feat: [AH-602]: refactoring (#2920)

* rezolve PR comments * rezolve PR comments * refactoring * feat: [AH-602]: refactoring
2025-05-10 22:21:22 +08:00 · 2024-11-05 12:44:11 +00:00 · 2024-11-05 12:44:11 +00:00 · ddd8b47f62
commit ddd8b47f62
parent 0e5b3d64bd
21 changed files with 106 additions and 103 deletions
--- a/app/url/provider.go
+++ b/app/url/provider.go
@ -75,8 +75,11 @@ type Provider interface {
 	// GetAPIProto returns the proto for the API hostname
 	GetAPIProto(ctx context.Context) string

-	// RegistryURL returns the url for oci token endpoint
-	RegistryURL() string
+	// RegistryRefURL returns the registry url with registry ref.
+	RegistryRefURL(ctx context.Context, registryRef string) string
+
+	// RegistryBaseURL returns the registry base url.
+	RegistryBaseURL(ctx context.Context, hostnamePrefix string) string
 }

 // Provider provides the URLs of the Harness system.
@ -235,7 +238,11 @@ func (p *provider) GetAPIProto(context.Context) string {
 	return p.apiURL.Scheme
 }

-func (p *provider) RegistryURL() string {
+func (p *provider) RegistryRefURL(_ context.Context, registryRef string) string {
+	return p.registryURL.JoinPath(registryRef).String()
+}
+
+func (p *provider) RegistryBaseURL(_ context.Context, _ string) string {
 	return p.registryURL.String()
 }

--- a/cmd/gitness/wire_gen.go
+++ b/cmd/gitness/wire_gen.go
@ -458,7 +458,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
 	coreController := pkg.CoreControllerProvider(registryRepository)
 	dbStore := docker.DBStoreProvider(blobRepository, imageRepository, artifactRepository, bandwidthStatRepository, downloadStatRepository)
 	dockerController := docker.ControllerProvider(localRegistry, remoteRegistry, coreController, spaceStore, authorizer, dbStore)
-	handler := api2.NewHandlerProvider(dockerController, spaceStore, tokenStore, controller, authenticator, provider, authorizer)
+	handler := api2.NewHandlerProvider(dockerController, spaceStore, tokenStore, controller, authenticator, provider, authorizer, config)
 	registryOCIHandler := router.OCIHandlerProvider(handler)
 	cleanupPolicyRepository := database2.ProvideCleanupPolicyDao(db, transactor)
 	apiHandler := router.APIHandlerProvider(registryRepository, upstreamProxyConfigRepository, tagRepository, manifestRepository, cleanupPolicyRepository, imageRepository, storageDriver, spaceStore, transactor, authenticator, provider, authorizer, auditService, spacePathStore)
--- a/registry/app/api/controller/metadata/artifact_mapper.go
+++ b/registry/app/api/controller/metadata/artifact_mapper.go
@ -27,12 +27,11 @@ import (

 func GetArtifactMetadata(
 	artifacts []types.ArtifactMetadata,
-	rootIdentifier string,
 	registryURL string,
 ) []artifactapi.ArtifactMetadata {
 	artifactMetadataList := make([]artifactapi.ArtifactMetadata, 0, len(artifacts))
 	for _, artifact := range artifacts {
-		artifactMetadata := mapToArtifactMetadata(artifact, rootIdentifier, registryURL)
+		artifactMetadata := mapToArtifactMetadata(artifact, registryURL)
 		artifactMetadataList = append(artifactMetadataList, *artifactMetadata)
 	}
 	return artifactMetadataList
@ -49,12 +48,11 @@ func GetRegistryArtifactMetadata(artifacts []types.ArtifactMetadata) []artifacta

