summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorClar Fon <15850505+clarfonthey@users.noreply.github.com>2022-10-01 13:26:33 -0400
committerGitHub <noreply@github.com>2022-10-02 01:26:33 +0800
commit3d10193be2b4476d1d0d3249a9884fcc0faa64e5 (patch)
treea94e7a09e276682f28955fcaa515d9a096254df4 /routers
parent04e97b83115e7439d43c0ede5fe2d1b50d201c52 (diff)
downloadgitea-3d10193be2b4476d1d0d3249a9884fcc0faa64e5.tar.gz
gitea-3d10193be2b4476d1d0d3249a9884fcc0faa64e5.zip
Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
Only load SECRET_KEY and INTERNAL_TOKEN if they exist. Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers')
-rw-r--r--routers/private/internal.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/routers/private/internal.go b/routers/private/internal.go
index 061c7f3c82..e9cc20a77d 100644
--- a/routers/private/internal.go
+++ b/routers/private/internal.go
@@ -24,6 +24,11 @@ func CheckInternalToken(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
tokens := req.Header.Get("Authorization")
fields := strings.SplitN(tokens, " ", 2)
+ if setting.InternalToken == "" {
+ log.Warn(`The INTERNAL_TOKEN setting is missing from the configuration file: %q, internal API can't work.`, setting.CustomConf)
+ http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+ return
+ }
if len(fields) != 2 || fields[0] != "Bearer" || fields[1] != setting.InternalToken {
log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)