mirrors/git-pages
1
0
Fork 0
mirror of https://codeberg.org/git-pages/git-pages.git synced 2026-05-14 11:11:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow supplying Authorization: via query parameter.

Browse Source 
There is no other way to authorize GitHub and Gogs webhook payloads.
This commit is contained in:
Catherine
2025-09-15 16:25:33 +00:00
parent 194302f4cf
commit 03d6c55855
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -57,7 +57,7 @@ DNS is used for authorization of content updates.
- If a `[wildcard]` configuration section is specified, and if the suffix of a hostname in a `POST` request is equal to `[wildcard].domain`, then the request is authorized when and only when the repository URL in the event body matches the repository URL computed from the configuration file. Otherwise the next rule is used.
- If a `PUT` or `POST` request is received at `<hostname>` with an `Authorization: Pages <token>` header, then the request is authorized when any of the the TXT records at `_git-pages-challenge.<hostname>` are equal to `SHA256("<hostname> <token>")`.
- If a `PUT` or `POST` request is received at `<hostname>` with an `Authorization: Pages <token>` header (or, in absence of such, with an `?Authorization=Pages+<token>` query parameter), then the request is authorized when any of the the TXT records at `_git-pages-challenge.<hostname>` are equal to `SHA256("<hostname> <token>")`.
Architecture

7
src/pages.go
View File

@@ -174,6 +174,13 @@ func postPage(w http.ResponseWriter, r *http.Request) error {
}
allowRepoURL = fmt.Sprintf(config.Wildcard.CloneURL, userName, repoName)
} else {
// GitHub and Gogs cannot supply an `Authorization:` header.
if r.Header.Get("Authorization") == "" {
if value := r.URL.Query().Get("Authorization"); value != "" {
r.Header.Set("Authorization", value)
}
}
if err := Authorize(w, r); err != nil {
return err
}