 func mapToArtifactMetadata(
 	artifact types.ArtifactMetadata,
-	rootIdentifier string,
 	registryURL string,
 ) *artifactapi.ArtifactMetadata {
 	lastModified := GetTimeInMs(artifact.ModifiedAt)
 	packageType := artifact.PackageType
-	pullCommand := GetPullCommand(rootIdentifier, artifact.RepoName, artifact.Name, artifact.Version,
+	pullCommand := GetPullCommand(artifact.Name, artifact.Version,
 		string(packageType), registryURL)
 	return &artifactapi.ArtifactMetadata{
 		RegistryIdentifier: artifact.RepoName,
@ -102,8 +100,6 @@ func GetTagMetadata(
 	tags *[]types.TagMetadata,
 	latestTag string,
 	image string,
-	regIdentifier string,
-	rootIdentifier string,
 	registryURL string,
 ) []artifactapi.ArtifactVersionMetadata {
 	artifactVersionMetadataList := []artifactapi.ArtifactVersionMetadata{}
@ -112,7 +108,7 @@ func GetTagMetadata(
 		size := GetImageSize(tag.Size)
 		digestCount := tag.DigestCount
 		isLatestVersion := latestTag == tag.Name
-		command := GetPullCommand(rootIdentifier, regIdentifier, image, tag.Name, string(tag.PackageType), registryURL)
+		command := GetPullCommand(image, tag.Name, string(tag.PackageType), registryURL)
 		packageType, err := toPackageType(string(tag.PackageType))
 		if err != nil {
 			log.Ctx(ctx).Error().Err(err).Msgf("Error converting package type %s", tag.PackageType)
@ -137,14 +133,13 @@ func GetAllArtifactResponse(
 	count int64,
 	pageNumber int64,
 	pageSize int,
-	rootIdentifier string,
 	registryURL string,
 ) *artifactapi.ListArtifactResponseJSONResponse {
 	var artifactMetadataList []artifactapi.ArtifactMetadata
 	if artifacts == nil {
 		artifactMetadataList = make([]artifactapi.ArtifactMetadata, 0)
 	} else {
-		artifactMetadataList = GetArtifactMetadata(*artifacts, rootIdentifier, registryURL)
+		artifactMetadataList = GetArtifactMetadata(*artifacts, registryURL)
 	}
 	pageCount := GetPageCount(count, pageSize)
 	listArtifact := &artifactapi.ListArtifact{
@ -215,15 +210,12 @@ func GetAllArtifactVersionResponse(
 	latestTag string,
 	image string,
 	count int64,
-	regInfo *RegistryRequestInfo,
 	pageNumber int64,
 	pageSize int,
-	rootIdentifier string,
 	registryURL string,
 ) *artifactapi.ListArtifactVersionResponseJSONResponse {
 	artifactVersionMetadataList := GetTagMetadata(
-		ctx, tags, latestTag, image,
-		regInfo.RegistryIdentifier, rootIdentifier, registryURL,
+		ctx, tags, latestTag, image, registryURL,
 	)
 	pageCount := GetPageCount(count, pageSize)
 	listArtifactVersions := &artifactapi.ListArtifactVersion{
@ -245,11 +237,10 @@ func GetDockerArtifactDetails(
 	tag *types.TagDetail,
 	manifest *types.Manifest,
 	isLatestTag bool,
-	regInfo *RegistryRequestBaseInfo,
 	registryURL string,
 ) *artifactapi.DockerArtifactDetailResponseJSONResponse {
 	repoPath := getRepoPath(registry.Name, tag.ImageName, manifest.Digest.String())
-	pullCommand := GetDockerPullCommand(regInfo.RootIdentifier, registry.Name, tag.ImageName, tag.Name, registryURL)
+	pullCommand := GetDockerPullCommand(tag.ImageName, tag.Name, registryURL)
 	createdAt := GetTimeInMs(tag.CreatedAt)
 	modifiedAt := GetTimeInMs(tag.UpdatedAt)
 	size := GetSize(manifest.TotalSize)
@ -262,7 +253,7 @@ func GetDockerArtifactDetails(
 		ModifiedAt:      &modifiedAt,
 		RegistryPath:    repoPath,
 		PullCommand:     &pullCommand,
-		Url:             GetTagURL(regInfo.RootIdentifier, tag.ImageName, tag.Name, registry.Name, registryURL),
+		Url:             GetTagURL(tag.ImageName, tag.Name, registryURL),
 		Size:            &size,
 	}

