finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implement http signatures support for the API (#17565)

Browse source 
Fixes #12338

This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens.
It will just automatically work when users have added their ssh principal in gitea.

This needs client code in tea
Update: also support normal pubkeys

ref: https://tools.ietf.org/html/draft-cavage-http-signatures

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
Wim 2022-06-05 09:16:14 +02:00 committed by GitHub
parent 48be5e77e5
commit e528e2b435
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 365 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/ssh/ssh.go
View file

@ -188,8 +188,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
c := &gossh.CertChecker{
IsUserAuthority: func(auth gossh.PublicKey) bool {
marshaled := auth.Marshal()
for _, k := range setting.SSH.TrustedUserCAKeysParsed {
if bytes.Equal(auth.Marshal(), k.Marshal()) {
if bytes.Equal(marshaled, k.Marshal()) {
return true
}
}