diff --git a/models/webhook/webhook.go b/models/webhook/webhook.go index 4ab806573..f3370f3db 100644 --- a/models/webhook/webhook.go +++ b/models/webhook/webhook.go @@ -361,6 +361,15 @@ func (w Webhook) HeaderAuthorization() (string, error) { return secret.DecryptSecret(setting.SecretKey, w.HeaderAuthorizationEncrypted) } +// HeaderAuthorizationTrimPrefix returns the decrypted Authorization with a specified prefix trimmed. +func (w Webhook) HeaderAuthorizationTrimPrefix(prefix string) (string, error) { + s, err := w.HeaderAuthorization() + if err != nil { + return "", err + } + return strings.TrimPrefix(s, prefix), nil +} + // SetHeaderAuthorization encrypts and sets the Authorization header. func (w *Webhook) SetHeaderAuthorization(cleartext string) error { if cleartext == "" { diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index b46fd9eb3..c1bca91e5 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -561,6 +561,7 @@ TeamName = Team name AuthName = Authorization name AdminEmail = Admin email To = Branch name +AccessToken = Access token NewBranchName = New branch name CommitSummary = Commit summary @@ -2401,6 +2402,7 @@ settings.sourcehut_builds.manifest_path = Build manifest path settings.sourcehut_builds.visibility = Job visibility settings.sourcehut_builds.secrets = Secrets settings.sourcehut_builds.secrets_helper = Give the job access to the build secrets (requires the SECRETS:RO grant) +settings.sourcehut_builds.access_token_helper = Access token that has JOBS:RW grant. Generate a builds.sr.ht token or a builds.sr.ht token with secrets access on meta.sr.ht. settings.deploy_keys = Deploy keys settings.add_deploy_key = Add deploy key settings.deploy_key_desc = Deploy keys have read-only pull access to the repository. diff --git a/services/webhook/sourcehut/builds.go b/services/webhook/sourcehut/builds.go index 1561b9e6e..e7501110a 100644 --- a/services/webhook/sourcehut/builds.go +++ b/services/webhook/sourcehut/builds.go @@ -49,6 +49,7 @@ type buildsForm struct { ManifestPath string `binding:"Required"` Visibility string `binding:"Required;In(PUBLIC,UNLISTED,PRIVATE)"` Secrets bool + AccessToken string `binding:"Required"` } var _ binding.Validator = &buildsForm{} @@ -63,13 +64,7 @@ func (f *buildsForm) Validate(req *http.Request, errs binding.Errors) binding.Er Message: ctx.Locale.TrString("repo.settings.add_webhook.invalid_path"), }) } - if !strings.HasPrefix(f.AuthorizationHeader, "Bearer ") { - errs = append(errs, binding.Error{ - FieldNames: []string{"AuthorizationHeader"}, - Classification: "", - Message: ctx.Locale.TrString("form.required_prefix", "Bearer "), - }) - } + f.AuthorizationHeader = "Bearer " + strings.TrimSpace(f.AccessToken) return errs } diff --git a/templates/webhook/new/sourcehut_builds.tmpl b/templates/webhook/new/sourcehut_builds.tmpl index e18b828f8..3bcbe1bf6 100644 --- a/templates/webhook/new/sourcehut_builds.tmpl +++ b/templates/webhook/new/sourcehut_builds.tmpl @@ -29,5 +29,11 @@ {{ctx.Locale.Tr "repo.settings.sourcehut_builds.secrets_helper"}} + +
Bearer token123456
, Basic YWxhZGRpbjpvcGVuc2VzYW1l
" | SafeHTML)}}
- {{end}}
-Bearer token123456
, Basic YWxhZGRpbjpvcGVuc2VzYW1l
" | SafeHTML)}}
+ {{end}}
+