@ -278,11 +269,10 @@ func GetHelmArtifactDetails(
 	tag *types.TagDetail,
 	manifest *types.Manifest,
 	isLatestTag bool,
-	rootIdentifier string,
 	registryURL string,
 ) *artifactapi.HelmArtifactDetailResponseJSONResponse {
 	repoPath := getRepoPath(registry.Name, tag.ImageName, manifest.Digest.String())
-	pullCommand := GetHelmPullCommand(rootIdentifier, registry.Name, tag.ImageName, tag.Name, registryURL)
+	pullCommand := GetHelmPullCommand(tag.ImageName, tag.Name, registryURL)
 	createdAt := GetTimeInMs(tag.CreatedAt)
 	modifiedAt := GetTimeInMs(tag.UpdatedAt)
 	size := GetSize(manifest.TotalSize)
@ -295,7 +285,7 @@ func GetHelmArtifactDetails(
 		ModifiedAt:      &modifiedAt,
 		RegistryPath:    repoPath,
 		PullCommand:     &pullCommand,
-		Url:             GetTagURL(rootIdentifier, tag.ImageName, tag.Name, registry.Name, registryURL),
+		Url:             GetTagURL(tag.ImageName, tag.Name, registryURL),
 		Size:            &size,
 	}

--- a/registry/app/api/controller/metadata/base.go
+++ b/registry/app/api/controller/metadata/base.go
@ -293,7 +293,6 @@ func CreateVirtualRepositoryResponse(
 	registry *types.Registry,
 	upstreamProxyKeys []string,
 	cleanupPolicies *[]types.CleanupPolicy,
-	rootIdentifier string,
 	registryURL string,
 ) *api.RegistryResponseJSONResponse {
 	createdAt := GetTimeInMs(registry.CreatedAt)
@ -308,7 +307,7 @@ func CreateVirtualRepositoryResponse(
 		Data: api.Registry{
 			Identifier:     registry.Name,
 			Description:    &registry.Description,
-			Url:            GetRepoURL(rootIdentifier, registry.Name, registryURL),
+			Url:            registryURL,
 			PackageType:    registry.PackageType,
 			AllowedPattern: &allowedPattern,
 			BlockedPattern: &blockedPattern,
--- a/registry/app/api/controller/metadata/create_registry.go
+++ b/registry/app/api/controller/metadata/create_registry.go
@ -147,7 +147,7 @@ func (c *APIController) createVirtualRegistry(
 	return artifact.CreateRegistry201JSONResponse{
 		RegistryResponseJSONResponse: *CreateVirtualRepositoryResponse(
 			repoEntity, c.getUpstreamProxyKeys(ctx, repoEntity.UpstreamProxies),
-			cleanupPolicies, regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+			cleanupPolicies, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
--- a/registry/app/api/controller/metadata/get_artifacts.go
+++ b/registry/app/api/controller/metadata/get_artifacts.go
@ -89,7 +89,7 @@ func (c *APIController) GetAllArtifacts(
 	}
 	return artifact.GetAllArtifacts200JSONResponse{
 		ListArtifactResponseJSONResponse: *GetAllArtifactResponse(artifacts, count, regInfo.pageNumber, regInfo.limit,
-			regInfo.RootIdentifier, c.URLProvider.RegistryURL()),
+			c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef)),
 	}, nil
 }

--- a/registry/app/api/controller/metadata/get_artifacts_docker_details.go
+++ b/registry/app/api/controller/metadata/get_artifacts_docker_details.go
@ -106,7 +106,7 @@ func (c *APIController) GetDockerArtifactDetails(
 	return artifact.GetDockerArtifactDetails200JSONResponse{
 		DockerArtifactDetailResponseJSONResponse: *GetDockerArtifactDetails(
 			registry, tag, m,
-			latestTag.ID == tag.ID, regInfo, c.URLProvider.RegistryURL(),
+			latestTag.ID == tag.ID, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
--- a/registry/app/api/controller/metadata/get_artifacts_helm_details.go
+++ b/registry/app/api/controller/metadata/get_artifacts_helm_details.go
@ -94,7 +94,7 @@ func (c *APIController) GetHelmArtifactDetails(
 	return artifact.GetHelmArtifactDetails200JSONResponse{
 		HelmArtifactDetailResponseJSONResponse: *GetHelmArtifactDetails(
 			registry, tag, m,
-			latestTag.ID == tag.ID, regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+			latestTag.ID == tag.ID, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
--- a/registry/app/api/controller/metadata/get_artifacts_versions.go
+++ b/registry/app/api/controller/metadata/get_artifacts_versions.go
@ -99,8 +99,8 @@ func (c *APIController) GetAllArtifactVersions(

