From 90905ace89ca2c417b4f0e41c607eb6bccc61c5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9E=D0=BB=D0=B5=D0=B3=20=D0=91=D0=BE=D1=80=D0=BE=D0=B4?=
 =?UTF-8?q?=D0=B8=D0=BD?= <onborodin@gmail.com>
Date: Sat, 7 Feb 2026 11:24:30 +0200
Subject: [PATCH] working commit

---
 app/handler/authmw.go  | 11 ++++--
 app/handler/blob.go    |  7 ----
 app/handler/version.go |  9 ++++-
 app/maindb/grant.go    | 77 ++++++++++++++++++++++++++++++++++++++++++
 app/maindb/schema.go   | 17 +++++-----
 app/service/service.go |  2 +-
 6 files changed, 102 insertions(+), 21 deletions(-)
 create mode 100644 app/maindb/grant.go

diff --git a/app/handler/authmw.go b/app/handler/authmw.go
index 4a07ebc..c6934c6 100644
--- a/app/handler/authmw.go
+++ b/app/handler/authmw.go
@@ -36,9 +36,14 @@ func (hand *Handler) CheckAccess(rctx *router.Context) (bool, error) {
 	var res bool
 
 	authHeader := rctx.GetHeader("Authorization")
-	hand.logg.Debugf("Authorization header is %s", authHeader)
-	username, password, err := auxhttp.ParseBasicAuth(authHeader)
-	hand.logg.Debugf("Authorization username is %s:%s", username, password)
+        if authHeader != "" {
+                hand.logg.Debugf("Authorization header is %s", authHeader)
+                username, password, err := auxhttp.ParseBasicAuth(authHeader)
+                if err != nil {
+                        return res, err
+                }
+                hand.logg.Debugf("Authorization username is %s:%s", username, password)
+        }
 
 	res = true
 
diff --git a/app/handler/blob.go b/app/handler/blob.go
index add0d46..90bd89c 100644
--- a/app/handler/blob.go
+++ b/app/handler/blob.go
@@ -22,15 +22,8 @@ func (hand *Handler) BlobExists(rctx *router.Context) {
 	name, _ := rctx.GetSubpath("name")
 	digest, _ := rctx.GetSubpath("digest")
 
-	auth := rctx.GetHeader("Authorization")
 	hand.DumpHeaders("BlobExists", rctx)
 
-	if auth == "" {
-		rctx.SetHeader("WWW-Authenticate", `Basic realm="mstore"`)
-		rctx.SetStatus(http.StatusUnauthorized)
-		return
-	}
-
 	params := &operator.BlobExistsParams{
 		Name:   name,
 		Digest: digest,
diff --git a/app/handler/version.go b/app/handler/version.go
index 5277763..0ac9623 100644
--- a/app/handler/version.go
+++ b/app/handler/version.go
@@ -10,6 +10,8 @@
 package handler
 
 import (
+        "net/http"
+
 	"mstore/app/operator"
 	"mstore/app/router"
 )
@@ -19,7 +21,12 @@ func (hand *Handler) GetVersion(rctx *router.Context) {
 	params := &operator.GetVersionParams{}
 
