fix some tests, split up and refactor

some wonky regression introduced by docker dependencies when running on darwin. see https://github.com/ory/dockertest/issues/212 for more info.
will have a look at this next

pkg/registry/auth/auth.go

@@ -0,0 +1,144 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	ref "github.com/containers/image/v5/docker/reference"
+	"github.com/containrrr/watchtower/pkg/logger"
+	"github.com/containrrr/watchtower/pkg/registry/helpers"
+	"github.com/containrrr/watchtower/pkg/types"
+	apiTypes "github.com/docker/docker/api/types"
+	"github.com/sirupsen/logrus"
+	"io/ioutil"
+	"net/http"
+	url2 "net/url"
+	"strings"
+)
+
+const 	ChallengeHeader           = "WWW-Authenticate"
+
+
+
+
+func GetToken(ctx context.Context, image apiTypes.ImageInspect, credentials *types.RegistryCredentials) (string, error) {
+	var err error
+	log := logger.GetLogger(ctx)
+
+	img := strings.Split(image.RepoTags[0], ":")[0]
+	var url url2.URL
+	if url, err = GetChallengeURL(img); err != nil {
+		return "", err
+	}
+
+	var req *http.Request
+	if req, err = GetChallengeRequest(url); err != nil {
+		return "", err
+	}
+
+	var client = http.Client{}
+	var res *http.Response
+	if res, err = client.Do(req); err != nil {
+		return "", err
+	}
+
+	v := res.Header.Get(ChallengeHeader)
+
+	log.WithFields(logrus.Fields{
+		"status": res.Status,
+		"header": v,
+	}).Debug("Got response to challenge request")
+	challenge := strings.ToLower(v)
+	if strings.HasPrefix(challenge, "basic") {
+		return "", errors.New("basic auth not implemented yet")
+	}
+	if strings.HasPrefix(challenge, "bearer") {
+		log.Debug("Fetching bearer token")
+		return GetBearerToken(ctx, challenge, img, err, credentials)
+	}
+
+	return "", errors.New("unsupported challenge type from registry")
+}
+
+func GetChallengeRequest(url url2.URL) (*http.Request, error) {
+
+	req, err := http.NewRequest("GET", url.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Accept", "*/*")
+	req.Header.Set("User-Agent", "Watchtower (Docker)")
+	return req, nil
+}
+
+func GetBearerToken(ctx context.Context, challenge string, img string, err error, credentials *types.RegistryCredentials) (string, error) {
+	log := logger.GetLogger(ctx)
+	client := http.Client{}
+	authURL := GetAuthURL(challenge, img)
+
+	var r *http.Request
+	if r, err = http.NewRequest("GET", authURL.String(), nil); err != nil {
+		return "", err
+	}
+
+	if credentials.Username != "" && credentials.Password != "" {
+		log.WithField("credentials", credentials).Debug("Found credentials. Adding basic auth.")
+		r.SetBasicAuth(credentials.Username, credentials.Password)
+	} else {
+		log.Debug("No credentials found. Doing an anonymous request.")
+	}
+
+	var authResponse *http.Response
+	if authResponse, err = client.Do(r); err != nil {
+		return "", err
+	}
+
+	body, _ := ioutil.ReadAll(authResponse.Body)
+	tokenResponse := &types.TokenResponse{}
+
+	err = json.Unmarshal(body, tokenResponse)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenResponse.Token, nil
+}
+
+func GetAuthURL(challenge string, img string) *url2.URL {
+	raw := strings.TrimPrefix(challenge, "bearer")
+	pairs := strings.Split(raw, ",")
+	values := make(map[string]string, 0)
+	for _, pair := range pairs {
+		trimmed := strings.Trim(pair, " ")
+		kv := strings.Split(trimmed, "=")
+		key := kv[0]
+		val := strings.Trim(kv[1], "\"")
+		values[key] = val
+	}
+
+	authURL, _ := url2.Parse(fmt.Sprintf("%s", values["realm"]))
+	q := authURL.Query()
+	q.Add("service", values["service"])
+	scopeImage := strings.TrimPrefix(img, values["service"])
+	scope := fmt.Sprintf("repository:%s:pull", scopeImage)
+	q.Add("scope", scope)
+
+	authURL.RawQuery = q.Encode()
+	return authURL
+}
+
+func GetChallengeURL(img string) (url2.URL, error) {
+	normalizedNamed, _ := ref.ParseNormalizedNamed(img)
+	host, err := helpers.NormalizeRegistry(normalizedNamed.Name())
+	if err != nil {
+		return url2.URL{}, err
+	}
+
+	url := url2.URL{
+		Scheme: "https",
+		Host:   host ,
+		Path:   "/v2/",
+	}
+	return url, nil
+}