 	return artifact.GetAllArtifactVersions200JSONResponse{
 		ListArtifactVersionResponseJSONResponse: *GetAllArtifactVersionResponse(
-			ctx, tags, latestTag, image, count,
-			regInfo, regInfo.pageNumber, regInfo.limit, regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+			ctx, tags, latestTag, image, count, regInfo.pageNumber, regInfo.limit,
+			c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
--- a/registry/app/api/controller/metadata/get_client_setup_details.go
+++ b/registry/app/api/controller/metadata/get_client_setup_details.go
@ -21,7 +21,6 @@ import (

 	apiauth "github.com/harness/gitness/app/api/auth"
 	"github.com/harness/gitness/app/api/request"
-	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/registry/app/api/openapi/contracts/artifact"
 	"github.com/harness/gitness/registry/app/common"
 	"github.com/harness/gitness/types/enum"
@ -95,8 +94,7 @@ func (c *APIController) GetClientSetupDetails(

 	return artifact.GetClientSetupDetails200JSONResponse{
 		ClientSetupDetailsResponseJSONResponse: *GetClientSetupDetails(
-			ctx, packageType, regInfo,
-			string(r.RegistryRef), imageParam, tagParam, c.URLProvider.RegistryURL(),
+			ctx, packageType, imageParam, tagParam, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
@ -104,16 +102,13 @@ func (c *APIController) GetClientSetupDetails(
 func GetClientSetupDetails(
 	ctx context.Context,
 	packageType string,
-	_ *RegistryRequestBaseInfo,
-	regRef string,
 	image *artifact.ArtifactParam,
 	tag *artifact.VersionParam,
 	registryURL string,
 ) *artifact.ClientSetupDetailsResponseJSONResponse {
 	session, _ := request.AuthSessionFrom(ctx)
 	username := session.Principal.Email
-	hostname := common.GenerateSetupClientHostname(registryURL)
-	regRef = strings.ToLower(regRef)
+	hostname, regRef := common.GenerateSetupClientHostnameAndRegistry(registryURL)

 	// Fixme: Use ENUMS
 	if packageType == "HELM" {
@ -264,8 +259,12 @@ func GetClientSetupDetails(
 }

 func replacePlaceholders(
-	clientSetupDetails artifact.ClientSetupDetails, username string, hostname string,
-	regRef string, image *artifact.ArtifactParam, tag *artifact.VersionParam,
+	clientSetupDetails artifact.ClientSetupDetails,
+	username string,
+	hostname string,
+	regRef string,
+	image *artifact.ArtifactParam,
+	tag *artifact.VersionParam,
 ) {
 	for _, s := range clientSetupDetails.Sections {
 		if s.Steps == nil {
@ -291,9 +290,6 @@ func replaceText(
 	image *artifact.ArtifactParam,
 	tag *artifact.VersionParam,
 ) {
-	rootSpace, _, _ := paths.DisectRoot(regRef)
-	_, registryName, _ := paths.DisectLeaf(regRef)
-	repoRef := rootSpace + "/" + registryName
 	if username != "" {
 		(*st.Commands)[i] = strings.ReplaceAll((*st.Commands)[i], "<USERNAME>", username)
 	}
@ -303,7 +299,7 @@ func replaceText(
 	if regRef != "" {
 		(*st.Commands)[i] = strings.ReplaceAll(
 			(*st.Commands)[i],
-			"<REPOSITORY_REFERENCE>", repoRef,
+			"<REPOSITORY_REFERENCE>", regRef,
 		)
 	}
 	if image != nil {
--- a/registry/app/api/controller/metadata/get_registries.go
+++ b/registry/app/api/controller/metadata/get_registries.go
@ -114,7 +114,7 @@ func (c *APIController) GetAllRegistries(
 	return artifact.GetAllRegistries200JSONResponse{
 		ListRegistryResponseJSONResponse: *GetAllRegistryResponse(
 			repos, count, regInfo.pageNumber,
-			regInfo.limit, regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+			regInfo.limit, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
@ -124,10 +124,9 @@ func GetAllRegistryResponse(
 	count int64,
 	pageNumber int64,
 	pageSize int,
-	rootIdentifier string,
 	registryURL string,
 ) *artifact.ListRegistryResponseJSONResponse {
-	repoMetadataList := GetRegistryMetadata(repos, rootIdentifier, registryURL)
+	repoMetadataList := GetRegistryMetadata(repos, registryURL)
 	pageCount := GetPageCount(count, pageSize)
 	listRepository := &artifact.ListRegistry{
 		ItemCount:  &count,
@ -145,7 +144,6 @@ func GetAllRegistryResponse(

