diff options
Diffstat (limited to 'services/auth')
| -rw-r--r-- | services/auth/auth.go | 5 | ||||
| -rw-r--r-- | services/auth/basic.go | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/services/auth/auth.go b/services/auth/auth.go index a379cb1013..15df47da33 100644 --- a/services/auth/auth.go +++ b/services/auth/auth.go @@ -41,6 +41,11 @@ func isAttachmentDownload(req *http.Request) bool { return strings.HasPrefix(req.URL.Path, "/attachments/") && req.Method == "GET" } +// isContainerPath checks if the request targets the container endpoint +func isContainerPath(req *http.Request) bool { + return strings.HasPrefix(req.URL.Path, "/v2/") +} + var ( gitRawReleasePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/))`) lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) diff --git a/services/auth/basic.go b/services/auth/basic.go index d8667c65d5..1869662e92 100644 --- a/services/auth/basic.go +++ b/services/auth/basic.go @@ -43,7 +43,7 @@ func (b *Basic) Name() string { // Returns nil if header is empty or validation fails. func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User { // Basic authentication should only fire on API, Download or on Git or LFSPaths - if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) { + if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) { return nil } |