From 941abe8abea59cc11ea3b2cac385f053827c7503 Mon Sep 17 00:00:00 2001 From: navetacandra Date: Wed, 29 May 2024 12:45:21 +0700 Subject: [PATCH 1/2] feat: implement basic authentication at info refs --- README.md | 4 +++- main.go | 1 + server/server.go | 23 ++++++++++++++++++++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 21d7506..11810df 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ Flags ``` Usage of ./git-http-backend: + -require_auth bool + set require auth enable/disable -auth_pass_env_var string set an env var to provide the basic auth pass as -auth_user_env_var string @@ -97,4 +99,4 @@ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -``` +``````` diff --git a/main.go b/main.go index 8a14bac..992a208 100644 --- a/main.go +++ b/main.go @@ -9,6 +9,7 @@ import ( ) func init() { + flag.BoolVar(&server.DefaultConfig.RequireAuth, "require_auth", server.DefaultConfig.RequireAuth, "enable basic auth") flag.StringVar(&server.DefaultConfig.AuthPassEnvVar, "auth_pass_env_var", server.DefaultConfig.AuthPassEnvVar, "set an env var to provide the basic auth pass as") flag.StringVar(&server.DefaultConfig.AuthUserEnvVar, "auth_user_env_var", server.DefaultConfig.AuthUserEnvVar, "set an env var to provide the basic auth user as") flag.StringVar(&server.DefaultConfig.DefaultEnv, "default_env", server.DefaultConfig.DefaultEnv, "set the default env") diff --git a/server/server.go b/server/server.go index a899331..9f828e1 100644 --- a/server/server.go +++ b/server/server.go @@ -23,6 +23,7 @@ type Service struct { } type Config struct { + RequireAuth bool AuthPassEnvVar string AuthUserEnvVar string DefaultEnv string @@ -46,6 +47,7 @@ var ( DefaultAddress = ":8080" DefaultConfig = Config{ + RequireAuth: false, AuthPassEnvVar: "", AuthUserEnvVar: "", DefaultEnv: "", @@ -211,7 +213,19 @@ func getInfoRefs(hr HandlerReq) { service_name := getServiceType(r) access := hasAccess(r, dir, service_name, false) version := r.Header.Get("Git-Protocol") - if access { + + user, password, authok := r.BasicAuth() + if DefaultConfig.RequireAuth && !authok { + renderAuthRequire(w) + return + } + + if user != DefaultConfig.AuthUserEnvVar && password != DefaultConfig.AuthPassEnvVar { + w.WriteHeader(http.StatusUnauthorized) + return + } + + if access { args := []string{service_name, "--stateless-rpc", "--advertise-refs", "."} refs := gitCommand(dir, version, args...) @@ -387,6 +401,13 @@ func renderNoAccess(w http.ResponseWriter) { w.Write([]byte("Forbidden")) } +func renderAuthRequire(w http.ResponseWriter) { + w.Header().Add("Content-Type", "text/plain") + w.Header().Add("WWW-Authenticate", "Basic realm=\"authorization needed\"") + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte("401 Unauthorized")) +} + // Packet-line handling function func packetFlush() []byte { From 31ee7a7be196acd6aeee362cf1db4bdac4a0fcb5 Mon Sep 17 00:00:00 2001 From: navetacandra Date: Wed, 29 May 2024 13:23:29 +0700 Subject: [PATCH 2/2] fix: fix always asking for authentication --- server/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server.go b/server/server.go index 9f828e1..44f8592 100644 --- a/server/server.go +++ b/server/server.go @@ -220,7 +220,7 @@ func getInfoRefs(hr HandlerReq) { return } - if user != DefaultConfig.AuthUserEnvVar && password != DefaultConfig.AuthPassEnvVar { + if authok && user != DefaultConfig.AuthUserEnvVar && password != DefaultConfig.AuthPassEnvVar { w.WriteHeader(http.StatusUnauthorized) return }