API calls authorized with HTTP header

pboguslawski · pboguslawski · commit dc952c063206 · 2021-03-18T15:37:22.000+01:00
This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {
 			return
 		}
 		if ctx.IsSigned {
+			// Don't require token if already authenticated by reverse proxy.
+			if setting.Service.EnableReverseProxyAuth {
+				return
+			}
 			ctx.RequireCSRF()
 			return
 		}

Original file line number	Diff line number	Diff line change
`@@ -197,6 +197,10 @@ func reqToken() func(ctx *context.APIContext) {`
`197`	`197`	`return`
`198`	`198`	`}`
`199`	`199`	`if ctx.IsSigned {`
	`200`	`+ // Don't require token if already authenticated by reverse proxy.`
	`201`	`+ if setting.Service.EnableReverseProxyAuth {`
	`202`	`+ return`
	`203`	`+ }`
`200`	`204`	`ctx.RequireCSRF()`
`201`	`205`	`return`
`202`	`206`	`}`