8ec7de50e3
ci/woodpecker/tag/docker Pipeline was successful
Docker Hub (and other registries) return 401 with a `Www-Authenticate: Bearer realm=...` challenge even for public images. The proxy now: 1. Detects 401 + Bearer challenge 2. Parses realm/service/scope from the header 3. Fetches an anonymous token (or authenticated if username/password configured) 4. Retries the original request with the Bearer token Fixes: `docker pull artifactapi.../dockerhub/library/redis:latest` returning "unauthorized: upstream returned 401" Reviewed-on: #60 Co-authored-by: Ben Vincent <ben@unkin.net> Co-committed-by: Ben Vincent <ben@unkin.net>