modules/lfstransfer: call private LFS API

go-gitea · Sep 19, 2024 · 5a2ca80 · 5a2ca80
1 parent 8ec1a00
commit 5a2ca80
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 11 deletions.
diff --git a/modules/lfstransfer/backend/backend.go b/modules/lfstransfer/backend/backend.go
@@ -7,6 +7,7 @@ import (
  "bytes"
  "context"
  "encoding/base64"
+ "fmt"
  "io"
  "net/http"
  "net/url"
@@ -36,6 +37,7 @@ type GiteaBackend struct {
  server *url.URL
  op string
  token string
+ itoken string
  logger transfer.Logger
 }
 
@@ -45,8 +47,8 @@ func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (t
  if err != nil {
  return nil, err
  }
- server = server.JoinPath(repo, "info/lfs")
- return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, logger: logger}, nil
+ server = server.JoinPath("api/internal/repo", repo, "info/lfs")
+ return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, itoken: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
 }
 
 // Batch implements transfer.Backend
@@ -71,7 +73,8 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans
  }
  url := g.server.JoinPath("objects/batch").String()
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeGitLFS,
  headerContentType: mimeGitLFS,
  }
@@ -180,7 +183,8 @@ func (g *GiteaBackend) Download(oid string, args transfer.Args) (io.ReadCloser,
  }
  url := action.Href
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeOctetStream,
  }
  req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
@@ -225,7 +229,8 @@ func (g *GiteaBackend) Upload(oid string, size int64, r io.Reader, args transfer
  }
  url := action.Href
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerContentType: mimeOctetStream,
  headerContentLength: strconv.FormatInt(size, 10),
  }
@@ -274,7 +279,8 @@ func (g *GiteaBackend) Verify(oid string, size int64, args transfer.Args) (trans
  }
  url := action.Href
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeGitLFS,
  headerContentType: mimeGitLFS,
  }

diff --git a/modules/lfstransfer/backend/lock.go b/modules/lfstransfer/backend/lock.go
@@ -25,12 +25,13 @@ type giteaLockBackend struct {
  g *GiteaBackend
  server *url.URL
  token string
+ itoken string
  logger transfer.Logger
 }
 
 func newGiteaLockBackend(g *GiteaBackend) transfer.LockBackend {
  server := g.server.JoinPath("locks")
- return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, logger: g.logger}
+ return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, itoken: g.itoken, logger: g.logger}
 }
 
 // Create implements transfer.LockBackend
@@ -44,7 +45,8 @@ func (g *giteaLockBackend) Create(path, refname string) (transfer.Lock, error) {
  }
  url := g.server.String()
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeGitLFS,
  headerContentType: mimeGitLFS,
  }
@@ -95,7 +97,8 @@ func (g *giteaLockBackend) Unlock(lock transfer.Lock) error {
  }
  url := g.server.JoinPath(lock.ID(), "unlock").String()
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeGitLFS,
  headerContentType: mimeGitLFS,
  }
@@ -177,7 +180,8 @@ func (g *giteaLockBackend) queryLocks(v url.Values) ([]transfer.Lock, string, er
  urlq.RawQuery = v.Encode()
  url := urlq.String()
  headers := map[string]string{
- headerAuthorisation: g.token,
+ headerAuthorisation: g.itoken,
+ headerAuthX: g.token,
  headerAccept: mimeGitLFS,
  headerContentType: mimeGitLFS,
  }

diff --git a/modules/lfstransfer/backend/util.go b/modules/lfstransfer/backend/util.go
@@ -22,6 +22,7 @@ import (
 const (
  headerAccept = "Accept"
  headerAuthorisation = "Authorization"
+ headerAuthX = "X-Auth"
  headerContentType = "Content-Type"
  headerContentLength = "Content-Length"
 )

diff --git a/routers/private/internal.go b/routers/private/internal.go
@@ -48,6 +48,14 @@ func bind[T any](_ T) any {
  }
 }
 
+// SwapAuthToken swaps Authorization header with X-Auth header
+func swapAuthToken(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+ req.Header.Set("Authorization", req.Header.Get("X-Auth"))
+ next.ServeHTTP(w, req)
+ })
+}
+
 // Routes registers all internal APIs routes to web application.
 // These APIs will be invoked by internal commands for example `gitea serv` and etc.
 func Routes() *web.Router {
@@ -98,7 +106,7 @@ func Routes() *web.Router {
  r.Any("/*", func(ctx *context.Context) {
  ctx.NotFound("", nil)
  })
- })
+ }, swapAuthToken)
  }, common.Sessioner(), context.Contexter())
  // end "/repo/{username}/{reponame}": git (LFS) API mirror