From ddfa41dadc32b6c3ab9fd94621d650a02a6890c5 Mon Sep 17 00:00:00 2001 From: miyuko Date: Sat, 23 May 2026 02:27:50 +0100 Subject: [PATCH] Allow forge auth for any repo in the forge user's namespace. --- src/auth.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/auth.go b/src/auth.go index 746631c..cbd6ef7 100644 --- a/src/auth.go +++ b/src/auth.go @@ -9,6 +9,7 @@ import ( "net" "net/http" "net/url" + "path" "slices" "strings" "time" @@ -698,12 +699,22 @@ func authorizeGogsUser(repoURL string, forgeToken string) (*Authorization, error panic(err) } - if err = checkGogsRepositoryPushPermission(parsedRepoURL, forgeToken); err != nil { + authorizedUser, err := fetchGogsAuthorizedUser(parsedRepoURL, forgeToken) + if err != nil { return nil, err } - authorizedUser, err := fetchGogsAuthorizedUser(parsedRepoURL, forgeToken) - if err != nil { + ownerAndRepo := strings.TrimPrefix(path.Clean(parsedRepoURL.Path), "/") + owner, _, found := strings.Cut(ownerAndRepo, "/") + if found && owner == authorizedUser.GetHandle() { + // The authorized user owns any repository in their namespace. + return &Authorization{ + repoURLs: []string{repoURL}, + forgeUser: authorizedUser, + }, nil + } + + if err = checkGogsRepositoryPushPermission(parsedRepoURL, forgeToken); err != nil { return nil, err }