1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From a82ccf1fab187969544b638f6977d698a55dbb2f Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 11 Feb 2022 13:14:02 +0300
Subject: [PATCH] josh-proxy: Always require authentication when pushing
This supports the use-case where josh serves a public repo without
auth, but requires auth for pushing back.
---
josh-proxy/src/auth.rs | 4 ++--
josh-proxy/src/bin/josh-proxy.rs | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/josh-proxy/src/auth.rs b/josh-proxy/src/auth.rs
index 96a8241..0a007f3 100644
--- a/josh-proxy/src/auth.rs
+++ b/josh-proxy/src/auth.rs
@@ -54,8 +54,8 @@ impl Handle {
}
}
-pub async fn check_auth(url: &str, auth: &Handle, required: bool) -> josh::JoshResult<bool> {
- if required && auth.hash.is_empty() {
+pub async fn check_auth(url: &str, pathinfo: &str, auth: &Handle, required: bool) -> josh::JoshResult<bool> {
+ if auth.hash.is_empty() && (required || pathinfo == "/git-receive-pack") {
return Ok(false);
}
diff --git a/josh-proxy/src/bin/josh-proxy.rs b/josh-proxy/src/bin/josh-proxy.rs
index 700f2da..a96da1c 100644
--- a/josh-proxy/src/bin/josh-proxy.rs
+++ b/josh-proxy/src/bin/josh-proxy.rs
@@ -449,7 +449,7 @@ async fn call_service(
]
.join("");
- if !josh_proxy::auth::check_auth(&remote_url, &auth, ARGS.is_present("require-auth"))
+ if !josh_proxy::auth::check_auth(&remote_url, &parsed_url.pathinfo, &auth, ARGS.is_present("require-auth"))
.in_current_span()
.await?
{
--
2.34.1
|
