aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
Diffstat (limited to 'routers')
-rw-r--r--routers/api/packages/api.go17
-rw-r--r--routers/api/packages/conan/auth.go10
-rw-r--r--routers/api/packages/container/auth.go12
-rw-r--r--routers/api/packages/nuget/auth.go9
4 files changed, 31 insertions, 17 deletions
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index b523725c48..78eb5e860b 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/models/perm"
"code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/routers/api/packages/composer"
@@ -58,7 +59,13 @@ func CommonRoutes(ctx gocontext.Context) *web.Route {
authGroup := auth.NewGroup(authMethods...)
r.Use(func(ctx *context.Context) {
- ctx.Doer = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+ var err error
+ ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+ if err != nil {
+ log.Error("Verify: %v", err)
+ ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
+ return
+ }
ctx.IsSigned = ctx.Doer != nil
})
@@ -321,7 +328,13 @@ func ContainerRoutes(ctx gocontext.Context) *web.Route {
authGroup := auth.NewGroup(authMethods...)
r.Use(func(ctx *context.Context) {
- ctx.Doer = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+ var err error
+ ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+ if err != nil {
+ log.Error("Failed to verify user: %v", err)
+ ctx.Error(http.StatusUnauthorized, "Verify")
+ return
+ }
ctx.IsSigned = ctx.Doer != nil
})
diff --git a/routers/api/packages/conan/auth.go b/routers/api/packages/conan/auth.go
index f3adaf7bee..ca02d61e76 100644
--- a/routers/api/packages/conan/auth.go
+++ b/routers/api/packages/conan/auth.go
@@ -19,22 +19,22 @@ func (a *Auth) Name() string {
}
// Verify extracts the user from the Bearer token
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) *user_model.User {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
uid, err := packages.ParseAuthorizationToken(req)
if err != nil {
log.Trace("ParseAuthorizationToken: %v", err)
- return nil
+ return nil, err
}
if uid == 0 {
- return nil
+ return nil, nil
}
u, err := user_model.GetUserByID(req.Context(), uid)
if err != nil {
log.Error("GetUserByID: %v", err)
- return nil
+ return nil, err
}
- return u
+ return u, nil
}
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index e134f74c8f..33f439ec3e 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -20,25 +20,25 @@ func (a *Auth) Name() string {
// Verify extracts the user from the Bearer token
// If it's an anonymous session a ghost user is returned
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) *user_model.User {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
uid, err := packages.ParseAuthorizationToken(req)
if err != nil {
log.Trace("ParseAuthorizationToken: %v", err)
- return nil
+ return nil, err
}
if uid == 0 {
- return nil
+ return nil, nil
}
if uid == -1 {
- return user_model.NewGhostUser()
+ return user_model.NewGhostUser(), nil
}
u, err := user_model.GetUserByID(req.Context(), uid)
if err != nil {
log.Error("GetUserByID: %v", err)
- return nil
+ return nil, err
}
- return u
+ return u, nil
}
diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go
index 890c930184..54b33d89c0 100644
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@@ -20,19 +20,20 @@ func (a *Auth) Name() string {
}
// https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) *user_model.User {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
token, err := auth_model.GetAccessTokenBySHA(req.Header.Get("X-NuGet-ApiKey"))
if err != nil {
if !(auth_model.IsErrAccessTokenNotExist(err) || auth_model.IsErrAccessTokenEmpty(err)) {
log.Error("GetAccessTokenBySHA: %v", err)
+ return nil, err
}
- return nil
+ return nil, nil
}
u, err := user_model.GetUserByID(req.Context(), token.UID)
if err != nil {
log.Error("GetUserByID: %v", err)
- return nil
+ return nil, err
}
token.UpdatedUnix = timeutil.TimeStampNow()
@@ -40,5 +41,5 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
log.Error("UpdateAccessToken: %v", err)
}
- return u
+ return u, nil
}