add personal access token panel #12

modules/auth/auth.go

@@ -20,7 +20,7 @@ import (
 )
 
 // SignedInId returns the id of signed in user.
-func SignedInId(header http.Header, sess session.Store) int64 {
+func SignedInId(req *http.Request, sess session.Store) int64 {
 	if !models.HasEngine {
 		return 0
 	}
@@ -38,20 +38,38 @@ func SignedInId(header http.Header, sess session.Store) int64 {
 		}
 		return id
 	}
+
+	// API calls also need to check access token.
+	if strings.HasPrefix(req.URL.Path, "/api/") {
+		auHead := req.Header.Get("Authorization")
+		if len(auHead) > 0 {
+			auths := strings.Fields(auHead)
+			if len(auths) == 2 && auths[0] == "token" {
+				t, err := models.GetAccessTokenBySha(auths[1])
+				if err != nil {
+					if err != models.ErrAccessTokenNotExist {
+						log.Error(4, "GetAccessTokenBySha: %v", err)
+					}
+					return 0
+				}
+				return t.Uid
+			}
+		}
+	}
 	return 0
 }
 
 // SignedInUser returns the user object of signed user.
-func SignedInUser(header http.Header, sess session.Store) *models.User {
+func SignedInUser(req *http.Request, sess session.Store) *models.User {
 	if !models.HasEngine {
 		return nil
 	}
 
-	uid := SignedInId(header, sess)
+	uid := SignedInId(req, sess)
 
 	if uid <= 0 {
 		if setting.Service.EnableReverseProxyAuth {
-			webAuthUser := header.Get(setting.ReverseProxyAuthUser)
+			webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser)
 			if len(webAuthUser) > 0 {
 				u, err := models.GetUserByName(webAuthUser)
 				if err != nil {
@@ -65,7 +83,7 @@ func SignedInUser(header http.Header, sess session.Store) *models.User {
 		}
 
 		// Check with basic auth.
-		baHead := header.Get("Authorization")
+		baHead := req.Header.Get("Authorization")
 		if len(baHead) > 0 {
 			auths := strings.Fields(baHead)
 			if len(auths) == 2 && auths[0] == "Basic" {

modules/auth/publickey_form.go

@@ -1,19 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package auth
-
-import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
-)
-
-type AddSSHKeyForm struct {
-	SSHTitle string `form:"title" binding:"Required"`
-	Content  string `form:"content" binding:"Required"`
-}
-
-func (f *AddSSHKeyForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
-	return validate(errs, ctx.Data, f, ctx.Locale)
-}

modules/auth/user_form.go

@@ -95,3 +95,20 @@ type ChangePasswordForm struct {
 func (f *ChangePasswordForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }
+
+type AddSSHKeyForm struct {
+	SSHTitle string `form:"title" binding:"Required"`
+	Content  string `form:"content" binding:"Required"`
+}
+
+func (f *AddSSHKeyForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
+	return validate(errs, ctx.Data, f, ctx.Locale)
+}
+
+type NewAccessTokenForm struct {
+	Name string `form:"name" binding:"Required"`
+}
+
+func (f *NewAccessTokenForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
+	return validate(errs, ctx.Data, f, ctx.Locale)
+}

modules/base/tool.go

@@ -33,6 +33,13 @@ func EncodeMd5(str string) string {
 	return hex.EncodeToString(m.Sum(nil))
 }
 
+// Encode string to sha1 hex value.
+func EncodeSha1(str string) string {
+	h := sha1.New()
+	h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
 func BasicAuthDecode(encoded string) (user string, name string, err error) {
 	var s []byte
 	s, err = base64.StdEncoding.DecodeString(encoded)

modules/middleware/context.go

@@ -172,7 +172,7 @@ func Contexter() macaron.Handler {
 		ctx.Data["PageStartTime"] = time.Now()
 
 		// Get user from session if logined.
-		ctx.User = auth.SignedInUser(ctx.Req.Header, ctx.Session)
+		ctx.User = auth.SignedInUser(ctx.Req.Request, ctx.Session)
 
 		if ctx.User != nil {
 			ctx.IsSigned = true