|
|
|
|
|
|
|
|
// FIXME: middlewares/context.go did basic auth check already, |
|
|
// FIXME: middlewares/context.go did basic auth check already, |
|
|
// maybe could use that one. |
|
|
// maybe could use that one. |
|
|
if len(auths) != 2 || auths[0] != "Basic" { |
|
|
if len(auths) != 2 || auths[0] != "Basic" { |
|
|
ctx.Handle(401, "no basic auth and digit auth", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "no basic auth and digit auth") |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) |
|
|
authUsername, authPasswd, err = base.BasicAuthDecode(auths[1]) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
ctx.Handle(401, "no basic auth and digit auth", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "no basic auth and digit auth") |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
token, err := models.GetAccessTokenBySha(authUsername) |
|
|
token, err := models.GetAccessTokenBySha(authUsername) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
if err == models.ErrAccessTokenNotExist { |
|
|
if err == models.ErrAccessTokenNotExist { |
|
|
ctx.Handle(401, "invalid token", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "invalid token") |
|
|
} else { |
|
|
} else { |
|
|
ctx.Handle(500, "GetAccessTokenBySha", err) |
|
|
ctx.Handle(500, "GetAccessTokenBySha", err) |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
has, err := models.HasAccess(authUser, repo, tp) |
|
|
has, err := models.HasAccess(authUser, repo, tp) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
ctx.Handle(401, "no basic auth and digit auth", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "no basic auth and digit auth") |
|
|
return |
|
|
return |
|
|
} else if !has { |
|
|
} else if !has { |
|
|
if tp == models.ACCESS_MODE_READ { |
|
|
if tp == models.ACCESS_MODE_READ { |
|
|
has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE) |
|
|
has, err = models.HasAccess(authUser, repo, models.ACCESS_MODE_WRITE) |
|
|
if err != nil || !has { |
|
|
if err != nil || !has { |
|
|
ctx.Handle(401, "no basic auth and digit auth", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "no basic auth and digit auth") |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
} else { |
|
|
} else { |
|
|
ctx.Handle(401, "no basic auth and digit auth", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "no basic auth and digit auth") |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
if !isPull && repo.IsMirror { |
|
|
if !isPull && repo.IsMirror { |
|
|
ctx.Handle(401, "can't push to mirror", nil) |
|
|
|
|
|
|
|
|
ctx.HandleText(401, "can't push to mirror") |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
} |
|
|
} |