Skip to content

Commit

Permalink
GH-294 Provide normalized URI to authenticate hidden repositories in …
Browse files Browse the repository at this point in the history 
…the lookup API endpoint (Fix #294)
  • Loading branch information
@dzikoysk
dzikoysk committed Oct 30, 2020
1 parent 8087bfc commit a19b5c2
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 8 deletions.
6 changes: 3 additions & 3 deletions ...ilite-backend/src/main/java/org/panda_lang/reposilite/repository/LookupApiController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,13 @@ public Context handleContext(Context ctx) {
ReposiliteContext context = contextFactory.create(ctx);
Reposilite.getLogger().info("API " + context.uri() + " from " + context.address());

String uri = ReposiliteUtils.normalizeUri(rewritePathsEnabled, repositoryService, StringUtils.replaceFirst(ctx.req.getRequestURI(), "/api", ""));
String uri = ReposiliteUtils.normalizeUri(rewritePathsEnabled, repositoryService, StringUtils.replaceFirst(context.uri(), "/api", ""));

if (StringUtils.isEmpty(uri) || "/".equals(uri)) {
return ctx.json(lookupService.findAvailableRepositories(ctx.headerMap()));
return ctx.json(lookupService.findAvailableRepositories(context.headers()));
}

Result<Pair<String[], Repository>, ErrorDto> result = repositoryAuthenticator.authRepository(ctx.headerMap(), ctx.req.getRequestURI(), uri);
Result<Pair<String[], Repository>, ErrorDto> result = repositoryAuthenticator.authRepository(context.headers(), uri);

if (result.containsError()) {
return ResponseUtils.errorResponse(ctx, result.getError().getStatus(), result.getError().getMessage());
Expand Down
6 changes: 3 additions & 3 deletions ...e-backend/src/main/java/org/panda_lang/reposilite/repository/RepositoryAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,10 @@ public RepositoryAuthenticator(boolean rewritePathsEnabled, Authenticator authen
}

public Result<Pair<String[], Repository>, ErrorDto> authDefaultRepository(Map<String, String> headers, String uri) {
return authRepository(headers, uri, ReposiliteUtils.normalizeUri(rewritePathsEnabled, repositoryService, uri));
return authRepository(headers, ReposiliteUtils.normalizeUri(rewritePathsEnabled, repositoryService, uri));
}

public Result<Pair<String[], Repository>, ErrorDto> authRepository(Map<String, String> headers, String uri, String normalizedUri) {
public Result<Pair<String[], Repository>, ErrorDto> authRepository(Map<String, String> headers, String normalizedUri) {
String[] path = StringUtils.split(normalizedUri, "/");
String repositoryName = path[0];

Expand All @@ -60,7 +60,7 @@ public Result<Pair<String[], Repository>, ErrorDto> authRepository(Map<String, S

// auth hidden repositories
if (repository.isHidden()) {
Result<Session, String> authResult = authenticator.authByUri(headers, uri);
Result<Session, String> authResult = authenticator.authByUri(headers, normalizedUri);

if (authResult.containsError()) {
return ResponseUtils.error(HttpStatus.SC_UNAUTHORIZED, "Unauthorized request");
Expand Down
2 changes: 1 addition & 1 deletion ...d/src/test/groovy/org/panda_lang/reposilite/repository/RepositoryAuthenticatorTest.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ class RepositoryAuthenticatorTest extends AuthenticatorSpecification {

@Test
void 'should not auth invalid repository uri' () {
assertEquals "Unsupported request", REPOSITORY_AUTHENTICATOR.authRepository([:], '', '').getError().getMessage()
assertEquals "Unsupported request", REPOSITORY_AUTHENTICATOR.authRepository([:], '').getError().getMessage()
}

}
4 changes: 4 additions & 0 deletions reposilite-backend/src/test/workspace/access.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,9 @@ path: /releases/auth/test
alias: authtest
token: GPrV9j2xkh9i6PLvXuz7Of_ofmnxVJjn7GRBuTAQfCfhVlKzAEhzc6wjmcC8CGML
path: /private
alias: private
token: 6U8GaizE0udSuk9ADVhcUXBUPNqZg46L55JN9XYdtwC21cNMubP8x9ez+/I8Q/Bn
SSL password: reposilite
```
8 changes: 7 additions & 1 deletion reposilite-backend/src/test/workspace/tokens.dat
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
!!org.panda_lang.reposilite.auth.TokensCollection
!!org.panda_lang.reposilite.auth.TokenCollection
"tokens":
- "alias": "private"
"path": "/private"
"permissions": "w"
"token": "$2a$10$emGPCUwsR650EJYNrjy/tucpi2rA0O2oYTT87OYQU9bSodGlNrI.q"
- "alias": "authtest"
"path": "/releases/auth/test"
"permissions": "w"
"token": "$2a$10$gQ9/kwYOl9T1zgGlfFPyMuFdb2fd5of7nhDK4TS26A7yYZiVfiuSi"
- "alias": "admin"
"path": "/"
"permissions": "w"
"token": "$2a$10$Rb2m1vYj7CIW9ve.twvabOMtSp3vnkrsqd08F2Edi3.kGnqjTcWmy"

0 comments on commit a19b5c2

Please sign in to comment.