 func GetRegistryMetadata(
 	registryMetadatas *[]store.RegistryMetadata,
-	rootIdentifier string,
 	registryURL string,
 ) []artifact.RegistryMetadata {
 	repoMetadataList := []artifact.RegistryMetadata{}
@ -176,7 +174,7 @@ func GetRegistryMetadata(
 			PackageType:    reg.PackageType,
 			Type:           reg.Type,
 			LastModified:   &modifiedAt,
-			Url:            GetRepoURL(rootIdentifier, reg.RegIdentifier, registryURL),
+			Url:            registryURL,
 			ArtifactsCount: artifactCount,
 			DownloadsCount: downloadCount,
 			RegistrySize:   &size,
--- a/registry/app/api/controller/metadata/get_registry.go
+++ b/registry/app/api/controller/metadata/get_registry.go
@ -77,7 +77,7 @@ func (c *APIController) GetRegistry(
 				repoEntity, c.getUpstreamProxyKeys(
 					ctx,
 					repoEntity.UpstreamProxies,
-				), cleanupPolicies, regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+				), cleanupPolicies, c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 			),
 		}, nil
 	}
--- a/registry/app/api/controller/metadata/update_registry.go
+++ b/registry/app/api/controller/metadata/update_registry.go
@ -182,7 +182,7 @@ func (c *APIController) updateVirtualRegistry(
 		RegistryResponseJSONResponse: *CreateVirtualRepositoryResponse(
 			modifiedRepoEntity,
 			c.getUpstreamProxyKeys(ctx, modifiedRepoEntity.UpstreamProxies), cleanupPolicies,
-			regInfo.RootIdentifier, c.URLProvider.RegistryURL(),
+			c.URLProvider.RegistryRefURL(ctx, regInfo.RegistryRef),
 		),
 	}, nil
 }
--- a/registry/app/api/controller/metadata/utils.go
+++ b/registry/app/api/controller/metadata/utils.go
@ -323,8 +323,8 @@ func GetRepoURL(rootIdentifier, registry string, registryURL string) string {
 	return parsedURL.String()
 }

-func GetRepoURLWithoutProtocol(rootIdentifier string, registry string, registryURL string) string {
-	repoURL := GetRepoURL(rootIdentifier, registry, registryURL)
+func GetRepoURLWithoutProtocol(registryURL string) string {
+	repoURL := registryURL
 	parsedURL, err := url.Parse(repoURL)
 	if err != nil {
 		log.Error().Stack().Err(err).Msg("Error parsing URL: ")
@ -334,34 +334,34 @@ func GetRepoURLWithoutProtocol(rootIdentifier string, registry string, registryU
 	return parsedURL.Host + parsedURL.Path
 }

