feat: add anon access mgmt

1 files changed, 9 insertions, 4 deletions

diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go
index f7e1728..2aa4ba7 100644
--- a/internal/authz/middleware.go
+++ b/internal/authz/middleware.go
@@ -24,9 +24,9 @@ func Authentication(authMap TokenMap, next http.Handler) http.Handler {
 		slog.Info("access request recv")
 		u, p, ok := req.BasicAuth()
 		if !ok {
-			rw.Header().Set("WWW-Authenticate", `Basic realm="git"`)
-			http.Error(rw, "Authentication Required", http.StatusUnauthorized)
-			return
+			u = "anon"
+			ctx := context.WithValue(req.Context(), AuthzUrnKey, u)
+			next.ServeHTTP(rw, req.WithContext(ctx))
 		}
 		urn := fmt.Sprintf("uid:%s", u)
 		hash, ok := authMap[urn]
@@ -68,10 +68,15 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
 			return
 		}
-		if !ok {
+		if !ok && urn == "anon" {
+			rw.Header().Set("WWW-Authenticate", `Basic realm="git"`)
+			http.Error(rw, "Authentication Required", http.StatusUnauthorized)
+			return
+		} else if !ok {
 			slog.Info("Not Authorized", "urn", urn, "repo", repo)
 			http.Error(rw, "Access denied", http.StatusForbidden)
 			return
+
 		}
 		slog.Debug("Access Attempt", "action", action, "repo", repo)
 		next.ServeHTTP(rw, req.WithContext(ctx))