE.md §5 flow in a single SQLite transaction (create repo, upsert manifest, populate manifest_blobs, atomic tag move). Digest verification on both blob commit and manifest push-by-digest. Phase 8 (admin REST): /v1 endpoints for auth (login/logout/health), repository management (list/detail/delete), policy CRUD with engine reload, audit log listing with filters, GC trigger/status stubs. RequireAdmin middleware, platform-standard error format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 18:25:18 -07:00
parent f5e67bd4aa
commit dddc66f31b
40 changed files with 6832 additions and 7 deletions
--- a/internal/oci/catalog.go
+++ b/internal/oci/catalog.go
@@ -0,0 +1,68 @@
+package oci
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"git.wntrmute.dev/kyle/mcr/internal/policy"
+)
+
+type catalogResponse struct {
+	Repositories []string `json:"repositories"`
+}
+
+func (h *Handler) handleCatalog(w http.ResponseWriter, r *http.Request) {
+	if !h.checkPolicy(w, r, policy.ActionCatalog, "") {
+		return
+	}
+
+	n := 0
+	var err error
+	if nStr := r.URL.Query().Get("n"); nStr != "" {
+		n, err = strconv.Atoi(nStr)
+		if err != nil || n < 0 {
+			writeOCIError(w, "INVALID_PARAMETER", http.StatusBadRequest, "invalid 'n' parameter")
+			return
+		}
+	}
+	last := r.URL.Query().Get("last")
+
+	if n == 0 {
+		repos, err := h.db.ListRepositoryNames(last, 10000)
+		if err != nil {
+			writeOCIError(w, "UNKNOWN", http.StatusInternalServerError, "internal error")
+			return
+		}
+		if repos == nil {
+			repos = []string{}
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(catalogResponse{Repositories: repos})
+		return
+	}
+
+	repos, err := h.db.ListRepositoryNames(last, n+1)
+	if err != nil {
+		writeOCIError(w, "UNKNOWN", http.StatusInternalServerError, "internal error")
+		return
+	}
+	if repos == nil {
+		repos = []string{}
+	}
+
+	hasMore := len(repos) > n
+	if hasMore {
+		repos = repos[:n]
+	}
+
+	if hasMore {
+		lastRepo := repos[len(repos)-1]
+		linkURL := fmt.Sprintf("/v2/_catalog?n=%d&last=%s", n, lastRepo)
+		w.Header().Set("Link", fmt.Sprintf(`<%s>; rel="next"`, linkURL))
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	_ = json.NewEncoder(w).Encode(catalogResponse{Repositories: repos})
+}