mirrors/forgejo
2
0
Fork 1
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-06-22 10:02:15 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/modules
History
Mathieu Fenniak de5f38c4ea feat: enable auth to raw resources, release downloads, & attachments via authorized integrations (#12776) 
A handful of routes, described in this PR as "mixed routes", are currently accessible by both web-based sessions and authenticated API users.  The goal of this PR is to allow access to these routes for Authorized Integrations as well, bringing them to full API compatibility (to my knowledge) with other authentication methods.  These routes are impacted:
- `/{username}/{repo}/raw/*`
- `/{username}/{repo}/archive/*`
- `/{username}/{repo}/releases/download/{vTag}/{fileName}`
- `/{username}/{repo}/attachments/{uuid}`
- `/attachments/{uuid}`

The major work in this PR was to refactoring the existing authentication methods so that "path based matching" that they were currently doing was no longer required, as I didn't want to introduce that into Authorized Integrations.  All the path based matching is removed in this PR, and authentication methods are enabled entirely by the middleware applied to their endpoints.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12776
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-29 02:11:43 +02:00
..
actions fix: workflow with pull_request trigger and path filter not run when merging (#12739) 2026-05-26 03:45:09 +02:00
activitypub feat: backend DB model for fine-grained repo access tokens 2026-02-27 17:17:29 +01:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs feat: optimization: use fs.ReadFile (#10987) 2026-01-22 16:26:18 +01:00
auth feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
avatar feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
avatarstore feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
base fix: "Follow symlink" to work with arbitrary links (#12246) 2026-04-27 23:54:21 +02:00
cache feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
card chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
charset chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
container chore: add new functions to container.Set 2025-10-14 14:40:49 -06:00
csv Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
emoji chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994) 2025-05-29 17:34:29 +02:00
eventsource ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
forgefed chore(federation): re-enable nilnil lint (#11253) 2026-04-13 22:05:29 +02:00
generate chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
git chore: use io.ReadFull instead of io.ReadAll for DataAsync (#12795) 2026-05-28 23:51:15 +02:00
gitrepo Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.1 (forgejo) (#10053) 2025-11-11 07:04:35 +01:00
graceful ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
hcaptcha chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
highlight fix(ui): show "Shell" instead of "Bash" in headers of shell script files (#12562) 2026-05-14 22:33:51 +02:00
hostmatcher chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
httplib chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
indexer Add code search with zoekt support (#8827) 2026-05-28 20:52:34 +02:00
issue/template chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
json feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
jwtx chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
keying fix: store pull mirror creds encrypted with keying (#11909) 2026-04-04 13:53:22 +02:00
label chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
lfs feat: enable auth to git LFS via authorized integrations (#12725) 2026-05-28 23:20:58 +02:00
log tests: make buffer log writer thread safe (#11962) 2026-04-04 16:29:14 +02:00
markup feat(ui): support Pandoc style code blocks (#12099) 2026-05-12 00:53:09 +02:00
mcaptcha chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
metrics chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
migration feat: show progress of issues and PRs migrations (#12738) 2026-05-28 00:49:07 +02:00
nosql feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
optional chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
options chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
packages feat: support simple JSON API for PyPI package registry (#12095) 2026-04-30 16:58:28 +02:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
private chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
process Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
proxy chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
proxyprotocol ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
public chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
queue feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
recaptcha chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
references fix: pull request cross references (#7979) 2025-05-28 14:50:05 +02:00
regexplru Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
repository feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
secret Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.64.6 (forgejo) (#7118) 2025-03-04 21:38:35 +00:00
session fix: only destroy session if exists 2026-03-19 02:18:52 +01:00
setting Add code search with zoekt support (#8827) 2026-05-28 20:52:34 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh fix: don't clobber authorized_keys file during installation (#10948) 2026-01-23 18:38:09 +01:00
storage chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
structs feat(api): return created time in /org/{org} endpoint (#12633) 2026-05-28 21:25:41 +02:00
svg chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
sync chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
system Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
templates feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
test feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
testimport chore: move all test blank imports in a single package (#10662) 2026-01-02 05:32:32 +01:00
testlogger chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
timeutil Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
translation chore(i18n): May 2026 maintenence (#12718) 2026-05-25 10:59:49 +02:00
turnstile chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
typesniffer feat: detect Interlisp sources as text (#8377) 2025-07-02 07:38:46 +02:00
updatechecker chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user Drop SSPI auth support and more Windows files (#7148) 2025-03-08 00:43:41 +00:00
util chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
validation feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
web feat: enable auth to raw resources, release downloads, & attachments via authorized integrations (#12776) 2026-05-29 02:11:43 +02:00
webhook Actions Failure, Succes, Recover Webhooks (#7508) 2025-06-03 14:29:19 +02:00
zstd Cache generated binary across jobs 2024-08-26 23:43:09 +02:00