mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-23 12:04:21 +01:00
routers/repo/http.go: allow HTTP push/pull by token for #845
This commit is contained in:
parent
19525abfc4
commit
ba77a3b0b4
2 changed files with 32 additions and 54 deletions
|
@ -62,21 +62,6 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
|
||||||
return tokens, nil
|
return tokens, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListAllAccessTokens returns all access tokens
|
|
||||||
func ListAllAccessTokens() ([]*AccessToken, error) {
|
|
||||||
tokens := make([]*AccessToken, 0, 5)
|
|
||||||
err := x.Desc("id").Find(&tokens)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, t := range tokens {
|
|
||||||
t.HasUsed = t.Updated.After(t.Created)
|
|
||||||
t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(time.Now())
|
|
||||||
}
|
|
||||||
return tokens, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteAccessTokenById deletes access token by given ID.
|
// DeleteAccessTokenById deletes access token by given ID.
|
||||||
func DeleteAccessTokenById(id int64) error {
|
func DeleteAccessTokenById(id int64) error {
|
||||||
_, err := x.Id(id).Delete(new(AccessToken))
|
_, err := x.Id(id).Delete(new(AccessToken))
|
||||||
|
|
|
@ -73,12 +73,14 @@ func Http(ctx *middleware.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// only public pull don't need auth
|
// Only public pull don't need auth.
|
||||||
isPublicPull := !repo.IsPrivate && isPull
|
isPublicPull := !repo.IsPrivate && isPull
|
||||||
var askAuth = !isPublicPull || setting.Service.RequireSignInView
|
var (
|
||||||
var authUser *models.User
|
askAuth = !isPublicPull || setting.Service.RequireSignInView
|
||||||
var authUsername, passwd string
|
authUser *models.User
|
||||||
usedToken := false
|
authUsername string
|
||||||
|
authPasswd string
|
||||||
|
)
|
||||||
|
|
||||||
// check access
|
// check access
|
||||||
if askAuth {
|
if askAuth {
|
||||||
|
@ -91,12 +93,13 @@ func Http(ctx *middleware.Context) {
|
||||||
auths := strings.Fields(baHead)
|
auths := strings.Fields(baHead)
|
||||||
// currently check basic auth
|
// currently check basic auth
|
||||||
// TODO: support digit auth
|
// TODO: support digit auth
|
||||||
// FIXME: middlewares/context.go did basic auth check already
|
// FIXME: middlewares/context.go did basic auth check already,
|
||||||
|
// maybe could use that one.
|
||||||
if len(auths) != 2 || auths[0] != "Basic" {
|
if len(auths) != 2 || auths[0] != "Basic" {
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
authUsername, passwd, err = base.BasicAuthDecode(auths[1])
|
authUsername, authPasswd, err = base.BasicAuthDecode(auths[1])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
ctx.Handle(401, "no basic auth and digit auth", nil)
|
||||||
return
|
return
|
||||||
|
@ -104,39 +107,31 @@ func Http(ctx *middleware.Context) {
|
||||||
|
|
||||||
authUser, err = models.GetUserByName(authUsername)
|
authUser, err = models.GetUserByName(authUsername)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// check if a token was given instead of username
|
if err != models.ErrUserNotExist {
|
||||||
tokens, err := models.ListAllAccessTokens()
|
ctx.Handle(500, "GetUserByName", err)
|
||||||
if err != nil {
|
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, token := range tokens {
|
// Assume username now is a token.
|
||||||
if token.Sha1 == authUsername {
|
token, err := models.GetAccessTokenBySha(authUsername)
|
||||||
// get user belonging to token
|
if err != nil {
|
||||||
|
if err == models.ErrAccessTokenNotExist {
|
||||||
|
ctx.Handle(401, "invalid token", nil)
|
||||||
|
} else {
|
||||||
|
ctx.Handle(500, "GetAccessTokenBySha", err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
authUser, err = models.GetUserById(token.Uid)
|
authUser, err = models.GetUserById(token.Uid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
ctx.Handle(500, "GetUserById", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
authUsername = authUser.Name
|
authUsername = authUser.Name
|
||||||
usedToken = true
|
} else {
|
||||||
break
|
// Check user's password when username is correctly presented.
|
||||||
}
|
if !authUser.ValidtePassword(authPasswd) {
|
||||||
}
|
ctx.Handle(401, "invalid password", nil)
|
||||||
|
|
||||||
if authUser == nil {
|
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check password if token is not used
|
|
||||||
if !usedToken {
|
|
||||||
newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
|
|
||||||
newUser.EncodePasswd()
|
|
||||||
if authUser.Passwd != newUser.Passwd {
|
|
||||||
ctx.Handle(401, "no basic auth and digit auth", nil)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -166,9 +161,7 @@ func Http(ctx *middleware.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var f func(rpc string, input []byte)
|
var f = func(rpc string, input []byte) {
|
||||||
|
|
||||||
f = func(rpc string, input []byte) {
|
|
||||||
if rpc == "receive-pack" {
|
if rpc == "receive-pack" {
|
||||||
var lastLine int64 = 0
|
var lastLine int64 = 0
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue