mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-24 07:13:33 +01:00
#842 able to use access token replace basic auth
This commit is contained in:
parent
ebf1bd4f51
commit
2ac8e11f46
7 changed files with 53 additions and 32 deletions
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
|||
"github.com/gogits/gogs/modules/setting"
|
||||
)
|
||||
|
||||
const APP_VER = "0.6.7.0901 Beta"
|
||||
const APP_VER = "0.6.7.0902 Beta"
|
||||
|
||||
func init() {
|
||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||
|
|
|
@ -183,6 +183,26 @@ func (err ErrDeployKeyNameAlreadyUsed) Error() string {
|
|||
return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
|
||||
}
|
||||
|
||||
// _____ ___________ __
|
||||
// / _ \ ____ ____ ____ ______ _____\__ ___/___ | | __ ____ ____
|
||||
// / /_\ \_/ ___\/ ___\/ __ \ / ___// ___/ | | / _ \| |/ // __ \ / \
|
||||
// / | \ \__\ \__\ ___/ \___ \ \___ \ | |( <_> ) <\ ___/| | \
|
||||
// \____|__ /\___ >___ >___ >____ >____ > |____| \____/|__|_ \\___ >___| /
|
||||
// \/ \/ \/ \/ \/ \/ \/ \/ \/
|
||||
|
||||
type ErrAccessTokenNotExist struct {
|
||||
SHA string
|
||||
}
|
||||
|
||||
func IsErrAccessTokenNotExist(err error) bool {
|
||||
_, ok := err.(ErrAccessTokenNotExist)
|
||||
return ok
|
||||
}
|
||||
|
||||
func (err ErrAccessTokenNotExist) Error() string {
|
||||
return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
|
||||
}
|
||||
|
||||
// ________ .__ __ .__
|
||||
// \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____
|
||||
// / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \
|
||||
|
|
|
@ -5,17 +5,12 @@
|
|||
package models
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"time"
|
||||
|
||||
"github.com/gogits/gogs/modules/base"
|
||||
"github.com/gogits/gogs/modules/uuid"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrAccessTokenNotExist = errors.New("Access token does not exist")
|
||||
)
|
||||
|
||||
// AccessToken represents a personal access token.
|
||||
type AccessToken struct {
|
||||
ID int64 `xorm:"pk autoincr"`
|
||||
|
@ -42,7 +37,7 @@ func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
} else if !has {
|
||||
return nil, ErrAccessTokenNotExist
|
||||
return nil, ErrAccessTokenNotExist{sha}
|
||||
}
|
||||
return t, nil
|
||||
}
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"reflect"
|
||||
"strings"
|
||||
"time"
|
||||
|
@ -26,34 +25,41 @@ func IsAPIPath(url string) bool {
|
|||
return strings.HasPrefix(url, "/api/")
|
||||
}
|
||||
|
||||
// SignedInId returns the id of signed in user.
|
||||
func SignedInId(req *http.Request, sess session.Store) int64 {
|
||||
// SignedInID returns the id of signed in user.
|
||||
func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
|
||||
if !models.HasEngine {
|
||||
return 0
|
||||
}
|
||||
|
||||
// API calls need to check access token.
|
||||
if IsAPIPath(req.URL.Path) {
|
||||
auHead := req.Header.Get("Authorization")
|
||||
// Check access token.
|
||||
tokenSHA := ctx.Query("token")
|
||||
if len(tokenSHA) == 0 {
|
||||
// Well, check with header again.
|
||||
auHead := ctx.Req.Header.Get("Authorization")
|
||||
if len(auHead) > 0 {
|
||||
auths := strings.Fields(auHead)
|
||||
if len(auths) == 2 && auths[0] == "token" {
|
||||
t, err := models.GetAccessTokenBySHA(auths[1])
|
||||
if err != nil {
|
||||
if err != models.ErrAccessTokenNotExist {
|
||||
log.Error(4, "GetAccessTokenBySHA: %v", err)
|
||||
}
|
||||
return 0
|
||||
}
|
||||
t.Updated = time.Now()
|
||||
if err = models.UpdateAccessToekn(t); err != nil {
|
||||
log.Error(4, "UpdateAccessToekn: %v", err)
|
||||
}
|
||||
return t.UID
|
||||
tokenSHA = auths[1]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Let's see if token is valid.
|
||||
if len(tokenSHA) > 0 {
|
||||
t, err := models.GetAccessTokenBySHA(tokenSHA)
|
||||
if err != nil {
|
||||
if models.IsErrAccessTokenNotExist(err) {
|
||||
log.Error(4, "GetAccessTokenBySHA: %v", err)
|
||||
}
|
||||
return 0
|
||||
}
|
||||
t.Updated = time.Now()
|
||||
if err = models.UpdateAccessToekn(t); err != nil {
|
||||
log.Error(4, "UpdateAccessToekn: %v", err)
|
||||
}
|
||||
return t.UID
|
||||
}
|
||||
|
||||
uid := sess.Get("uid")
|
||||
if uid == nil {
|
||||
return 0
|
||||
|
@ -72,16 +78,16 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
|
|||
|
||||
// SignedInUser returns the user object of signed user.
|
||||
// It returns a bool value to indicate whether user uses basic auth or not.
|
||||
func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
|
||||
func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
|
||||
if !models.HasEngine {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
uid := SignedInId(req, sess)
|
||||
uid := SignedInID(ctx, sess)
|
||||
|
||||
if uid <= 0 {
|
||||
if setting.Service.EnableReverseProxyAuth {
|
||||
webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser)
|
||||
webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
|
||||
if len(webAuthUser) > 0 {
|
||||
u, err := models.GetUserByName(webAuthUser)
|
||||
if err != nil {
|
||||
|
@ -112,7 +118,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
|
|||
}
|
||||
|
||||
// Check with basic auth.
|
||||
baHead := req.Header.Get("Authorization")
|
||||
baHead := ctx.Req.Header.Get("Authorization")
|
||||
if len(baHead) > 0 {
|
||||
auths := strings.Fields(baHead)
|
||||
if len(auths) == 2 && auths[0] == "Basic" {
|
||||
|
|
|
@ -211,7 +211,7 @@ func Contexter() macaron.Handler {
|
|||
}
|
||||
|
||||
// Get user from session if logined.
|
||||
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session)
|
||||
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
|
||||
|
||||
if ctx.User != nil {
|
||||
ctx.IsSigned = true
|
||||
|
|
|
@ -115,7 +115,7 @@ func Http(ctx *middleware.Context) {
|
|||
// Assume username now is a token.
|
||||
token, err := models.GetAccessTokenBySHA(authUsername)
|
||||
if err != nil {
|
||||
if err == models.ErrAccessTokenNotExist {
|
||||
if models.IsErrAccessTokenNotExist(err) {
|
||||
ctx.HandleText(401, "invalid token")
|
||||
} else {
|
||||
ctx.Handle(500, "GetAccessTokenBySha", err)
|
||||
|
|
|
@ -1 +1 @@
|
|||
0.6.7.0901 Beta
|
||||
0.6.7.0902 Beta
|
Loading…
Reference in a new issue