From 757e1bbe45aa8f80500ceb091004f6876a983db9 Mon Sep 17 00:00:00 2001
From: Daniil Kivenko <daniil.kivenko@p2p.org>
Date: Mon, 9 Mar 2026 14:41:07 +0000
Subject: [PATCH] feat(proxy): reject unauthenticated requests with 403

---
 src/proxy.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/proxy.rs b/src/proxy.rs
index 6c03e40..1fef6f3 100644
--- a/src/proxy.rs
+++ b/src/proxy.rs
@@ -116,6 +116,16 @@ pub async fn registry_handler(
         .iter()
         .filter_map(|v| v.to_str().ok().map(str::to_string))
         .collect();
+
+    if auth_header.is_none() {
+        warn!(path, "rejected unauthenticated request");
+        return error_response(
+            StatusCode::FORBIDDEN,
+            "UNAUTHORIZED",
+            "authentication required",
+        );
+    }
+
     match parse_path(remainder) {
         Err(e) => {
             warn!(path, error = %e, "bad request path");