-func GetTagURL(rootIdentifier string, artifact string, version string, registry string, registryURL string) string {
-	url := GetRepoURL(rootIdentifier, registry, registryURL)
+func GetTagURL(artifact string, version string, registryURL string) string {
+	url := registryURL
 	url += "/" + artifact + "/"
 	url += version
 	return url
 }

 func GetPullCommand(
-	rootIdentifier string, registry string, image string, tag string,
+	image string, tag string,
 	packageType string, registryURL string,
 ) string {
 	if packageType == "DOCKER" {
-		return GetDockerPullCommand(rootIdentifier, registry, image, tag, registryURL)
+		return GetDockerPullCommand(image, tag, registryURL)
 	} else if packageType == "HELM" {
-		return GetHelmPullCommand(rootIdentifier, registry, image, tag, registryURL)
+		return GetHelmPullCommand(image, tag, registryURL)
 	}
 	return ""
 }

 func GetDockerPullCommand(
-	rootIdentifier string, registry string, image string,
+	image string,
 	tag string, registryURL string,
 ) string {
-	return "docker pull " + GetRepoURLWithoutProtocol(rootIdentifier, registry, registryURL) + "/" + image + ":" + tag
+	return "docker pull " + GetRepoURLWithoutProtocol(registryURL) + "/" + image + ":" + tag
 }

-func GetHelmPullCommand(rootIdentifier string, registry string, image string, tag string, registryURL string) string {
-	return "helm install " + GetRepoURLWithoutProtocol(rootIdentifier, registry, registryURL) + "/" + image + ":" + tag
+func GetHelmPullCommand(image string, tag string, registryURL string) string {
+	return "helm install " + GetRepoURLWithoutProtocol(registryURL) + "/" + image + ":" + tag
 }

 // CleanURLPath removes leading and trailing spaces and trailing slashes from the given URL string.
--- a/registry/app/api/handler/oci/base.go
+++ b/registry/app/api/handler/oci/base.go
@ -41,27 +41,29 @@ import (
 func NewHandler(
 	controller *docker.Controller, spaceStore corestore.SpaceStore, tokenStore corestore.TokenStore,
 	userCtrl *usercontroller.Controller, authenticator authn.Authenticator, urlProvider urlprovider.Provider,
-	authorizer authz.Authorizer,
+	authorizer authz.Authorizer, ociRelativeURL bool,
 ) *Handler {
 	return &Handler{
-		Controller:    controller,
-		SpaceStore:    spaceStore,
-		TokenStore:    tokenStore,
-		UserCtrl:      userCtrl,
-		Authenticator: authenticator,
-		URLProvider:   urlProvider,
-		Authorizer:    authorizer,
+		Controller:     controller,
+		SpaceStore:     spaceStore,
+		TokenStore:     tokenStore,
+		UserCtrl:       userCtrl,
+		Authenticator:  authenticator,
+		URLProvider:    urlProvider,
+		Authorizer:     authorizer,
+		OCIRelativeURL: ociRelativeURL,
 	}
 }

 type Handler struct {
-	Controller    *docker.Controller
-	SpaceStore    corestore.SpaceStore
-	TokenStore    corestore.TokenStore
-	UserCtrl      *usercontroller.Controller
-	Authenticator authn.Authenticator
-	URLProvider   urlprovider.Provider
-	Authorizer    authz.Authorizer
+	Controller     *docker.Controller
+	SpaceStore     corestore.SpaceStore
+	TokenStore     corestore.TokenStore
+	UserCtrl       *usercontroller.Controller
+	Authenticator  authn.Authenticator
+	URLProvider    urlprovider.Provider
+	Authorizer     authz.Authorizer
+	OCIRelativeURL bool
 }

 type routeType string
@ -218,7 +220,7 @@ func (h *Handler) GetRegistryInfo(r *http.Request, remoteSupport bool) (pkg.Regi
 		Reference:  ref,
 		Digest:     dgst,
 		Tag:        tag,
-		URLBuilder: v2.NewURLBuilderFromRequest(r, false),
+		URLBuilder: v2.NewURLBuilderFromRequest(r, h.OCIRelativeURL),
 		Path:       r.URL.Path,
 	}

