Refactor Nuget Auth to reuse Basic Auth Token Validation (#36558)

* Implicitly handle Actions Task Token for Nuget Api Keys
* Support same tokens as Basic Auth in Nuget Api Key Header

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
ChristopherHX
2026-02-08 15:43:05 +01:00
committed by GitHub
parent daf0483ef2
commit f65df2a69b
2 changed files with 31 additions and 35 deletions
+5 -27
View File
@@ -6,43 +6,21 @@ package nuget
import (
"net/http"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/services/auth"
)
var _ auth.Method = &Auth{}
type Auth struct{}
type Auth struct {
basicAuth auth.Basic
}
func (a *Auth) Name() string {
return "nuget"
}
// https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters
func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
token, err := auth_model.GetAccessTokenBySHA(req.Context(), req.Header.Get("X-NuGet-ApiKey"))
if err != nil {
if !(auth_model.IsErrAccessTokenNotExist(err) || auth_model.IsErrAccessTokenEmpty(err)) {
return nil, err
}
return nil, nil
}
u, err := user_model.GetUserByID(req.Context(), token.UID)
if err != nil {
return nil, err
}
token.UpdatedUnix = timeutil.TimeStampNow()
if err := auth_model.UpdateAccessToken(req.Context(), token); err != nil {
log.Error("UpdateAccessToken: %v", err)
}
store.GetData()["IsApiToken"] = true
store.GetData()["ApiToken"] = token
return u, nil
// ref: https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters
return a.basicAuth.VerifyAuthToken(req, w, store, sess, req.Header.Get("X-NuGet-ApiKey"))
}