mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Fix nuget/conan/container packages upload bugs (#31967)
This commit is contained in:
Lunny Xiao
GitHub
@@ -25,7 +25,12 @@ var (
|
||||
)
|
||||
|
||||
// BasicMethodName is the constant name of the basic authentication method
|
||||
const BasicMethodName = "basic"
|
||||
const (
|
||||
BasicMethodName = "basic"
|
||||
AccessTokenMethodName = "access_token"
|
||||
OAuth2TokenMethodName = "oauth2_token"
|
||||
ActionTokenMethodName = "action_token"
|
||||
)
|
||||
|
||||
// Basic implements the Auth interface and authenticates requests (API requests
|
||||
// only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
|
||||
@@ -82,6 +87,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
return nil, err
|
||||
}
|
||||
|
||||
store.GetData()["LoginMethod"] = OAuth2TokenMethodName
|
||||
store.GetData()["IsApiToken"] = true
|
||||
return u, nil
|
||||
}
|
||||
@@ -101,6 +107,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
log.Error("UpdateAccessToken: %v", err)
|
||||
}
|
||||
|
||||
store.GetData()["LoginMethod"] = AccessTokenMethodName
|
||||
store.GetData()["IsApiToken"] = true
|
||||
store.GetData()["ApiTokenScope"] = token.Scope
|
||||
return u, nil
|
||||
@@ -113,6 +120,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
if err == nil && task != nil {
|
||||
log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
|
||||
|
||||
store.GetData()["LoginMethod"] = ActionTokenMethodName
|
||||
store.GetData()["IsActionsToken"] = true
|
||||
store.GetData()["ActionsTaskID"] = task.ID
|
||||
|
||||
@@ -138,6 +146,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
}
|
||||
}
|
||||
|
||||
store.GetData()["LoginMethod"] = BasicMethodName
|
||||
log.Trace("Basic Authorization: Logged in user %-v", u)
|
||||
|
||||
return u, nil
|
||||
@@ -159,3 +168,19 @@ func validateTOTP(req *http.Request, u *user_model.User) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func GetAccessScope(store DataStore) auth_model.AccessTokenScope {
|
||||
if v, ok := store.GetData()["ApiTokenScope"]; ok {
|
||||
return v.(auth_model.AccessTokenScope)
|
||||
}
|
||||
switch store.GetData()["LoginMethod"] {
|
||||
case OAuth2TokenMethodName:
|
||||
fallthrough
|
||||
case BasicMethodName, AccessTokenMethodName:
|
||||
return auth_model.AccessTokenScopeAll
|
||||
case ActionTokenMethodName:
|
||||
fallthrough
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
auth_model "code.gitea.io/gitea/models/auth"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
@@ -18,10 +19,14 @@ import (
|
||||
|
||||
type packageClaims struct {
|
||||
jwt.RegisteredClaims
|
||||
PackageMeta
|
||||
}
|
||||
type PackageMeta struct {
|
||||
UserID int64
|
||||
Scope auth_model.AccessTokenScope
|
||||
}
|
||||
|
||||
func CreateAuthorizationToken(u *user_model.User) (string, error) {
|
||||
func CreateAuthorizationToken(u *user_model.User, packageScope auth_model.AccessTokenScope) (string, error) {
|
||||
now := time.Now()
|
||||
|
||||
claims := packageClaims{
|
||||
@@ -29,7 +34,10 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
|
||||
ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
|
||||
NotBefore: jwt.NewNumericDate(now),
|
||||
},
|
||||
UserID: u.ID,
|
||||
PackageMeta: PackageMeta{
|
||||
UserID: u.ID,
|
||||
Scope: packageScope,
|
||||
},
|
||||
}
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
|
||||
@@ -41,32 +49,36 @@ func CreateAuthorizationToken(u *user_model.User) (string, error) {
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
func ParseAuthorizationToken(req *http.Request) (int64, error) {
|
||||
func ParseAuthorizationRequest(req *http.Request) (*PackageMeta, error) {
|
||||
h := req.Header.Get("Authorization")
|
||||
if h == "" {
|
||||
return 0, nil
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
parts := strings.SplitN(h, " ", 2)
|
||||
if len(parts) != 2 {
|
||||
log.Error("split token failed: %s", h)
|
||||
return 0, fmt.Errorf("split token failed")
|
||||
return nil, fmt.Errorf("split token failed")
|
||||
}
|
||||
|
||||
token, err := jwt.ParseWithClaims(parts[1], &packageClaims{}, func(t *jwt.Token) (any, error) {
|
||||
return ParseAuthorizationToken(parts[1])
|
||||
}
|
||||
|
||||
func ParseAuthorizationToken(tokenStr string) (*PackageMeta, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenStr, &packageClaims{}, func(t *jwt.Token) (any, error) {
|
||||
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
|
||||
}
|
||||
return setting.GetGeneralTokenSigningSecret(), nil
|
||||
})
|
||||
if err != nil {
|
||||
return 0, err
|
||||
return nil, err
|
||||
}
|
||||
|
||||
c, ok := token.Claims.(*packageClaims)
|
||||
if !token.Valid || !ok {
|
||||
return 0, fmt.Errorf("invalid token claim")
|
||||
return nil, fmt.Errorf("invalid token claim")
|
||||
}
|
||||
|
||||
return c.UserID, nil
|
||||
return &c.PackageMeta, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user