mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-24 19:12:24 +00:00 
			
		
		
		
	Partly fixes https://github.com/go-gitea/gitea/issues/23642 Error info:  ActionsUser (userID -2) is used to login in to docker in action jobs. Due to we have no permission policy settings of ActionsUser now, ActionsUser can only access public registry by this quick fix.
		
			
				
	
	
		
			41 lines
		
	
	
	
		
			951 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
	
		
			951 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2022 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package container
 | |
| 
 | |
| import (
 | |
| 	"net/http"
 | |
| 
 | |
| 	user_model "code.gitea.io/gitea/models/user"
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| 	"code.gitea.io/gitea/services/auth"
 | |
| 	"code.gitea.io/gitea/services/packages"
 | |
| )
 | |
| 
 | |
| type Auth struct{}
 | |
| 
 | |
| func (a *Auth) Name() string {
 | |
| 	return "container"
 | |
| }
 | |
| 
 | |
| // Verify extracts the user from the Bearer token
 | |
| // If it's an anonymous session a ghost user is returned
 | |
| func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
 | |
| 	uid, err := packages.ParseAuthorizationToken(req)
 | |
| 	if err != nil {
 | |
| 		log.Trace("ParseAuthorizationToken: %v", err)
 | |
| 		return nil, err
 | |
| 	}
 | |
| 
 | |
| 	if uid == 0 {
 | |
| 		return nil, nil
 | |
| 	}
 | |
| 
 | |
| 	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
 | |
| 	if err != nil {
 | |
| 		log.Error("GetPossibleUserByID:  %v", err)
 | |
| 		return nil, err
 | |
| 	}
 | |
| 
 | |
| 	return u, nil
 | |
| }
 |