modules/lfstransfer: call private LFS API

ConcurrentCrab · ConcurrentCrab · commit 1e8502fb99e1 · 2024-09-26T23:20:09.000+05:30
diff --git a/modules/lfstransfer/backend/backend.go b/modules/lfstransfer/backend/backend.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/base64"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -36,6 +37,7 @@ type GiteaBackend struct {
 	server *url.URL
 	op     string
 	token  string
+	itoken string
 	logger transfer.Logger
 }
 
@@ -45,8 +47,8 @@ func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (t
 	if err != nil {
 		return nil, err
 	}
-	server = server.JoinPath(repo, "info/lfs")
-	return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, logger: logger}, nil
+	server = server.JoinPath("api/internal/repo", repo, "info/lfs")
+	return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, itoken: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil
 }
 
 // Batch implements transfer.Backend
@@ -71,7 +73,8 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans
 	}
 	url := g.server.JoinPath("objects/batch").String()
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeGitLFS,
 		headerContentType:   mimeGitLFS,
 	}
@@ -180,7 +183,8 @@ func (g *GiteaBackend) Download(oid string, args transfer.Args) (io.ReadCloser,
 	}
 	url := action.Href
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeOctetStream,
 	}
 	req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)
@@ -225,7 +229,8 @@ func (g *GiteaBackend) Upload(oid string, size int64, r io.Reader, args transfer
 	}
 	url := action.Href
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerContentType:   mimeOctetStream,
 		headerContentLength: strconv.FormatInt(size, 10),
 	}
@@ -274,7 +279,8 @@ func (g *GiteaBackend) Verify(oid string, size int64, args transfer.Args) (trans
 	}
 	url := action.Href
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeGitLFS,
 		headerContentType:   mimeGitLFS,
 	}
diff --git a/modules/lfstransfer/backend/lock.go b/modules/lfstransfer/backend/lock.go
@@ -25,12 +25,13 @@ type giteaLockBackend struct {
 	g      *GiteaBackend
 	server *url.URL
 	token  string
+	itoken string
 	logger transfer.Logger
 }
 
 func newGiteaLockBackend(g *GiteaBackend) transfer.LockBackend {
 	server := g.server.JoinPath("locks")
-	return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, logger: g.logger}
+	return &giteaLockBackend{ctx: g.ctx, g: g, server: server, token: g.token, itoken: g.itoken, logger: g.logger}
 }
 
 // Create implements transfer.LockBackend
@@ -44,7 +45,8 @@ func (g *giteaLockBackend) Create(path, refname string) (transfer.Lock, error) {
 	}
 	url := g.server.String()
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeGitLFS,
 		headerContentType:   mimeGitLFS,
 	}
@@ -95,7 +97,8 @@ func (g *giteaLockBackend) Unlock(lock transfer.Lock) error {
 	}
 	url := g.server.JoinPath(lock.ID(), "unlock").String()
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeGitLFS,
 		headerContentType:   mimeGitLFS,
 	}
@@ -177,7 +180,8 @@ func (g *giteaLockBackend) queryLocks(v url.Values) ([]transfer.Lock, string, er
 	urlq.RawQuery = v.Encode()
 	url := urlq.String()
 	headers := map[string]string{
-		headerAuthorisation: g.token,
+		headerAuthorisation: g.itoken,
+		headerAuthX:         g.token,
 		headerAccept:        mimeGitLFS,
 		headerContentType:   mimeGitLFS,
 	}
diff --git a/modules/lfstransfer/backend/util.go b/modules/lfstransfer/backend/util.go
@@ -22,6 +22,7 @@ import (
 const (
 	headerAccept        = "Accept"
 	headerAuthorisation = "Authorization"
+	headerAuthX         = "X-Auth"
 	headerContentType   = "Content-Type"
 	headerContentLength = "Content-Length"
 )
diff --git a/routers/private/internal.go b/routers/private/internal.go
@@ -48,6 +48,14 @@ func bind[T any](_ T) any {
 	}
 }
 
+// SwapAuthToken swaps Authorization header with X-Auth header
+func swapAuthToken(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		req.Header.Set("Authorization", req.Header.Get("X-Auth"))
+		next.ServeHTTP(w, req)
+	})
+}
+
 // Routes registers all internal APIs routes to web application.
 // These APIs will be invoked by internal commands for example `gitea serv` and etc.
 func Routes() *web.Router {
@@ -98,7 +106,7 @@ func Routes() *web.Router {
 			r.Any("/*", func(ctx *context.Context) {
 				ctx.NotFound("", nil)
 			})
-		})
+		}, swapAuthToken)
 	}, common.Sessioner(), context.Contexter())
 	// end "/repo/{username}/{reponame}": git (LFS) API mirror
 

