mirror of
https://github.com/go-gitea/gitea
synced 2024-12-24 03:35:55 +01:00
Allow Token API calls be authorized using the reverse-proxy header (#15119)
* API calls authorized with HTTP header This mod allows API calls to be authorized with HTTP header when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without it user authenticated by reverse proxy is able to access gitea UI but not API which is inconsistent. Author-Change-Id: IB#1107572 * Fixed API calls authorized with HTTP header Only reqBasicAuth is modified to allow reverse proxy auth as alternative and reqToken is left untouched. Fixes: dc952c063206d11504085ddea966f121e796a04c Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * Reverse proxy API auth separated Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * ReverseProxyAuth removed from swagger ReverseProxyAuth removed from swagger as in upstream's suggestion. Related: https://github.com/go-gitea/gitea/pull/15119#pullrequestreview-692180940 Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099 Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099 Author-Change-Id: IB#1107572
This commit is contained in:
parent
fc3d082609
commit
d4e281bc02
@ -215,10 +215,13 @@ func reqExploreSignIn() func(ctx *context.APIContext) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func reqBasicAuth() func(ctx *context.APIContext) {
|
func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
|
||||||
return func(ctx *context.APIContext) {
|
return func(ctx *context.APIContext) {
|
||||||
|
if ctx.IsSigned && setting.Service.EnableReverseProxyAuth && ctx.Data["AuthedMethod"].(string) == new(auth.ReverseProxy).Name() {
|
||||||
|
return
|
||||||
|
}
|
||||||
if !ctx.Context.IsBasicAuth {
|
if !ctx.Context.IsBasicAuth {
|
||||||
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "basic auth required")
|
ctx.Error(http.StatusUnauthorized, "reqBasicOrRevProxyAuth", "auth required")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ctx.CheckForOTP()
|
ctx.CheckForOTP()
|
||||||
@ -630,7 +633,7 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
|
|||||||
m.Combo("").Get(user.ListAccessTokens).
|
m.Combo("").Get(user.ListAccessTokens).
|
||||||
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
|
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
|
||||||
m.Combo("/{id}").Delete(user.DeleteAccessToken)
|
m.Combo("/{id}").Delete(user.DeleteAccessToken)
|
||||||
}, reqBasicAuth())
|
}, reqBasicOrRevProxyAuth())
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user