Refactor merge conan and container auth preserve actions taskID (#36560)
* Remove duplicated code * Allow further ActionsUser package permission checks --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@@ -117,7 +117,7 @@ func CommonRoutes() *web.Router {
|
||||
&auth.OAuth2{},
|
||||
&auth.Basic{},
|
||||
&nuget.Auth{},
|
||||
&conan.Auth{},
|
||||
&Auth{},
|
||||
&chef.Auth{},
|
||||
})
|
||||
|
||||
@@ -537,7 +537,8 @@ func ContainerRoutes() *web.Router {
|
||||
|
||||
verifyAuth(r, []auth.Method{
|
||||
&auth.Basic{},
|
||||
&container.Auth{},
|
||||
// container auth requires an token, so container.Authenticate issues a Ghost user token for anonymous access
|
||||
&Auth{AllowGhostUser: true},
|
||||
})
|
||||
|
||||
// TODO: Content Discovery / References (not implemented yet)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// Copyright 2026 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package conan
|
||||
package packages
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
@@ -14,10 +14,13 @@ import (
|
||||
|
||||
var _ auth.Method = &Auth{}
|
||||
|
||||
type Auth struct{}
|
||||
// Auth is for conan and container
|
||||
type Auth struct {
|
||||
AllowGhostUser bool
|
||||
}
|
||||
|
||||
func (a *Auth) Name() string {
|
||||
return "conan"
|
||||
return "packages"
|
||||
}
|
||||
|
||||
// Verify extracts the user from the Bearer token
|
||||
@@ -32,10 +35,22 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
u, err := user_model.GetUserByID(req.Context(), packageMeta.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
var u *user_model.User
|
||||
switch packageMeta.UserID {
|
||||
case user_model.GhostUserID:
|
||||
if !a.AllowGhostUser {
|
||||
return nil, nil
|
||||
}
|
||||
u = user_model.NewGhostUser()
|
||||
case user_model.ActionsUserID:
|
||||
u = user_model.NewActionsUserWithTaskID(packageMeta.ActionsUserTaskID)
|
||||
default:
|
||||
u, err = user_model.GetUserByID(req.Context(), packageMeta.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
if packageMeta.Scope != "" {
|
||||
store.GetData()["IsApiToken"] = true
|
||||
store.GetData()["ApiTokenScope"] = packageMeta.Scope
|
||||
@@ -1,47 +0,0 @@
|
||||
// Copyright 2022 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package container
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/services/auth"
|
||||
"code.gitea.io/gitea/services/packages"
|
||||
)
|
||||
|
||||
var _ auth.Method = &Auth{}
|
||||
|
||||
type Auth struct{}
|
||||
|
||||
func (a *Auth) Name() string {
|
||||
return "container"
|
||||
}
|
||||
|
||||
// Verify extracts the user from the Bearer token
|
||||
// If it's an anonymous session, a ghost user is returned
|
||||
func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
|
||||
packageMeta, err := packages.ParseAuthorizationRequest(req)
|
||||
if err != nil {
|
||||
log.Trace("ParseAuthorizationToken: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if packageMeta == nil || packageMeta.UserID == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
u, err := user_model.GetPossibleUserByID(req.Context(), packageMeta.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if packageMeta.Scope != "" {
|
||||
store.GetData()["IsApiToken"] = true
|
||||
store.GetData()["ApiTokenScope"] = packageMeta.Scope
|
||||
}
|
||||
|
||||
return u, nil
|
||||
}
|
||||
Reference in New Issue
Block a user