From dd136858f1ea40ad3c94191d647487fa4f31926c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel@debian.org>
Date: Fri, 18 Oct 2024 20:33:49 +0200
Subject: Adding upstream version 9.0.0.

Signed-off-by: Daniel Baumann <daniel@debian.org>
---
 routers/api/packages/container/auth.go | 49 ++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 routers/api/packages/container/auth.go

(limited to 'routers/api/packages/container/auth.go')

diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
new file mode 100644
index 0000000..a8b3ec1
--- /dev/null
+++ b/routers/api/packages/container/auth.go
@@ -0,0 +1,49 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package container
+
+import (
+	"net/http"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/services/auth"
+	"code.gitea.io/gitea/services/packages"
+)
+
+var _ auth.Method = &Auth{}
+
+type Auth struct{}
+
+func (a *Auth) Name() string {
+	return "container"
+}
+
+// Verify extracts the user from the Bearer token
+// If it's an anonymous session a ghost user is returned
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
+	uid, scope, err := packages.ParseAuthorizationToken(req)
+	if err != nil {
+		log.Trace("ParseAuthorizationToken: %v", err)
+		return nil, err
+	}
+
+	if uid == 0 {
+		return nil, nil
+	}
+
+	// Propagate scope of the authorization token.
+	if scope != "" {
+		store.GetData()["IsApiToken"] = true
+		store.GetData()["ApiTokenScope"] = scope
+	}
+
+	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
+	if err != nil {
+		log.Error("GetPossibleUserByID:  %v", err)
+		return nil, err
+	}
+
+	return u, nil
+}
-- 
cgit v1.2.3