Implement http signatures support for the API (#17565)

Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-07-22 18:28:37 +00:00 · 2022-06-05 09:16:14 +02:00
parent 48be5e77e5
commit e528e2b435
11 changed files with 365 additions and 1 deletions
--- a/integrations/sqlite.ini.tmpl
+++ b/integrations/sqlite.ini.tmpl
@@ -46,6 +46,7 @@ LFS_JWT_SECRET   = Tv_MjmZuHqpIY6GFl12ebgkRAMt4RlWt0v4EHKSXO0w
 APP_DATA_PATH    = integrations/gitea-integration-sqlite/data
 ENABLE_GZIP      = true
 BUILTIN_SSH_SERVER_USER = git
+SSH_TRUSTED_USER_CA_KEYS = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCb4DC1dMFnJ6pXWo7GMxTchtzmJHYzfN6sZ9FAPFR4ijMLfGki+olvOMO5Fql1/yGnGfbELQa1S6y4shSvj/5K+zUFScmEXYf3Gcr87RqilLkyk16RS+cHNB1u87xTHbETaa3nyCJeGQRpd4IQ4NKob745mwDZ7jQBH8AZEng50Oh8y8fi8skBBBzaYp1ilgvzG740L7uex6fHV62myq0SXeCa+oJUjq326FU8y+Vsa32H8A3e7tOgXZPdt2TVNltx2S9H2WO8RMi7LfaSwARNfy1zu+bfR50r6ef8Yx5YKCMz4wWb1SHU1GS800mjOjlInLQORYRNMlSwR1+vLlVDciOqFapDSbj+YOVOawR0R1aqlSKpZkt33DuOBPx9qe6CVnIi7Z+Px/KqM+OLCzlLY/RS+LbxQpDWcfTVRiP+S5qRTcE3M3UioN/e0BE/1+MpX90IGpvVkA63ILYbKEa4bM3ASL7ChTCr6xN5XT+GpVJveFKK1cfNx9ExHI4rzYE=

 [attachment]
 PATH = integrations/gitea-integration-sqlite/data/attachments