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`	`"bytes"`
`8`	`8`	`"context"`
`9`	`9`	`"encoding/base64"`
	`10`	`+ "fmt"`
`10`	`11`	`"io"`
`11`	`12`	`"net/http"`
`12`	`13`	`"net/url"`
`@@ -36,6 +37,7 @@ type GiteaBackend struct {`
`36`	`37`	`server *url.URL`
`37`	`38`	`op string`
`38`	`39`	`token string`
	`40`	`+ itoken string`
`39`	`41`	`logger transfer.Logger`
`40`	`42`	`}`
`41`	`43`
`@@ -45,8 +47,8 @@ func New(ctx context.Context, repo, op, token string, logger transfer.Logger) (t`
`45`	`47`	`if err != nil {`
`46`	`48`	`return nil, err`
`47`	`49`	`}`
`48`		`- server = server.JoinPath(repo, "info/lfs")`
`49`		`- return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, logger: logger}, nil`
	`50`	`+ server = server.JoinPath("api/internal/repo", repo, "info/lfs")`
	`51`	`+ return &GiteaBackend{ctx: ctx, server: server, op: op, token: token, itoken: fmt.Sprintf("Bearer %s", setting.InternalToken), logger: logger}, nil`
`50`	`52`	`}`
`51`	`53`
`52`	`54`	`// Batch implements transfer.Backend`
`@@ -71,7 +73,8 @@ func (g *GiteaBackend) Batch(_ string, pointers []transfer.BatchItem, args trans`
`71`	`73`	`}`
`72`	`74`	`url := g.server.JoinPath("objects/batch").String()`
`73`	`75`	`headers := map[string]string{`
`74`		`- headerAuthorisation: g.token,`
	`76`	`+ headerAuthorisation: g.itoken,`
	`77`	`+ headerAuthX: g.token,`
`75`	`78`	`headerAccept: mimeGitLFS,`
`76`	`79`	`headerContentType: mimeGitLFS,`
`77`	`80`	`}`
`@@ -180,7 +183,8 @@ func (g *GiteaBackend) Download(oid string, args transfer.Args) (io.ReadCloser,`
`180`	`183`	`}`
`181`	`184`	`url := action.Href`
`182`	`185`	`headers := map[string]string{`
`183`		`- headerAuthorisation: g.token,`
	`186`	`+ headerAuthorisation: g.itoken,`
	`187`	`+ headerAuthX: g.token,`
`184`	`188`	`headerAccept: mimeOctetStream,`
`185`	`189`	`}`
`186`	`190`	`req := newInternalRequest(g.ctx, url, http.MethodGet, headers, nil)`
`@@ -225,7 +229,8 @@ func (g *GiteaBackend) Upload(oid string, size int64, r io.Reader, args transfer`
`225`	`229`	`}`
`226`	`230`	`url := action.Href`
`227`	`231`	`headers := map[string]string{`
`228`		`- headerAuthorisation: g.token,`
	`232`	`+ headerAuthorisation: g.itoken,`
	`233`	`+ headerAuthX: g.token,`
`229`	`234`	`headerContentType: mimeOctetStream,`
`230`	`235`	`headerContentLength: strconv.FormatInt(size, 10),`
`231`	`236`	`}`
`@@ -274,7 +279,8 @@ func (g *GiteaBackend) Verify(oid string, size int64, args transfer.Args) (trans`
`274`	`279`	`}`
`275`	`280`	`url := action.Href`
`276`	`281`	`headers := map[string]string{`
`277`		`- headerAuthorisation: g.token,`
	`282`	`+ headerAuthorisation: g.itoken,`
	`283`	`+ headerAuthX: g.token,`
`278`	`284`	`headerAccept: mimeGitLFS,`
`279`	`285`	`headerContentType: mimeGitLFS,`
`280`	`286`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ import (`
`22`	`22`	`const (`
`23`	`23`	`headerAccept = "Accept"`
`24`	`24`	`headerAuthorisation = "Authorization"`
	`25`	`+ headerAuthX = "X-Auth"`
`25`	`26`	`headerContentType = "Content-Type"`
`26`	`27`	`headerContentLength = "Content-Length"`
`27`	`28`	`)`