evan.jarrett.net
+3
-4
pkg/appview/middleware/registry.go
+3
-4
pkg/appview/middleware/registry.go
···
293
// Auto-reconcile crew membership on first push/pull
294
// This ensures users can push immediately after docker login without web sign-in
295
// EnsureCrewMembership is best-effort and logs errors without failing the request
296
-
// Run in background to avoid blocking registry operations if hold is offline
297
if holdDID != "" && nr.refresher != nil {
298
slog.Debug("Auto-reconciling crew membership", "component", "registry/middleware", "did", did, "hold_did", holdDID)
299
client := atproto.NewClient(pdsEndpoint, did, "")
300
-
go func(ctx context.Context, client *atproto.Client, refresher *oauth.Refresher, holdDID string) {
301
-
storage.EnsureCrewMembership(ctx, client, refresher, holdDID)
302
-
}(ctx, client, nr.refresher, holdDID)
303
}
304
305
// Get service token for hold authentication (only if authenticated)
···
293
// Auto-reconcile crew membership on first push/pull
294
// This ensures users can push immediately after docker login without web sign-in
295
// EnsureCrewMembership is best-effort and logs errors without failing the request
296
+
// Run synchronously to ensure crew record exists before write access checks
297
+
// (returns quickly if already a member - hold returns 200/201)
298
if holdDID != "" && nr.refresher != nil {
299
slog.Debug("Auto-reconciling crew membership", "component", "registry/middleware", "did", did, "hold_did", holdDID)
300
client := atproto.NewClient(pdsEndpoint, did, "")
301
+
storage.EnsureCrewMembership(ctx, client, nr.refresher, holdDID)
302
}
303
304
// Get service token for hold authentication (only if authenticated)