--- a/registry/app/api/middleware/auth.go
+++ b/registry/app/api/middleware/auth.go
@ -24,18 +24,21 @@ import (
 	"github.com/harness/gitness/app/api/request"
 	"github.com/harness/gitness/app/auth"
 	"github.com/harness/gitness/app/jwt"
+	"github.com/harness/gitness/app/url"
 	"github.com/harness/gitness/registry/app/api/handler/oci"
 	registryauth "github.com/harness/gitness/registry/app/auth"
+	"github.com/harness/gitness/registry/app/common"

 	"github.com/rs/zerolog/log"
 )

-func OciCheckAuth(url string) func(http.Handler) http.Handler {
+func OciCheckAuth(urlProvider url.Provider) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(
 			func(w http.ResponseWriter, r *http.Request) {
 				ctx := r.Context()
 				session, _ := request.AuthSessionFrom(ctx)
+				url := common.GenerateOciTokenURL(urlProvider.RegistryBaseURL(ctx, ""))
 				if session.Principal == auth.AnonymousPrincipal {
 					scope := getScope(r)
 					returnUnauthorised(ctx, w, url, scope)
@ -48,7 +51,7 @@ func OciCheckAuth(url string) func(http.Handler) http.Handler {
 }

 // BlockNonOciSourceToken blocks any request that doesn't have AccessPermissionMetadata.
-func BlockNonOciSourceToken(url string) func(http.Handler) http.Handler {
+func BlockNonOciSourceToken(urlProvider url.Provider) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(
 			func(w http.ResponseWriter, r *http.Request) {
@ -58,8 +61,8 @@ func BlockNonOciSourceToken(url string) func(http.Handler) http.Handler {
 						metadata.AccessPermissions.Source != jwt.OciSource {
 						log.Ctx(ctx).Warn().
 							Msg("blocking request - non OCI source tokens are not allowed for usage with oci endpoints")
-
 						scope := getScope(r)
+						url := common.GenerateOciTokenURL(urlProvider.RegistryBaseURL(ctx, ""))
 						returnUnauthorised(ctx, w, url, scope)
 						return
 					}
@ -101,10 +104,10 @@ func getScope(r *http.Request) string {
 		paramMap := oci.GetQueryParamMap(r.URL.Query())
 		rootIdentifier, registryIdentifier, _, _, _, _ := oci.ExtractPathVars(path, paramMap)
 		var access []registryauth.Access
-		access = registryauth.AppendAccess(access, r.Method, rootIdentifier, registryIdentifier)
+		access = registryauth.AppendAccess(access, r.Method, rootIdentifier+"/"+registryIdentifier)
 		if fromRepo := r.FormValue("from"); fromRepo != "" {
 			space, repoName := getRefsFromName(fromRepo)
-			access = registryauth.AppendAccess(access, http.MethodGet, space, repoName)
+			access = registryauth.AppendAccess(access, http.MethodGet, space+"/"+repoName)
 		}
 		scope = registryauth.NewAccessSet(access...).ScopeParam()
 	}
--- a/registry/app/api/router/oci/route.go
+++ b/registry/app/api/router/oci/route.go
@ -21,7 +21,6 @@ import (
 	"github.com/harness/gitness/registry/app/api/handler/oci"
 	"github.com/harness/gitness/registry/app/api/middleware"
 	"github.com/harness/gitness/registry/app/api/router/utils"
-	"github.com/harness/gitness/registry/app/common"

 	"github.com/go-chi/chi/v5"
 	"github.com/rs/zerolog/log"
@ -78,14 +77,14 @@ func NewOCIHandler(handlerV2 *oci.Handler) RegistryOCIHandler {
 			handlerV2.GetToken(w, req)
 		})

-		r.With(middleware.OciCheckAuth(common.GenerateOciTokenURL(handlerV2.URLProvider.RegistryURL()))).
+		r.With(middleware.OciCheckAuth(handlerV2.URLProvider)).
 			Get("/", func(w http.ResponseWriter, req *http.Request) {
 				handlerV2.APIBase(w, req)
 			})

 		r.Route("/{registryIdentifier}", func(r chi.Router) {
-			r.Use(middleware.OciCheckAuth(common.GenerateOciTokenURL(handlerV2.URLProvider.RegistryURL())))
-			r.Use(middleware.BlockNonOciSourceToken(handlerV2.URLProvider.RegistryURL()))
+			r.Use(middleware.OciCheckAuth(handlerV2.URLProvider))
+			r.Use(middleware.BlockNonOciSourceToken(handlerV2.URLProvider))
 			r.Use(middleware.TrackDownloadStat(handlerV2))
 			r.Use(middleware.TrackBandwidthStat(handlerV2))

