From a82ccf1fab187969544b638f6977d698a55dbb2f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 11 Feb 2022 13:14:02 +0300 Subject: [PATCH] josh-proxy: Always require authentication when pushing This supports the use-case where josh serves a public repo without auth, but requires auth for pushing back. --- josh-proxy/src/auth.rs | 4 ++-- josh-proxy/src/bin/josh-proxy.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/josh-proxy/src/auth.rs b/josh-proxy/src/auth.rs index 96a8241..0a007f3 100644 --- a/josh-proxy/src/auth.rs +++ b/josh-proxy/src/auth.rs @@ -54,8 +54,8 @@ impl Handle { } } -pub async fn check_auth(url: &str, auth: &Handle, required: bool) -> josh::JoshResult { - if required && auth.hash.is_empty() { +pub async fn check_auth(url: &str, pathinfo: &str, auth: &Handle, required: bool) -> josh::JoshResult { + if auth.hash.is_empty() && (required || pathinfo == "/git-receive-pack") { return Ok(false); } diff --git a/josh-proxy/src/bin/josh-proxy.rs b/josh-proxy/src/bin/josh-proxy.rs index 700f2da..a96da1c 100644 --- a/josh-proxy/src/bin/josh-proxy.rs +++ b/josh-proxy/src/bin/josh-proxy.rs @@ -449,7 +449,7 @@ async fn call_service( ] .join(""); - if !josh_proxy::auth::check_auth(&remote_url, &auth, ARGS.is_present("require-auth")) + if !josh_proxy::auth::check_auth(&remote_url, &parsed_url.pathinfo, &auth, ARGS.is_present("require-auth")) .in_current_span() .await? { -- 2.34.1