Pass auth config through headers rather than as URL param

api.go

@@ -2,7 +2,6 @@ package docker
 
 import (
 	"code.google.com/p/go.net/websocket"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/auth"
@@ -395,13 +394,12 @@ func postImagesCreate(srv *Server, version float64, w http.ResponseWriter, r *ht
 	tag := r.Form.Get("tag")
 	repo := r.Form.Get("repo")
 
-	authEncoded := r.Form.Get("authConfig")
+	authJson := r.Header.Get("X-Registry-Auth")
 	authConfig := &auth.AuthConfig{}
-	if authEncoded != "" {
-		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
+	if authJson != "" {
+		if err := json.NewDecoder(strings.NewReader(authJson)).Decode(authConfig); err != nil {
 			// for a pull it is not an error if no auth was given
-			// to increase compatibilit to existing api it is defaulting to be empty
+			// to increase compatibility with the existing api it is defaulting to be empty
 			authConfig = &auth.AuthConfig{}
 		}
 	}
@@ -495,17 +493,14 @@ func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http
 	}
 	authConfig := &auth.AuthConfig{}
 
-	authEncoded := r.Form.Get("authConfig")
-	if authEncoded != "" {
-		// the new format is to handle the authConfg as a parameter
-		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
-		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
-			// for a pull it is not an error if no auth was given
-			// to increase compatibilit to existing api it is defaulting to be empty
+	authJson := r.Header.Get("X-Registry-Auth")
+	if authJson != "" {
+		if err := json.NewDecoder(strings.NewReader(authJson)).Decode(authConfig); err != nil {
+			// to increase compatibility with the existing api it is defaulting to be empty
 			authConfig = &auth.AuthConfig{}
 		}
 	} else {
-		// the old format is supported for compatibility if there was no authConfig parameter
+		// the old format is supported for compatibility if there was no authConfig header
 		if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {
 			return err
 		}

commands.go

@@ -128,7 +128,7 @@ func (cli *DockerCli) CmdInsert(args ...string) error {
 	v.Set("url", cmd.Arg(1))
 	v.Set("path", cmd.Arg(2))
 
-	if err := cli.stream("POST", "/images/"+cmd.Arg(0)+"/insert?"+v.Encode(), nil, cli.out); err != nil {
+	if err := cli.stream("POST", "/images/"+cmd.Arg(0)+"/insert?"+v.Encode(), nil, cli.out, nil); err != nil {
 		return err
 	}
 	return nil
@@ -795,7 +795,7 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 	v.Set("tag", tag)
 	v.Set("fromSrc", src)
 
-	err := cli.stream("POST", "/images/create?"+v.Encode(), cli.in, cli.out)
+	err := cli.stream("POST", "/images/create?"+v.Encode(), cli.in, cli.out, nil)
 	if err != nil {
 		return err
 	}
@@ -841,9 +841,13 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 		if err != nil {
 			return err
 		}
-		v.Set("authConfig", base64.URLEncoding.EncodeToString(buf))
+		registryAuthHeader := []string{
+			string(buf),
+		}
 
-		return cli.stream("POST", "/images/"+name+"/push?"+v.Encode(), nil, cli.out)
+		return cli.stream("POST", "/images/"+name+"/push?"+v.Encode(), nil, cli.out, map[string][]string{
+			"X-Registry-Auth": registryAuthHeader,
+		})
 	}
 
 	if err := push(authConfig); err != nil {
@@ -896,9 +900,13 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 		if err != nil {
 			return err
 		}
-		v.Set("authConfig", base64.URLEncoding.EncodeToString(buf))
+		registryAuthHeader := []string{
+			string(buf),
+		}
 
-		return cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.out)
+		return cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.out, map[string][]string{
+			"X-Registry-Auth": registryAuthHeader,
+		})
 	}
 
 	if err := pull(authConfig); err != nil {
@@ -1143,7 +1151,7 @@ func (cli *DockerCli) CmdEvents(args ...string) error {
 		v.Set("since", *since)
 	}
 
-	if err := cli.stream("GET", "/events?"+v.Encode(), nil, cli.out); err != nil {
+	if err := cli.stream("GET", "/events?"+v.Encode(), nil, cli.out, nil); err != nil {
 		return err
 	}
 	return nil
@@ -1160,7 +1168,7 @@ func (cli *DockerCli) CmdExport(args ...string) error {
 		return nil
 	}
 
-	if err := cli.stream("GET", "/containers/"+cmd.Arg(0)+"/export", nil, cli.out); err != nil {
+	if err := cli.stream("GET", "/containers/"+cmd.Arg(0)+"/export", nil, cli.out, nil); err != nil {
 		return err
 	}
 	return nil
@@ -1451,7 +1459,7 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 		}
 		v.Set("authConfig", base64.URLEncoding.EncodeToString(buf))
 
-		err = cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.err)
+		err = cli.stream("POST", "/images/create?"+v.Encode(), nil, cli.err, nil)
 		if err != nil {
 			return err
 		}
@@ -1628,7 +1636,7 @@ func (cli *DockerCli) call(method, path string, data interface{}) ([]byte, int,
 	return body, resp.StatusCode, nil
 }
 
-func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer) error {
+func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error {
 	if (method == "POST" || method == "PUT") && in == nil {
 		in = bytes.NewReader([]byte{})
 	}
@@ -1641,6 +1649,13 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer) e
 	if method == "POST" {
 		req.Header.Set("Content-Type", "plain/text")
 	}
+
+	if headers != nil {
+		for k, v := range headers {
+			req.Header[k] = v
+		}
+	}
+
 	dial, err := net.Dial(cli.proto, cli.addr)
 	if err != nil {
 		if strings.Contains(err.Error(), "connection refused") {