--- a/registry/app/api/wire.go
+++ b/registry/app/api/wire.go
@ -68,9 +68,18 @@ func BlobStorageProvider(c *types.Config) (storagedriver.StorageDriver, error) {
 func NewHandlerProvider(
 	controller *docker.Controller, spaceStore corestore.SpaceStore,
 	tokenStore corestore.TokenStore, userCtrl *usercontroller.Controller, authenticator authn.Authenticator,
-	urlProvider urlprovider.Provider, authorizer authz.Authorizer,
+	urlProvider urlprovider.Provider, authorizer authz.Authorizer, config *types.Config,
 ) *ocihandler.Handler {
-	return ocihandler.NewHandler(controller, spaceStore, tokenStore, userCtrl, authenticator, urlProvider, authorizer)
+	return ocihandler.NewHandler(
+		controller,
+		spaceStore,
+		tokenStore,
+		userCtrl,
+		authenticator,
+		urlProvider,
+		authorizer,
+		config.Registry.HTTP.RelativeURL,
+	)
 }

 var WireSet = wire.NewSet(
--- a/registry/app/auth/auth.go
+++ b/registry/app/auth/auth.go
@ -30,9 +30,8 @@ func NewAccessSet(accessItems ...Access) AccessSet {

 	for _, access := range accessItems {
 		resource := Resource{
-			Type:  access.Type,
-			Name:  access.Name,
-			Space: access.Space,
+			Type: access.Type,
+			Name: access.Name,
 		}

 		set, exists := accessSet[resource]
@ -64,7 +63,7 @@ func (s AccessSet) ScopeParam() string {

 	for resource, actionSet := range s {
 		actions := strings.Join(actionSet.keys(), ",")
-		resourceName := strings.Join([]string{resource.Space, resource.Name}, "/")
+		resourceName := resource.Name
 		scopes = append(scopes, strings.Join([]string{resource.Type, resourceName, actions}, ":"))
 	}

@ -73,9 +72,8 @@ func (s AccessSet) ScopeParam() string {

 // Resource describes a resource by type and name.
 type Resource struct {
-	Type  string
-	Name  string
-	Space string
+	Type string
+	Name string
 }

 // Access describes a specific action that is
@ -85,11 +83,10 @@ type Access struct {
 	Action string
 }

-func AppendAccess(records []Access, method string, rootIdentifier string, repo string) []Access {
+func AppendAccess(records []Access, method string, name string) []Access {
 	resource := Resource{
-		Type:  "repository",
-		Name:  repo,
-		Space: rootIdentifier,
+		Type: "repository",
+		Name: name,
 	}

 	switch method {
--- a/registry/app/common/url_utils.go
+++ b/registry/app/common/url_utils.go
@ -16,16 +16,17 @@ package common

 import (
 	"net/url"
+	"strings"
 )

 func GenerateOciTokenURL(registryURL string) string {
 	return registryURL + "/v2/token"
 }

-func GenerateSetupClientHostname(registryURL string) string {
+func GenerateSetupClientHostnameAndRegistry(registryURL string) (hostname string, registryRef string) {
 	regURL, err := url.Parse(registryURL)
 	if err != nil {
-		return ""
+		return "", ""
 	}
-	return regURL.Host
+	return regURL.Host, strings.Trim(regURL.Path, "/")
 }
--- a/types/config.go
+++ b/types/config.go
@ -476,6 +476,8 @@ type Config struct {
 			// If not provided, a random secret will be generated. This may cause problems with uploads if multiple
 			// registries are behind a load-balancer
 			Secret string `envconfig:"GITNESS_REGISTRY_HTTP_SECRET"`
+
+			RelativeURL bool `envconfig:"GITNESS_OCI_RELATIVE_URL" default:"false"`
 		}

 		//nolint:lll