diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2024-09-05 15:05:42 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-05 07:05:42 +0000 |
| commit | 5c05dddbed8247a4fb272619f1eb7cf090443b8b (patch) | |
| tree | f929b204ebe00f0162b87bacd73b884b7d6971f7 /routers/api/packages/container | |
| parent | 74b1c589c6c1a4261556e1a1a868bbcb2964a5d3 (diff) | |
| download | gitea-5c05dddbed8247a4fb272619f1eb7cf090443b8b.tar.gz gitea-5c05dddbed8247a4fb272619f1eb7cf090443b8b.zip | |
Fix nuget/conan/container packages upload bugs (#31967)
Diffstat (limited to 'routers/api/packages/container')
| -rw-r--r-- | routers/api/packages/container/auth.go | 11 | ||||
| -rw-r--r-- | routers/api/packages/container/container.go | 17 |
2 files changed, 24 insertions, 4 deletions
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go index 1c7afa95ff..1d8ae6af7d 100644 --- a/routers/api/packages/container/auth.go +++ b/routers/api/packages/container/auth.go @@ -23,21 +23,26 @@ func (a *Auth) Name() string { // Verify extracts the user from the Bearer token // If it's an anonymous session a ghost user is returned func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) { - uid, err := packages.ParseAuthorizationToken(req) + packageMeta, err := packages.ParseAuthorizationRequest(req) if err != nil { log.Trace("ParseAuthorizationToken: %v", err) return nil, err } - if uid == 0 { + if packageMeta == nil || packageMeta.UserID == 0 { return nil, nil } - u, err := user_model.GetPossibleUserByID(req.Context(), uid) + u, err := user_model.GetPossibleUserByID(req.Context(), packageMeta.UserID) if err != nil { log.Error("GetPossibleUserByID: %v", err) return nil, err } + if packageMeta.Scope != "" { + store.GetData()["IsApiToken"] = true + store.GetData()["ApiTokenScope"] = packageMeta.Scope + } + return u, nil } diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go index 74a3295f09..d495d199d9 100644 --- a/routers/api/packages/container/container.go +++ b/routers/api/packages/container/container.go @@ -14,6 +14,7 @@ import ( "strconv" "strings" + auth_model "code.gitea.io/gitea/models/auth" packages_model "code.gitea.io/gitea/models/packages" container_model "code.gitea.io/gitea/models/packages/container" user_model "code.gitea.io/gitea/models/user" @@ -25,6 +26,7 @@ import ( "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/routers/api/packages/helper" + auth_service "code.gitea.io/gitea/services/auth" "code.gitea.io/gitea/services/context" packages_service "code.gitea.io/gitea/services/packages" container_service "code.gitea.io/gitea/services/packages/container" @@ -148,6 +150,7 @@ func DetermineSupport(ctx *context.Context) { // If the current user is anonymous, the ghost user is used unless RequireSignInView is enabled. func Authenticate(ctx *context.Context) { u := ctx.Doer + packageScope := auth_service.GetAccessScope(ctx.Data) if u == nil { if setting.Service.RequireSignInView { apiUnauthorizedError(ctx) @@ -155,9 +158,21 @@ func Authenticate(ctx *context.Context) { } u = user_model.NewGhostUser() + } else { + if has, err := packageScope.HasAnyScope( + auth_model.AccessTokenScopeReadPackage, + auth_model.AccessTokenScopeWritePackage, + auth_model.AccessTokenScopeAll, + ); !has { + if err != nil { + log.Error("Error checking access scope: %v", err) + } + apiUnauthorizedError(ctx) + return + } } - token, err := packages_service.CreateAuthorizationToken(u) + token, err := packages_service.CreateAuthorizationToken(u, packageScope) if err != nil { apiError(ctx, http.StatusInternalServerError, err) return |