Implement http signatures support for the API (#17565)

Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
author: Wim <wim@42.be> 2022-06-05 09:16:14 +0200
committer: GitHub <noreply@github.com> 2022-06-05 08:16:14 +0100
commit: e528e2b435466bd854b1f7a4619bdc16c058b8ba (patch)
tree: c1820465c45bffb3600f5c758da02fb4ffa1b046 /modules/ssh
parent: 48be5e77e502f88cae104735ee706c2fbeab8a2a (diff)
download: gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.tar.gz
gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index a240c01319..2affeb781a 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -188,8 +188,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 
 			c := &gossh.CertChecker{
 				IsUserAuthority: func(auth gossh.PublicKey) bool {
+					marshaled := auth.Marshal()
 					for _, k := range setting.SSH.TrustedUserCAKeysParsed {
-						if bytes.Equal(auth.Marshal(), k.Marshal()) {
+						if bytes.Equal(marshaled, k.Marshal()) {
 							return true
 						}
 					}
author	Wim <wim@42.be>	2022-06-05 09:16:14 +0200
committer	GitHub <noreply@github.com>	2022-06-05 08:16:14 +0100
commit	e528e2b435466bd854b1f7a4619bdc16c058b8ba (patch)
tree	c1820465c45bffb3600f5c758da02fb4ffa1b046 /modules/ssh
parent	48be5e77e502f88cae104735ee706c2fbeab8a2a (diff)
download	gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.tar.gz gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.zip