Implement http signatures support for the API (#17565)

Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
author: Wim <wim@42.be> 2022-06-05 09:16:14 +0200
committer: GitHub <noreply@github.com> 2022-06-05 08:16:14 +0100
commit: e528e2b435466bd854b1f7a4619bdc16c058b8ba (patch)
tree: c1820465c45bffb3600f5c758da02fb4ffa1b046 /routers/api
parent: 48be5e77e502f88cae104735ee706c2fbeab8a2a (diff)
download: gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.tar.gz
gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 1492ef07a7..03f7a57d5c 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -592,6 +592,7 @@ func bind(obj interface{}) http.HandlerFunc {
 func buildAuthGroup() *auth.Group {
 	group := auth.NewGroup(
 		&auth.OAuth2{},
+		&auth.HTTPSign{},
 		&auth.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
 	)
 	if setting.Service.EnableReverseProxyAuth {
author	Wim <wim@42.be>	2022-06-05 09:16:14 +0200
committer	GitHub <noreply@github.com>	2022-06-05 08:16:14 +0100
commit	e528e2b435466bd854b1f7a4619bdc16c058b8ba (patch)
tree	c1820465c45bffb3600f5c758da02fb4ffa1b046 /routers/api
parent	48be5e77e502f88cae104735ee706c2fbeab8a2a (diff)
download	gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.tar.gz gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.zip