feat: Allow reading an access token

2024-02-04 13:26:48 +01:00 · 2024-02-04 13:26:48 +01:00 · 48b6585eba
commit 48b6585eba
parent 3747f02ed8
3 changed files with 44 additions and 3 deletions
--- a/cmd/rio/main.go
+++ b/cmd/rio/main.go
@ -147,6 +147,7 @@ func runServer(ctx *cli.Context) error {
 	defaultCsp := ctx.String("default-csp")
 	lokiUrl := ctx.String("loki-url")
 	metricsBotList := ctx.String("metrics-bot-list")
+	tokenFile := ctx.String("token-file")

 	// Init Logging
 	if ctx.Bool("debug") {
@ -177,18 +178,28 @@ func runServer(ctx *cli.Context) error {
 		}
 	}

+	// If specified, read in an access token
+	token := ""
+	if tokenFile != "" {
+		t, err := readSecret(tokenFile)
+		if err != nil {
+			log.Warnf("Failed to read secret: %v", err)
+		}
+		token = t
+	}
+
 	// Setup the Gitea stuff
 	httpClient := http.Client{Timeout: 10 * time.Second}
 	giteaApiClient, err := gitea.NewClient(
 		giteaUrl,
 		gitea.SetHTTPClient(&httpClient),
-		gitea.SetToken(""),
+		gitea.SetToken(token),
 		gitea.SetUserAgent("rio"),
 	)
 	if err != nil {
 		return err
 	}
-	giteaClient := riogitea.NewGiteaClient(giteaUrl, giteaApiClient)
+	giteaClient := riogitea.NewGiteaClient(giteaUrl, token, giteaApiClient)

 	// Listen on the port
 	addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
@ -414,6 +425,12 @@ func main() {
 				Value:   "",
 				EnvVars: []string{"METRICS_BOT_LIST"},
 			},
+			&cli.StringFlag{
+				Name:    "token-file",
+				Usage:   "File containing a access token. Required for serving private repositories",
+				Value:   "",
+				EnvVars: []string{"TOKEN_FILE"},
+			},
 		},
 	}

--- a/cmd/rio/utils.go
+++ b/cmd/rio/utils.go
@ -0,0 +1,16 @@
+package main
+
+import (
+	"os"
+	"strings"
+)
+
+// Read a secret file and return its (cleaned) content.
+func readSecret(path string) (string, error) {
+	content, err := os.ReadFile(path)
+	if err != nil {
+		return "", err
+	}
+
+	return strings.Trim(string(content), "\n\r "), nil
+}
--- a/internal/gitea/client.go
+++ b/internal/gitea/client.go
@ -38,6 +38,8 @@ type Repository struct {
 }

 type GiteaClient struct {
+	Token string
+
 	GetRepository GetRepositoryMethod
 	HasBranch     HasBranchMethod
 	HasUser       HasUserMethod
@ -46,8 +48,9 @@ type GiteaClient struct {
 	LookupRepoTXT LookupRepoTXTMethod
 }

-func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
+func NewGiteaClient(giteaUrl string, token string, giteaClient *gitea.Client) GiteaClient {
 	return GiteaClient{
+		Token: token,
 		GetRepository: func(username, repositoryName string) (Repository, error) {
 			repo, _, err := giteaClient.GetRepo(username, repositoryName)
 			if err != nil {
@ -91,6 +94,11 @@ func NewGiteaClient(giteaUrl string, giteaClient *gitea.Client) GiteaClient {
 			if since != nil {
 				sinceFormat := since.Format(time.RFC1123)
 				req.Header.Add("If-Modified-Since", sinceFormat)
+
+				// Add authentication, if we have a token
+				if token != "" {
+					req.Header.Add("Authorization", "token "+token)
+				}
 			}
 			resp, err := client.Do(req)
 			if err != nil {