From 100c673c3a95827698758139f887a3e744231c42 Mon Sep 17 00:00:00 2001 From: Max Resnick Date: Wed, 21 Aug 2024 22:30:42 -0700 Subject: feat: add anon access mgmt --- internal/authz/middleware.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'internal/authz/middleware.go') diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go index f7e1728..2aa4ba7 100644 --- a/internal/authz/middleware.go +++ b/internal/authz/middleware.go @@ -24,9 +24,9 @@ func Authentication(authMap TokenMap, next http.Handler) http.Handler { slog.Info("access request recv") u, p, ok := req.BasicAuth() if !ok { - rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) - http.Error(rw, "Authentication Required", http.StatusUnauthorized) - return + u = "anon" + ctx := context.WithValue(req.Context(), AuthzUrnKey, u) + next.ServeHTTP(rw, req.WithContext(ctx)) } urn := fmt.Sprintf("uid:%s", u) hash, ok := authMap[urn] @@ -68,10 +68,15 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { http.Error(rw, "Bad Request", http.StatusBadRequest) return } - if !ok { + if !ok && urn == "anon" { + rw.Header().Set("WWW-Authenticate", `Basic realm="git"`) + http.Error(rw, "Authentication Required", http.StatusUnauthorized) + return + } else if !ok { slog.Info("Not Authorized", "urn", urn, "repo", repo) http.Error(rw, "Access denied", http.StatusForbidden) return + } slog.Debug("Access Attempt", "action", action, "repo", repo) next.ServeHTTP(rw, req.WithContext(ctx)) -- cgit v1.2.3