diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2024-11-13 10:26:37 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-13 10:26:37 +0800 |
| commit | ef339713c25253980f98d4c28b3fe5326538664b (patch) | |
| tree | 23f2dfb931d431d01f3823b935163e8f52ee7bed /modules/git | |
| parent | 26437a03b0dc429e179ef0461e83ecb1b1474017 (diff) | |
| download | gitea-ef339713c25253980f98d4c28b3fe5326538664b.tar.gz gitea-ef339713c25253980f98d4c28b3fe5326538664b.zip | |
Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
Partially backport #32473. LFS related changes are not in 1.22, so skip
them.
1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check
Diffstat (limited to 'modules/git')
| -rw-r--r-- | modules/git/batch_reader.go | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/modules/git/batch_reader.go b/modules/git/batch_reader.go index 3b1a466b2e..7dfda72155 100644 --- a/modules/git/batch_reader.go +++ b/modules/git/batch_reader.go @@ -146,9 +146,8 @@ func catFileBatch(ctx context.Context, repoPath string) (WriteCloserError, *bufi } // ReadBatchLine reads the header line from cat-file --batch -// We expect: -// <sha> SP <type> SP <size> LF -// sha is a hex encoded here +// We expect: <oid> SP <type> SP <size> LF +// then leaving the rest of the stream "<contents> LF" to be read func ReadBatchLine(rd *bufio.Reader) (sha []byte, typ string, size int64, err error) { typ, err = rd.ReadString('\n') if err != nil { |