From a587d2526163153a4d992527fe6040d578beaa83 Mon Sep 17 00:00:00 2001 From: merlleu Date: Mon, 28 Aug 2023 09:05:39 +0200 Subject: [PATCH] Add auth-required to config.json for Cargo http registry (#26729) Cargo registry-auth feature requires config.json to have a property auth-required set to true in order to send token to all registry requests. This is ok for git index because you can manually edit the config.json file to add the auth-required, but when using sparse (setting index url to "sparse+https://git.example.com/api/packages/{owner}/cargo/"), the config.json is dynamically rendered, and does not reflect changes to the config.json file in the repo. I see two approaches: - Serve the real config.json file when fetching the config.json on the cargo service. - Automatically detect if the registry requires authorization. (This is what I implemented in this PR). What the PR does: - When a cargo index repository is created, on the config.json, set auth-required to wether or not the repository is private. - When the cargo/config.json endpoint is called, set auth-required to wether or not the request was authorized using an API token. --- routers/api/packages/cargo/cargo.go | 4 +++- services/packages/cargo/index.go | 15 +++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/routers/api/packages/cargo/cargo.go b/routers/api/packages/cargo/cargo.go index a2e835df578b..8c370339cd57 100644 --- a/routers/api/packages/cargo/cargo.go +++ b/routers/api/packages/cargo/cargo.go @@ -16,6 +16,8 @@ import ( "code.gitea.io/gitea/modules/log" packages_module "code.gitea.io/gitea/modules/packages" cargo_module "code.gitea.io/gitea/modules/packages/cargo" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/routers/api/packages/helper" "code.gitea.io/gitea/services/convert" @@ -48,7 +50,7 @@ func apiError(ctx *context.Context, status int, obj any) { // https://rust-lang.github.io/rfcs/2789-sparse-index.html func RepositoryConfig(ctx *context.Context) { - ctx.JSON(http.StatusOK, cargo_service.BuildConfig(ctx.Package.Owner)) + ctx.JSON(http.StatusOK, cargo_service.BuildConfig(ctx.Package.Owner, setting.Service.RequireSignInView || ctx.Package.Owner.Visibility != structs.VisibleTypePublic)) } func EnumeratePackageVersions(ctx *context.Context) { diff --git a/services/packages/cargo/index.go b/services/packages/cargo/index.go index 1c2d17b504fc..867cd796d381 100644 --- a/services/packages/cargo/index.go +++ b/services/packages/cargo/index.go @@ -21,6 +21,7 @@ import ( cargo_module "code.gitea.io/gitea/modules/packages/cargo" repo_module "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/util" files_service "code.gitea.io/gitea/services/repository/files" ) @@ -220,14 +221,16 @@ func getOrCreateIndexRepository(ctx context.Context, doer, owner *user_model.Use } type Config struct { - DownloadURL string `json:"dl"` - APIURL string `json:"api"` + DownloadURL string `json:"dl"` + APIURL string `json:"api"` + AuthRequired bool `json:"auth-required"` } -func BuildConfig(owner *user_model.User) *Config { +func BuildConfig(owner *user_model.User, isPrivate bool) *Config { return &Config{ - DownloadURL: setting.AppURL + "api/packages/" + owner.Name + "/cargo/api/v1/crates", - APIURL: setting.AppURL + "api/packages/" + owner.Name + "/cargo", + DownloadURL: setting.AppURL + "api/packages/" + owner.Name + "/cargo/api/v1/crates", + APIURL: setting.AppURL + "api/packages/" + owner.Name + "/cargo", + AuthRequired: isPrivate, } } @@ -239,7 +242,7 @@ func createOrUpdateConfigFile(ctx context.Context, repo *repo_model.Repository, "Initialize Cargo Config", func(t *files_service.TemporaryUploadRepository) error { var b bytes.Buffer - err := json.NewEncoder(&b).Encode(BuildConfig(owner)) + err := json.NewEncoder(&b).Encode(BuildConfig(owner, setting.Service.RequireSignInView || owner.Visibility != structs.VisibleTypePublic || repo.IsPrivate)) if err != nil { return err }