#842 able to use access token replace basic auth

gogs.go

@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.6.7.0901 Beta"
+const APP_VER = "0.6.7.0902 Beta"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

models/error.go

@@ -183,6 +183,26 @@ func (err ErrDeployKeyNameAlreadyUsed) Error() string {
 	return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
 }
 
+//    _____                                   ___________     __
+//   /  _  \   ____  ____  ____   ______ _____\__    ___/___ |  | __ ____   ____
+//  /  /_\  \_/ ___\/ ___\/ __ \ /  ___//  ___/ |    | /  _ \|  |/ // __ \ /    \
+// /    |    \  \__\  \__\  ___/ \___ \ \___ \  |    |(  <_> )    <\  ___/|   |  \
+// \____|__  /\___  >___  >___  >____  >____  > |____| \____/|__|_ \\___  >___|  /
+//         \/     \/    \/    \/     \/     \/                    \/    \/     \/
+
+type ErrAccessTokenNotExist struct {
+	SHA string
+}
+
+func IsErrAccessTokenNotExist(err error) bool {
+	_, ok := err.(ErrAccessTokenNotExist)
+	return ok
+}
+
+func (err ErrAccessTokenNotExist) Error() string {
+	return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
+}
+
 // ________                            .__                __  .__
 // \_____  \_______  _________    ____ |__|____________ _/  |_|__| ____   ____
 //  /   |   \_  __ \/ ___\__  \  /    \|  \___   /\__  \\   __\  |/  _ \ /    \

models/token.go

@@ -5,17 +5,12 @@
 package models
 
 import (
-	"errors"
 	"time"
 
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/uuid"
 )
 
-var (
-	ErrAccessTokenNotExist = errors.New("Access token does not exist")
-)
-
 // AccessToken represents a personal access token.
 type AccessToken struct {
 	ID                int64 `xorm:"pk autoincr"`
@@ -42,7 +37,7 @@ func GetAccessTokenBySHA(sha string) (*AccessToken, error) {
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, ErrAccessTokenNotExist
+		return nil, ErrAccessTokenNotExist{sha}
 	}
 	return t, nil
 }

modules/auth/auth.go

@@ -5,7 +5,6 @@
 package auth
 
 import (
-	"net/http"
 	"reflect"
 	"strings"
 	"time"
@@ -26,34 +25,41 @@ func IsAPIPath(url string) bool {
 	return strings.HasPrefix(url, "/api/")
 }
 
-// SignedInId returns the id of signed in user.
+// SignedInID returns the id of signed in user.
-func SignedInId(req *http.Request, sess session.Store) int64 {
+func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 	if !models.HasEngine {
 		return 0
 	}
 
-	// API calls need to check access token.
+	// Check access token.
-	if IsAPIPath(req.URL.Path) {
+	tokenSHA := ctx.Query("token")
-		auHead := req.Header.Get("Authorization")
+	if len(tokenSHA) == 0 {
+		// Well, check with header again.
+		auHead := ctx.Req.Header.Get("Authorization")
 		if len(auHead) > 0 {
 			auths := strings.Fields(auHead)
 			if len(auths) == 2 && auths[0] == "token" {
-				t, err := models.GetAccessTokenBySHA(auths[1])
+				tokenSHA = auths[1]
-				if err != nil {
-					if err != models.ErrAccessTokenNotExist {
-						log.Error(4, "GetAccessTokenBySHA: %v", err)
-					}
-					return 0
-				}
-				t.Updated = time.Now()
-				if err = models.UpdateAccessToekn(t); err != nil {
-					log.Error(4, "UpdateAccessToekn: %v", err)
-				}
-				return t.UID
 			}
 		}
 	}
 
+	// Let's see if token is valid.
+	if len(tokenSHA) > 0 {
+		t, err := models.GetAccessTokenBySHA(tokenSHA)
+		if err != nil {
+			if models.IsErrAccessTokenNotExist(err) {
+				log.Error(4, "GetAccessTokenBySHA: %v", err)
+			}
+			return 0
+		}
+		t.Updated = time.Now()
+		if err = models.UpdateAccessToekn(t); err != nil {
+			log.Error(4, "UpdateAccessToekn: %v", err)
+		}
+		return t.UID
+	}
+
 	uid := sess.Get("uid")
 	if uid == nil {
 		return 0
@@ -72,16 +78,16 @@ func SignedInId(req *http.Request, sess session.Store) int64 {
 
 // SignedInUser returns the user object of signed user.
 // It returns a bool value to indicate whether user uses basic auth or not.
-func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
+func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {
 	if !models.HasEngine {
 		return nil, false
 	}
 
-	uid := SignedInId(req, sess)
+	uid := SignedInID(ctx, sess)
 
 	if uid <= 0 {
 		if setting.Service.EnableReverseProxyAuth {
-			webAuthUser := req.Header.Get(setting.ReverseProxyAuthUser)
+			webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
 			if len(webAuthUser) > 0 {
 				u, err := models.GetUserByName(webAuthUser)
 				if err != nil {
@@ -112,7 +118,7 @@ func SignedInUser(req *http.Request, sess session.Store) (*models.User, bool) {
 		}
 
 		// Check with basic auth.
-		baHead := req.Header.Get("Authorization")
+		baHead := ctx.Req.Header.Get("Authorization")
 		if len(baHead) > 0 {
 			auths := strings.Fields(baHead)
 			if len(auths) == 2 && auths[0] == "Basic" {

modules/middleware/context.go

@@ -211,7 +211,7 @@ func Contexter() macaron.Handler {
 		}
 
 		// Get user from session if logined.
-		ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session)
+		ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
 
 		if ctx.User != nil {
 			ctx.IsSigned = true

routers/repo/http.go

@@ -115,7 +115,7 @@ func Http(ctx *middleware.Context) {
 			// Assume username now is a token.
 			token, err := models.GetAccessTokenBySHA(authUsername)
 			if err != nil {
-				if err == models.ErrAccessTokenNotExist {
+				if models.IsErrAccessTokenNotExist(err) {
 					ctx.HandleText(401, "invalid token")
 				} else {
 					ctx.Handle(500, "GetAccessTokenBySha", err)

templates/.VERSION

@@ -1 +1 @@
-0.6.7.0901 Beta
+0.6.7.0902 Beta