#842 able to use access token replace basic auth
This commit is contained in:
parent
ebf1bd4f51
commit
2ac8e11f46
7 changed files with 53 additions and 32 deletions
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
const APP_VER = "0.6.7.0901 Beta"
|
const APP_VER = "0.6.7.0902 Beta"
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||||
|
|
|
@ -183,6 +183,26 @@ func (err ErrDeployKeyNameAlreadyUsed) Error() string {
|
||||||
return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
|
return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// _____ ___________ __
|
||||||
|
// / _ \ ____ ____ ____ ______ _____\__ ___/___ | | __ ____ ____
|
||||||
|
// / /_\ \_/ ___\/ ___\/ __ \ / ___// ___/ | | / _ \| |/ // __ \ / \
|
||||||
|
// / | \ \__\ \__\ ___/ \___ \ \___ \ | |( <_> ) <\ ___/| | \
|
||||||
|
// \____|__ /\___ >___ >___ >____ >____ > |____| \____/|__|_ \\___ >___| /
|
||||||
|
// \/ \/ \/ \/ \/ \/ \/ \/ \/
|
||||||
|
|
||||||
|
type ErrAccessTokenNotExist struct {
|
||||||
|
SHA string
|
||||||
|
}
|
||||||
|
|
||||||
|
func IsErrAccessTokenNotExist(err error) bool {
|
||||||
|
_, ok := err.(ErrAccessTokenNotExist)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err ErrAccessTokenNotExist) Error() string {
|
||||||
|
return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
|
||||||
|
}
|
||||||
|
|
||||||
// ________ .__ __ .__
|
// ________ .__ __ .__
|
||||||
// \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____
|
// \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____
|
||||||
// / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \
|
// / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \
|
||||||
|
|
|
@ -5,17 +5,12 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gogits/gogs/modules/base"
|
"github.com/gogits/gogs/modules/base"
|
||||||
"github.com/gogits/gogs/modules/uuid"
|
"github.com/gogits/gogs/modules/uuid"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
ErrAccessTokenNotExist = errors.New("Access token does not exist")
|
|
||||||
)
|
|
||||||
|
|
||||||
// AccessToken represents a personal access token.
|
// AccessToken represents a personal access token.
|
||||||
type AccessToken struct {
|
type AccessToken struct {
|
||||||
ID int64 `xorm:"pk autoincr"`
|
ID int64 `xorm:"pk autoincr"`
|
||||||
|
@ -42,7 +37,7 @@ func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
} else if !has {
|
} else if !has {
|
||||||
return nil, ErrAccessTokenNotExist
|
return nil, ErrAccessTokenNotExist{sha}
|
||||||
}
|
}
|
||||||
return t, nil
|
return t, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,6 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
@ -26,34 +25,41 @@ func IsAPIPath(url string) bool {
|
||||||
return strings.HasPrefix(url, "/api/")
|
return strings.HasPrefix(url, "/api/")
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignedInId returns the id of signed in user.
|
// SignedInID returns the id of signed in user.
|
||||||
func SignedInId(req *http.Request, sess session.Store) int64 {
|
func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
|
||||||
if !models.HasEngine {
|
if !models.HasEngine {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
// API calls need to check access token.
|
// Check access token.
|
||||||
if IsAPIPath(req.URL.Path) {
|
tokenSHA := ctx.Query("token")
|
||||||
auHead := req.Header.Get("Authorization")
|
if len(tokenSHA) == 0 {
|
||||||
|
// Well, check with header again.
|
||||||
|
auHead := ctx.Req.Header.Get("Authorization")
|
||||||
if len(auHead) > 0 {
|
if len(auHead) > 0 {
|
||||||
auths := strings.Fields(auHead)
|
auths := strings.Fields(auHead)
|
||||||
if len(auths) == 2 && auths[0] == "token" {
|
if len(auths) == 2 && auths[0] == "token" {
|
||||||
t, err := models.GetAccessTokenBySHA(auths[1])
|
tokenSHA = auths[1]
|
||||||
if err != nil {
|
|
||||||
if err != models.ErrAccessTokenNotExist {
|
|
||||||
log.Error(4, "GetAccessTokenBySHA: %v", err)
|
|
||||||
}
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
t.Updated = time.Now()
|
|
||||||
if err = models.UpdateAccessToekn(t); err != nil {
|
|
||||||
log.Error(4, "UpdateAccessToekn: %v", err)
|
|
||||||
}
|
|
||||||
return t.UID
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Let's see if token is valid.
