#842 able to use access token replace basic auth

This commit is contained in:
Unknwon 2015-09-02 02:40:15 -04:00
parent ebf1bd4f51
commit 2ac8e11f46
7 changed files with 53 additions and 32 deletions

View file

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.6.7.0901 Beta" const APP_VER = "0.6.7.0902 Beta"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

View file

@ -183,6 +183,26 @@ func (err ErrDeployKeyNameAlreadyUsed) Error() string {
return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name) return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
} }
// _____ ___________ __
// / _ \ ____ ____ ____ ______ _____\__ ___/___ | | __ ____ ____
// / /_\ \_/ ___\/ ___\/ __ \ / ___// ___/ | | / _ \| |/ // __ \ / \
// / | \ \__\ \__\ ___/ \___ \ \___ \ | |( <_> ) <\ ___/| | \
// \____|__ /\___ >___ >___ >____ >____ > |____| \____/|__|_ \\___ >___| /
// \/ \/ \/ \/ \/ \/ \/ \/ \/
type ErrAccessTokenNotExist struct {
SHA string
}
func IsErrAccessTokenNotExist(err error) bool {
_, ok := err.(ErrAccessTokenNotExist)
return ok
}
func (err ErrAccessTokenNotExist) Error() string {
return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
}
// ________ .__ __ .__ // ________ .__ __ .__
// \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____ // \_____ \_______ _________ ____ |__|____________ _/ |_|__| ____ ____
// / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \ // / | \_ __ \/ ___\__ \ / \| \___ /\__ \\ __\ |/ _ \ / \

View file

@ -5,17 +5,12 @@
package models package models
import ( import (
"errors"
"time" "time"
"github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/base"
"github.com/gogits/gogs/modules/uuid" "github.com/gogits/gogs/modules/uuid"
) )
var (
ErrAccessTokenNotExist = errors.New("Access token does not exist")
)
// AccessToken represents a personal access token. // AccessToken represents a personal access token.
type AccessToken struct { type AccessToken struct {
ID int64 `xorm:"pk autoincr"` ID int64 `xorm:"pk autoincr"`
@ -42,7 +37,7 @@ func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} else if !has { } else if !has {
return nil, ErrAccessTokenNotExist return nil, ErrAccessTokenNotExist{sha}
} }
return t, nil return t, nil
} }

View file

@ -5,7 +5,6 @@
package auth package auth
import ( import (
"net/http"
"reflect" "reflect"
"strings" "strings"
"time" "time"
@ -26,34 +25,41 @@ func IsAPIPath(url string) bool {
return strings.HasPrefix(url, "/api/") return strings.HasPrefix(url, "/api/")
} }
// SignedInId returns the id of signed in user. // SignedInID returns the id of signed in user.
func SignedInId(req *http.Request, sess session.Store) int64 { func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
if !models.HasEngine { if !models.HasEngine {
return 0 return 0
} }
// API calls need to check access token. // Check access token.
if IsAPIPath(req.URL.Path) { tokenSHA := ctx.Query("token")
auHead := req.Header.Get("Authorization") if len(tokenSHA) == 0 {
// Well, check with header again.
auHead := ctx.Req.Header.Get("Authorization")
if len(auHead) > 0 { if len(auHead) > 0 {
auths := strings.Fields(auHead) auths := strings.Fields(auHead)
if len(auths) == 2 && auths[0] == "token" { if len(auths) == 2 && auths[0] == "token" {
t, err := models.GetAccessTokenBySHA(auths[1]) tokenSHA = auths[1]
if err != nil {
if err != models.ErrAccessTokenNotExist {
log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
}
t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
} }
} }
} }
// Let's see if token is valid.
if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil {
if models.IsErrAccessTokenNotExist(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
}
t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
}
uid := sess.Get("uid") uid := sess.Get("uid")
if uid == nil { if uid == nil {
return 0 return 0
@ -72,16 +78,16 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
// SignedInUser returns the user object of signed user. // SignedInUser returns the user object of signed user.
// It returns a bool value to indicate whether user uses basic auth or not. // It returns a bool value to indicate whether user uses basic auth or not.
func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) { func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
if !models.HasEngine { if !models.HasEngine {
return nil, false return nil, false
} }
uid := SignedInId(req, sess) uid := SignedInID(ctx, sess)
if uid <= 0 { if uid <= 0 {
if setting.Service.EnableReverseProxyAuth { if setting.Service.EnableReverseProxyAuth {
webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser) webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
if len(webAuthUser) > 0 { if len(webAuthUser) > 0 {
u, err := models.GetUserByName(webAuthUser) u, err := models.GetUserByName(webAuthUser)
if err != nil { if err != nil {
@ -112,7 +118,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
} }
// Check with basic auth. // Check with basic auth.
baHead := req.Header.Get("Authorization") baHead := ctx.Req.Header.Get("Authorization")
if len(baHead) > 0 { if len(baHead) > 0 {
auths := strings.Fields(baHead) auths := strings.Fields(baHead)
if len(auths) == 2 && auths[0] == "Basic" { if len(auths) == 2 && auths[0] == "Basic" {

View file

@ -211,7 +211,7 @@ func Contexter() macaron.Handler {
} }
// Get user from session if logined. // Get user from session if logined.
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session) ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
if ctx.User != nil { if ctx.User != nil {
ctx.IsSigned = true ctx.IsSigned = true

View file

@ -115,7 +115,7 @@ func Http(ctx *middleware.Context) {
// Assume username now is a token. // Assume username now is a token.
token, err := models.GetAccessTokenBySHA(authUsername) token, err := models.GetAccessTokenBySHA(authUsername)
if err != nil { if err != nil {
if err == models.ErrAccessTokenNotExist { if models.IsErrAccessTokenNotExist(err) {
ctx.HandleText(401, "invalid token") ctx.HandleText(401, "invalid token")
} else { } else {
ctx.Handle(500, "GetAccessTokenBySha", err) ctx.Handle(500, "GetAccessTokenBySha", err)

View file

@ -1 +1 @@
0.6.7.0901 Beta 0.6.7.0902 Beta