Backport #27486 by @lunny Fix #27204 This PR allows `/<username>/<reponame>/attachments/<uuid>` access with personal access token and also changed attachments API download url to it so it can be download correctly. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
parent
478e7042f5
commit
9da92835d1
6 changed files with 21 additions and 21 deletions
|
@ -36,12 +36,16 @@ func isContainerPath(req *http.Request) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
gitRawReleasePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/))`)
|
gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`)
|
||||||
lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`)
|
lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`)
|
||||||
)
|
)
|
||||||
|
|
||||||
func isGitRawReleaseOrLFSPath(req *http.Request) bool {
|
func isGitRawOrAttachPath(req *http.Request) bool {
|
||||||
if gitRawReleasePathRe.MatchString(req.URL.Path) {
|
return gitRawOrAttachPathRe.MatchString(req.URL.Path)
|
||||||
|
}
|
||||||
|
|
||||||
|
func isGitRawOrAttachOrLFSPath(req *http.Request) bool {
|
||||||
|
if isGitRawOrAttachPath(req) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
if setting.LFS.StartServer {
|
if setting.LFS.StartServer {
|
||||||
|
|
|
@ -85,6 +85,10 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
|
||||||
"/owner/repo/releases/download/tag/repo.tar.gz",
|
"/owner/repo/releases/download/tag/repo.tar.gz",
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"/owner/repo/attachments/6d92a9ee-5d8b-4993-97c9-6181bdaa8955",
|
||||||
|
true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
lfsTests := []string{
|
lfsTests := []string{
|
||||||
"/owner/repo/info/lfs/",
|
"/owner/repo/info/lfs/",
|
||||||
|
@ -104,11 +108,11 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
|
||||||
t.Run(tt.path, func(t *testing.T) {
|
t.Run(tt.path, func(t *testing.T) {
|
||||||
req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
|
req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
|
||||||
setting.LFS.StartServer = false
|
setting.LFS.StartServer = false
|
||||||
if got := isGitRawReleaseOrLFSPath(req); got != tt.want {
|
if got := isGitRawOrAttachOrLFSPath(req); got != tt.want {
|
||||||
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
||||||
}
|
}
|
||||||
setting.LFS.StartServer = true
|
setting.LFS.StartServer = true
|
||||||
if got := isGitRawReleaseOrLFSPath(req); got != tt.want {
|
if got := isGitRawOrAttachOrLFSPath(req); got != tt.want {
|
||||||
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -117,11 +121,11 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
|
||||||
t.Run(tt, func(t *testing.T) {
|
t.Run(tt, func(t *testing.T) {
|
||||||
req, _ := http.NewRequest("POST", tt, nil)
|
req, _ := http.NewRequest("POST", tt, nil)
|
||||||
setting.LFS.StartServer = false
|
setting.LFS.StartServer = false
|
||||||
if got := isGitRawReleaseOrLFSPath(req); got != setting.LFS.StartServer {
|
if got := isGitRawOrAttachOrLFSPath(req); got != setting.LFS.StartServer {
|
||||||
t.Errorf("isGitOrLFSPath(%q) = %v, want %v, %v", tt, got, setting.LFS.StartServer, gitRawReleasePathRe.MatchString(tt))
|
t.Errorf("isGitOrLFSPath(%q) = %v, want %v, %v", tt, got, setting.LFS.StartServer, gitRawOrAttachPathRe.MatchString(tt))
|
||||||
}
|
}
|
||||||
setting.LFS.StartServer = true
|
setting.LFS.StartServer = true
|
||||||
if got := isGitRawReleaseOrLFSPath(req); got != setting.LFS.StartServer {
|
if got := isGitRawOrAttachOrLFSPath(req); got != setting.LFS.StartServer {
|
||||||
t.Errorf("isGitOrLFSPath(%q) = %v, want %v", tt, got, setting.LFS.StartServer)
|
t.Errorf("isGitOrLFSPath(%q) = %v, want %v", tt, got, setting.LFS.StartServer)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
@ -42,7 +42,7 @@ func (b *Basic) Name() string {
|
||||||
// Returns nil if header is empty or validation fails.
|
// Returns nil if header is empty or validation fails.
|
||||||
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
||||||
// Basic authentication should only fire on API, Download or on Git or LFSPaths
|
// Basic authentication should only fire on API, Download or on Git or LFSPaths
|
||||||
if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
|
if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -127,7 +127,7 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
|
||||||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
||||||
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
|
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
|
||||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
|
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
|
||||||
!gitRawReleasePathRe.MatchString(req.URL.Path) {
|
!isGitRawOrAttachPath(req) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -117,7 +117,7 @@ func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store Da
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure requests to API paths, attachment downloads, git and LFS do not create a new session
|
// Make sure requests to API paths, attachment downloads, git and LFS do not create a new session
|
||||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
|
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
|
||||||
if sess != nil && (sess.Get("uid") == nil || sess.Get("uid").(int64) != user.ID) {
|
if sess != nil && (sess.Get("uid") == nil || sess.Get("uid").(int64) != user.ID) {
|
||||||
handleSignIn(w, req, sess, user)
|
handleSignIn(w, req, sess, user)
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,10 +4,7 @@
|
||||||
package convert
|
package convert
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"strconv"
|
|
||||||
|
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
|
||||||
api "code.gitea.io/gitea/modules/structs"
|
api "code.gitea.io/gitea/modules/structs"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,12 +13,7 @@ func WebAssetDownloadURL(repo *repo_model.Repository, attach *repo_model.Attachm
|
||||||
}
|
}
|
||||||
|
|
||||||
func APIAssetDownloadURL(repo *repo_model.Repository, attach *repo_model.Attachment) string {
|
func APIAssetDownloadURL(repo *repo_model.Repository, attach *repo_model.Attachment) string {
|
||||||
if attach.CustomDownloadURL != "" {
|
return attach.DownloadURL()
|
||||||
return attach.CustomDownloadURL
|
|
||||||
}
|
|
||||||
|
|
||||||
// /repos/{owner}/{repo}/releases/{id}/assets/{attachment_id}
|
|
||||||
return setting.AppURL + "api/repos/" + repo.FullName() + "/releases/" + strconv.FormatInt(attach.ReleaseID, 10) + "/assets/" + strconv.FormatInt(attach.ID, 10)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ToAttachment converts models.Attachment to api.Attachment for API usage
|
// ToAttachment converts models.Attachment to api.Attachment for API usage
|
||||||
|
|
Loading…
Reference in a new issue