diff options
Diffstat (limited to 'internal/authz/middleware.go')
| -rw-r--r-- | internal/authz/middleware.go | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go index f7e1728..2aa4ba7 100644 --- a/internal/authz/middleware.go +++ b/internal/authz/middleware.go @@ -24,9 +24,9 @@ func Authentication(authMap TokenMap, next http.Handler) http.Handler { slog.Info("access request recv") u, p, ok := req.BasicAuth() if !ok { - rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) - http.Error(rw, "Authentication Required", http.StatusUnauthorized) - return + u = "anon" + ctx := context.WithValue(req.Context(), AuthzUrnKey, u) + next.ServeHTTP(rw, req.WithContext(ctx)) } urn := fmt.Sprintf("uid:%s", u) hash, ok := authMap[urn] @@ -68,10 +68,15 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { http.Error(rw, "Bad Request", http.StatusBadRequest) return } - if !ok { + if !ok && urn == "anon" { + rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) + http.Error(rw, "Authentication Required", http.StatusUnauthorized) + return + } else if !ok { slog.Info("Not Authorized", "urn", urn, "repo", repo) http.Error(rw, "Access denied", http.StatusForbidden) return + } slog.Debug("Access Attempt", "action", action, "repo", repo) next.ServeHTTP(rw, req.WithContext(ctx)) |