Skip to content

Allow anonymous Git LFS access for public repositories #7858

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow anonymous Git LFS access for public repositories #7858

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Allow anonymous Git LFS access for public repositories
  • Loading branch information
kiwec committed Dec 10, 2024
commit 52861bff24bbd0e9f3df84c1e781d8eb6a179844
22 changes: 13 additions & 9 deletions internal/route/lfs/route.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,13 @@ func RegisterRoutes(r *macaron.Router) {
// authenticate tries to authenticate user via HTTP Basic Auth. It first tries to authenticate
// as plain username and password, then use username as access token if previous step failed.
func authenticate(store Store) macaron.Handler {
askCredentials := func(w http.ResponseWriter) {
w.Header().Set("Lfs-Authenticate", `Basic realm="Git LFS"`)
responseJSON(w, http.StatusUnauthorized, responseError{
Message: "Credentials needed",
})
}

return func(c *macaron.Context) {
// dummy user to allow for unauthenticated read requests to public repositories
anonUser := database.User{ID: 0, Name: "Anonymous"}

username, password := authutil.DecodeBasic(c.Req.Header)
if username == "" {
askCredentials(c.Resp)
c.Map(&anonUser)
return
}

Expand Down Expand Up @@ -87,7 +83,7 @@ func authenticate(store Store) macaron.Handler {
user, err = context.AuthenticateByToken(store, c.Req.Context(), password)
if err != nil {
if database.IsErrAccessTokenNotExist(err) {
askCredentials(c.Resp)
c.Map(&anonUser)
} else {
c.Status(http.StatusInternalServerError)
log.Error("Failed to authenticate by access token via password: %v", err)
Expand Down Expand Up @@ -137,6 +133,14 @@ func authorize(store Store, mode database.AccessMode) macaron.Handler {
Private: repo.IsPrivate,
},
) {
if actor.ID == 0 {
c.Resp.Header().Set("Lfs-Authenticate", `Basic realm="Git LFS"`)
responseJSON(c.Resp, http.StatusUnauthorized, responseError{
Message: "Credentials needed",
})
return
}

c.Status(http.StatusNotFound)
return
}
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy