}
var (
- gitRawReleasePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/))`)
- lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`)
+ gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`)
+ lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`)
)
-func isGitRawReleaseOrLFSPath(req *http.Request) bool {
- if gitRawReleasePathRe.MatchString(req.URL.Path) {
+func isGitRawOrAttachPath(req *http.Request) bool {
+ return gitRawOrAttachPathRe.MatchString(req.URL.Path)
+}
+
+func isGitRawOrAttachOrLFSPath(req *http.Request) bool {
+ if isGitRawOrAttachPath(req) {
return true
}
if setting.LFS.StartServer {
"/owner/repo/releases/download/tag/repo.tar.gz",
true,
},
+ {
+ "/owner/repo/attachments/6d92a9ee-5d8b-4993-97c9-6181bdaa8955",
+ true,
+ },
}
lfsTests := []string{
"/owner/repo/info/lfs/",
t.Run(tt.path, func(t *testing.T) {
req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
setting.LFS.StartServer = false
- if got := isGitRawReleaseOrLFSPath(req); got != tt.want {
+ if got := isGitRawOrAttachOrLFSPath(req); got != tt.want {
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
}
setting.LFS.StartServer = true
- if got := isGitRawReleaseOrLFSPath(req); got != tt.want {
+ if got := isGitRawOrAttachOrLFSPath(req); got != tt.want {
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
}
})
t.Run(tt, func(t *testing.T) {
req, _ := http.NewRequest("POST", tt, nil)
setting.LFS.StartServer = false
- if got := isGitRawReleaseOrLFSPath(req); got != setting.LFS.StartServer {
- t.Errorf("isGitOrLFSPath(%q) = %v, want %v, %v", tt, got, setting.LFS.StartServer, gitRawReleasePathRe.MatchString(tt))
+ if got := isGitRawOrAttachOrLFSPath(req); got != setting.LFS.StartServer {
+ t.Errorf("isGitOrLFSPath(%q) = %v, want %v, %v", tt, got, setting.LFS.StartServer, gitRawOrAttachPathRe.MatchString(tt))
}
setting.LFS.StartServer = true
- if got := isGitRawReleaseOrLFSPath(req); got != setting.LFS.StartServer {
+ if got := isGitRawOrAttachOrLFSPath(req); got != setting.LFS.StartServer {
t.Errorf("isGitOrLFSPath(%q) = %v, want %v", tt, got, setting.LFS.StartServer)
}
})
// Returns nil if header is empty or validation fails.
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
// Basic authentication should only fire on API, Download or on Git or LFSPaths
- if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
+ if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
return nil, nil
}
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
- !gitRawReleasePathRe.MatchString(req.URL.Path) {
+ !isGitRawOrAttachPath(req) {
return nil, nil
}
}
// Make sure requests to API paths, attachment downloads, git and LFS do not create a new session
- if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
+ if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
if sess != nil && (sess.Get("uid") == nil || sess.Get("uid").(int64) != user.ID) {
handleSignIn(w, req, sess, user)
}
package convert
import (
- "strconv"
-
repo_model "code.gitea.io/gitea/models/repo"
- "code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
)
}
func APIAssetDownloadURL(repo *repo_model.Repository, attach *repo_model.Attachment) string {
- if attach.CustomDownloadURL != "" {
- return attach.CustomDownloadURL
- }
-
- // /repos/{owner}/{repo}/releases/{id}/assets/{attachment_id}
- return setting.AppURL + "api/repos/" + repo.FullName() + "/releases/" + strconv.FormatInt(attach.ReleaseID, 10) + "/assets/" + strconv.FormatInt(attach.ID, 10)
+ return attach.DownloadURL()
}
// ToAttachment converts models.Attachment to api.Attachment for API usage