 	hand.DumpHeaders("GetVersion", rctx)
-
+        authorization := rctx.GetHeader("Authorization")
+        if authorization == "" {
+                rctx.SetHeader("WWW-Authenticate", `Basic realm="mstore"`)
+                rctx.SetStatus(http.StatusUnauthorized)
+                return
+        }
 	ctx := rctx.GetContext()
 	_, code, err := hand.oper.GetVersion(ctx, params)
 	if err != nil {
diff --git a/app/maindb/grant.go b/app/maindb/grant.go
new file mode 100644
index 0000000..59f7448
--- /dev/null
+++ b/app/maindb/grant.go
@@ -0,0 +1,77 @@
+package maindb
+
+import (
+	"context"
+
+	"mstore/app/descr"
+)
+
+func (db *Database) InsertGrant(ctx context.Context, grant *descr.Grant) error {
+	var err error
+	request := `INSERT INTO grants(id, account_id, operation, created_at)
+                        VALUES ($1, $2, $3, $4)`
+	_, err = db.db.Exec(request, grant.ID, grant.AccountID, grant.Operation, grant.CreatedAt)
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func (db *Database) ListGrantsByAccountID(ctx context.Context, accountID int64) ([]descr.Grant, error) {
+	var err error
+	request := `SELECT * FROM grants WHERE account_id = $1`
+	res := make([]descr.Grant, 0)
+	err = db.db.Select(&res, request, accountID)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}
+
+func (db *Database) ListGrants(ctx context.Context) ([]descr.Grant, error) {
+	var err error
+	request := `SELECT * FROM grants`
+	res := make([]descr.Grant, 0)
+	err = db.db.Select(&res, request)
+	if err != nil {
+		return res, err
+	}
+	return res, err
+}
+
+func (db *Database) GetGrant(ctx context.Context, accountID int64, operation string) (bool, *descr.Grant, error) {
+	var err error
+	res := &descr.Grant{}
+	request := `SELECT * FROM grants WHERE account_id = $1 AND operation = $2 LIMIT 1`
+	dbRes := make([]descr.Grant, 0)
+	err = db.db.Select(&dbRes, request, accountID, operation)
+	if err != nil {
+		return false, res, err
+	}
+	if len(dbRes) == 0 {
+		return false, res, err
+
+	}
+	res = &dbRes[0]
+	return true, res, err
+}
+
+func (db *Database) DeleteGrantByAccountID(ctx context.Context, grantID int64, operation string) error {
+	var err error
+	request := `DELETE FROM grants WHERE account_id = $1 AND operation = $2`
+	_, err = db.db.Exec(request, grantID, operation)
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func (db *Database) DeleteAllGrantsForAccountID(ctx context.Context, grantID int64) error {
+	var err error
+	request := `DELETE FROM grants WHERE account_id = $1`
+	_, err = db.db.Exec(request, grantID)
+	if err != nil {
+		return err
+	}
+	return err
+}
diff --git a/app/maindb/schema.go b/app/maindb/schema.go
index 4b17e1f..5ec6275 100644
--- a/app/maindb/schema.go
+++ b/app/maindb/schema.go
@@ -22,7 +22,7 @@ const schema = `
         created_by  VARCHAR(255) NOT NULL,
         updated_by  VARCHAR(255) NOT NULL
     );
-    CREATE UNIQUE INDEX IF NOT EXISTS file_index
+    CREATE UNIQUE INDEX IF NOT EXISTS files_index
         ON files(collection, name);
 
     --- DROP TABLE IF EXISTS manifests;
@@ -38,7 +38,7 @@ const schema = `
         created_by  VARCHAR(255) NOT NULL,
         updated_by  VARCHAR(255) NOT NULL
     );
-    CREATE UNIQUE INDEX IF NOT EXISTS manifest_index
+    CREATE UNIQUE INDEX IF NOT EXISTS manifests_index
         ON manifests(name, reference);
 
     CREATE TABLE IF NOT EXISTS blobs (
@@ -57,7 +57,7 @@ const schema = `
         ON blobs(name, reference, digest);
 
     --- DROP TABLE IF EXISTS accounts;
-    CREATE TABLE IF NOT EXISTS account (
+    CREATE TABLE IF NOT EXISTS accounts (
 	id          INT  NOT NULL,
 	username    TEXT NOT NULL,
 	passhash    TEXT NOT NULL,
@@ -65,22 +65,21 @@ const schema = `
         updated_at  TEXT NOT NULL,
         disabled    BOOL
     );
-    CREATE UNIQUE INDEX IF NOT EXISTS account_index01
+    CREATE UNIQUE INDEX IF NOT EXISTS accounts_index01
         ON accounts(id);
-    CREATE UNIQUE INDEX IF NOT EXISTS account_index02
+    CREATE UNIQUE INDEX IF NOT EXISTS accounts_index02
         ON accounts(username);
 
-
     --- DROP TABLE IF EXISTS grants;
-    CREATE TABLE IF NOT EXISTS grant (
+    CREATE TABLE IF NOT EXISTS grants (
 	id          INT  NOT NULL,
         account_id  INT  NOT NULL,
 	operation   TEXT NOT NULL,
         created_at  TEXT NOT NULL
     );
-    CREATE INDEX IF NOT EXISTS grant_index01
+    CREATE INDEX IF NOT EXISTS grants_index01
         ON grants(account_id);
-    CREATE UNIQUE INDEX IF NOT EXISTS grant_index02
+    CREATE UNIQUE INDEX IF NOT EXISTS grants_index02
         ON grants(account_id, operation);
 
 `
diff --git a/app/service/service.go b/app/service/service.go
index e4f8278..5afbec7 100644
--- a/app/service/service.go
+++ b/app/service/service.go
@@ -68,7 +68,7 @@ func (svc *Service) Build() error {
 	svc.rout.Use(router.NewRecoveryMiddleware(svc.logg.Errorf))
 	svc.rout.Use(router.NewLoggingMiddleware(svc.logg.Infof))
 	svc.rout.Use(router.NewCorsMiddleware())
-	svc.rout.Use(svc.hand.AuthMiddleware())
+	svc.rout.Use(svc.hand.AuthMiddleware)
 
 	svc.rout.Get("/v3/api/service/hello", svc.hand.SendHello)