|
||||||
|
if len(tokenSHA) > 0 {
|
||||||
|
t, err := models.GetAccessTokenBySHA(tokenSHA)
|
||||||
|
if err != nil {
|
||||||
|
if models.IsErrAccessTokenNotExist(err) {
|
||||||
|
log.Error(4, "GetAccessTokenBySHA: %v", err)
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
t.Updated = time.Now()
|
||||||
|
if err = models.UpdateAccessToekn(t); err != nil {
|
||||||
|
log.Error(4, "UpdateAccessToekn: %v", err)
|
||||||
|
}
|
||||||
|
return t.UID
|
||||||
|
}
|
||||||
|
|
||||||
uid := sess.Get("uid")
|
uid := sess.Get("uid")
|
||||||
if uid == nil {
|
if uid == nil {
|
||||||
return 0
|
return 0
|
||||||
|
@ -72,16 +78,16 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
|
||||||
|
|
||||||
// SignedInUser returns the user object of signed user.
|
// SignedInUser returns the user object of signed user.
|
||||||
// It returns a bool value to indicate whether user uses basic auth or not.
|
// It returns a bool value to indicate whether user uses basic auth or not.
|
||||||
func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
|
func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
|
||||||
if !models.HasEngine {
|
if !models.HasEngine {
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
uid := SignedInId(req, sess)
|
uid := SignedInID(ctx, sess)
|
||||||
|
|
||||||
if uid <= 0 {
|
if uid <= 0 {
|
||||||
if setting.Service.EnableReverseProxyAuth {
|
if setting.Service.EnableReverseProxyAuth {
|
||||||
webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser)
|
webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
|
||||||
if len(webAuthUser) > 0 {
|
if len(webAuthUser) > 0 {
|
||||||
u, err := models.GetUserByName(webAuthUser)
|
u, err := models.GetUserByName(webAuthUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -112,7 +118,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check with basic auth.
|
// Check with basic auth.
|
||||||
baHead := req.Header.Get("Authorization")
|
baHead := ctx.Req.Header.Get("Authorization")
|
||||||
if len(baHead) > 0 {
|
if len(baHead) > 0 {
|
||||||
auths := strings.Fields(baHead)
|
auths := strings.Fields(baHead)
|
||||||
if len(auths) == 2 && auths[0] == "Basic" {
|
if len(auths) == 2 && auths[0] == "Basic" {
|
||||||
|
|
|
@ -211,7 +211,7 @@ func Contexter() macaron.Handler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get user from session if logined.
|
// Get user from session if logined.
|
||||||
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session)
|
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
|
||||||
|
|
||||||
if ctx.User != nil {
|
if ctx.User != nil {
|
||||||
ctx.IsSigned = true
|
ctx.IsSigned = true
|
||||||
|
|
|
@ -115,7 +115,7 @@ func Http(ctx *middleware.Context) {
|
||||||
// Assume username now is a token.
|
// Assume username now is a token.
|
||||||
token, err := models.GetAccessTokenBySHA(authUsername)
|
token, err := models.GetAccessTokenBySHA(authUsername)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if err == models.ErrAccessTokenNotExist {
|
if models.IsErrAccessTokenNotExist(err) {
|
||||||
ctx.HandleText(401, "invalid token")
|
ctx.HandleText(401, "invalid token")
|
||||||
} else {
|
} else {
|
||||||
ctx.Handle(500, "GetAccessTokenBySha", err)
|
ctx.Handle(500, "GetAccessTokenBySha", err)
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
0.6.7.0901 Beta
|
0.6.7.0902 Beta
|
Loading…
Reference in a new issue