Browse Source
Fix tarball/zipball download bug (#29342) (#29352)
Backport #29342 by @Zettat123 Fix #29249 ~~Use the `/repos/{owner}/{repo}/archive/{archive}` API to download.~~ Apply #26430 to archive download URLs. Co-authored-by: Zettat123 <zettat123@gmail.com>tags/v1.21.7
Giteabot
3 months ago
2 changed files with 6 additions and 1 deletions
+ 5
- 0
services/auth/auth.go
View File
| var ( | var ( | ||||
| gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`) | gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`) | ||||
| lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) | lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) | ||||
| archivePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/archive/`) | |||||
| ) | ) | ||||
| func isGitRawOrAttachPath(req *http.Request) bool { | func isGitRawOrAttachPath(req *http.Request) bool { | ||||
| return false | return false | ||||
| } | } | ||||
| func isArchivePath(req *http.Request) bool { | |||||
| return archivePathRe.MatchString(req.URL.Path) | |||||
| } | |||||
| // handleSignIn clears existing session variables and stores new ones for the specified user object | // handleSignIn clears existing session variables and stores new ones for the specified user object | ||||
| func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) { | func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) { | ||||
| // We need to regenerate the session... | // We need to regenerate the session... |
+ 1
- 1
services/auth/oauth2.go
View File
| func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) { | func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) { | ||||
| // These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs | // These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs | ||||
| if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && | if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && | ||||
| !isGitRawOrAttachPath(req) { | |||||
| !isGitRawOrAttachPath(req) && !isArchivePath(req) { | |||||
| return nil, nil | return nil, nil | ||||
| } | } | ||||
Loading…