Fix http protocol auth (#27875)
This commit is contained in:
parent
4776fde9e1
commit
0ba4ecc3bd
43
routers/web/githttp.go
Normal file
43
routers/web/githttp.go
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package web
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/context"
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/web"
|
||||||
|
"code.gitea.io/gitea/routers/web/repo"
|
||||||
|
context_service "code.gitea.io/gitea/services/context"
|
||||||
|
)
|
||||||
|
|
||||||
|
func requireSignIn(ctx *context.Context) {
|
||||||
|
if !setting.Service.RequireSignInView {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// rely on the results of Contexter
|
||||||
|
if !ctx.IsSigned {
|
||||||
|
// TODO: support digit auth - which would be Authorization header with digit
|
||||||
|
ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea"`)
|
||||||
|
ctx.Error(http.StatusUnauthorized)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func gitHTTPRouters(m *web.Route) {
|
||||||
|
m.Group("", func() {
|
||||||
|
m.PostOptions("/git-upload-pack", repo.ServiceUploadPack)
|
||||||
|
m.PostOptions("/git-receive-pack", repo.ServiceReceivePack)
|
||||||
|
m.GetOptions("/info/refs", repo.GetInfoRefs)
|
||||||
|
m.GetOptions("/HEAD", repo.GetTextFile("HEAD"))
|
||||||
|
m.GetOptions("/objects/info/alternates", repo.GetTextFile("objects/info/alternates"))
|
||||||
|
m.GetOptions("/objects/info/http-alternates", repo.GetTextFile("objects/info/http-alternates"))
|
||||||
|
m.GetOptions("/objects/info/packs", repo.GetInfoPacks)
|
||||||
|
m.GetOptions("/objects/info/{file:[^/]*}", repo.GetTextFile(""))
|
||||||
|
m.GetOptions("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject)
|
||||||
|
m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile)
|
||||||
|
m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile)
|
||||||
|
}, ignSignInAndCsrf, requireSignIn, repo.HTTPGitEnabledHandler, repo.CorsHandler(), context_service.UserAssignmentWeb())
|
||||||
|
}
|
|
@ -276,6 +276,8 @@ func Routes() *web.Route {
|
||||||
return routes
|
return routes
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var ignSignInAndCsrf = verifyAuthWithOptions(&common.VerifyOptions{DisableCSRF: true})
|
||||||
|
|
||||||
// registerRoutes register routes
|
// registerRoutes register routes
|
||||||
func registerRoutes(m *web.Route) {
|
func registerRoutes(m *web.Route) {
|
||||||
reqSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: true})
|
reqSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: true})
|
||||||
|
@ -283,7 +285,7 @@ func registerRoutes(m *web.Route) {
|
||||||
// TODO: rename them to "optSignIn", which means that the "sign-in" could be optional, depends on the VerifyOptions (RequireSignInView)
|
// TODO: rename them to "optSignIn", which means that the "sign-in" could be optional, depends on the VerifyOptions (RequireSignInView)
|
||||||
ignSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView})
|
ignSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView})
|
||||||
ignExploreSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView})
|
ignExploreSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView})
|
||||||
ignSignInAndCsrf := verifyAuthWithOptions(&common.VerifyOptions{DisableCSRF: true})
|
|
||||||
validation.AddBindingRules()
|
validation.AddBindingRules()
|
||||||
|
|
||||||
linkAccountEnabled := func(ctx *context.Context) {
|
linkAccountEnabled := func(ctx *context.Context) {
|
||||||
|
@ -1512,19 +1514,7 @@ func registerRoutes(m *web.Route) {
|
||||||
})
|
})
|
||||||
}, ignSignInAndCsrf, lfsServerEnabled)
|
}, ignSignInAndCsrf, lfsServerEnabled)
|
||||||
|
|
||||||
m.Group("", func() {
|
gitHTTPRouters(m)
|
||||||
m.PostOptions("/git-upload-pack", repo.ServiceUploadPack)
|
|
||||||
m.PostOptions("/git-receive-pack", repo.ServiceReceivePack)
|
|
||||||
m.GetOptions("/info/refs", repo.GetInfoRefs)
|
|
||||||
m.GetOptions("/HEAD", repo.GetTextFile("HEAD"))
|
|
||||||
m.GetOptions("/objects/info/alternates", repo.GetTextFile("objects/info/alternates"))
|
|
||||||
m.GetOptions("/objects/info/http-alternates", repo.GetTextFile("objects/info/http-alternates"))
|
|
||||||
m.GetOptions("/objects/info/packs", repo.GetInfoPacks)
|
|
||||||
m.GetOptions("/objects/info/{file:[^/]*}", repo.GetTextFile(""))
|
|
||||||
m.GetOptions("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject)
|
|
||||||
m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile)
|
|
||||||
m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile)
|
|
||||||
}, ignSignInAndCsrf, repo.HTTPGitEnabledHandler, repo.CorsHandler(), context_service.UserAssignmentWeb())
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
// ***** END: Repository *****
|
// ***** END: Repository *****
|
||||||
|
|
Loading…
Reference in a new issue