mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-14 21:50:17 +00:00
265cd70bdb
Backport #28587, the only conflict is the test file.
The CORS code has been unmaintained for long time, and the behavior is
not correct.
This PR tries to improve it. The key point is written as comment in
code. And add more tests.
Fix #28515
Fix #27642
Fix #17098
(cherry picked from commit 7a2786ca6c
)
44 lines
1.7 KiB
Go
44 lines
1.7 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package web
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/routers/web/repo"
|
|
context_service "code.gitea.io/gitea/services/context"
|
|
)
|
|
|
|
func requireSignIn(ctx *context.Context) {
|
|
if !setting.Service.RequireSignInView {
|
|
return
|
|
}
|
|
|
|
// rely on the results of Contexter
|
|
if !ctx.IsSigned {
|
|
// TODO: support digit auth - which would be Authorization header with digit
|
|
ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea"`)
|
|
ctx.Error(http.StatusUnauthorized)
|
|
}
|
|
}
|
|
|
|
func gitHTTPRouters(m *web.Route) {
|
|
m.Group("", func() {
|
|
m.Methods("POST,OPTIONS", "/git-upload-pack", repo.ServiceUploadPack)
|
|
m.Methods("POST,OPTIONS", "/git-receive-pack", repo.ServiceReceivePack)
|
|
m.Methods("GET,OPTIONS", "/info/refs", repo.GetInfoRefs)
|
|
m.Methods("GET,OPTIONS", "/HEAD", repo.GetTextFile("HEAD"))
|
|
m.Methods("GET,OPTIONS", "/objects/info/alternates", repo.GetTextFile("objects/info/alternates"))
|
|
m.Methods("GET,OPTIONS", "/objects/info/http-alternates", repo.GetTextFile("objects/info/http-alternates"))
|
|
m.Methods("GET,OPTIONS", "/objects/info/packs", repo.GetInfoPacks)
|
|
m.Methods("GET,OPTIONS", "/objects/info/{file:[^/]*}", repo.GetTextFile(""))
|
|
m.Methods("GET,OPTIONS", "/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject)
|
|
m.Methods("GET,OPTIONS", "/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile)
|
|
m.Methods("GET,OPTIONS", "/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile)
|
|
}, ignSignInAndCsrf, requireSignIn, repo.HTTPGitEnabledHandler, repo.CorsHandler(), context_service.UserAssignmentWeb())
|
|
}
|