2020-04-18 23:09:03 -04:00
|
|
|
// Copyright 2020 The Gitea Authors. All rights reserved.
|
2023-09-07 21:40:02 -04:00
|
|
|
// SPDX-License-Identifier: MIT
|
2020-04-18 23:09:03 -04:00
|
|
|
|
|
|
|
package git
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/url"
|
2023-09-07 21:40:02 -04:00
|
|
|
"os"
|
2020-04-18 23:09:03 -04:00
|
|
|
|
2020-09-30 01:11:33 -04:00
|
|
|
"code.gitea.io/tea/modules/utils"
|
|
|
|
|
2020-04-29 22:02:15 -04:00
|
|
|
git_transport "github.com/go-git/go-git/v5/plumbing/transport"
|
|
|
|
gogit_http "github.com/go-git/go-git/v5/plumbing/transport/http"
|
|
|
|
gogit_ssh "github.com/go-git/go-git/v5/plumbing/transport/ssh"
|
2020-04-18 23:09:03 -04:00
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
)
|
|
|
|
|
2020-12-08 06:25:21 -05:00
|
|
|
type pwCallback = func(string) (string, error)
|
2020-12-07 20:21:05 -05:00
|
|
|
|
2020-04-18 23:09:03 -04:00
|
|
|
// GetAuthForURL returns the appropriate AuthMethod to be used in Push() / Pull()
|
|
|
|
// operations depending on the protocol, and prompts the user for credentials if
|
|
|
|
// necessary.
|
2020-12-11 08:42:41 -05:00
|
|
|
func GetAuthForURL(remoteURL *url.URL, authToken, keyFile string, passwordCallback pwCallback) (git_transport.AuthMethod, error) {
|
2020-04-18 23:09:03 -04:00
|
|
|
switch remoteURL.Scheme {
|
2020-12-07 09:14:56 -05:00
|
|
|
case "http", "https":
|
|
|
|
// gitea supports push/pull via app token as username.
|
2020-12-11 08:42:41 -05:00
|
|
|
return &gogit_http.BasicAuth{Password: "", Username: authToken}, nil
|
2020-04-18 23:09:03 -04:00
|
|
|
|
|
|
|
case "ssh":
|
|
|
|
// try to select right key via ssh-agent. if it fails, try to read a key manually
|
2020-12-07 09:14:56 -05:00
|
|
|
user := remoteURL.User.Username()
|
2020-12-11 08:42:41 -05:00
|
|
|
auth, err := gogit_ssh.DefaultAuthBuilder(user)
|
|
|
|
if err != nil {
|
2020-12-08 06:25:21 -05:00
|
|
|
signer, err2 := readSSHPrivKey(keyFile, passwordCallback)
|
|
|
|
if err2 != nil {
|
|
|
|
return nil, err2
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
|
|
|
auth = &gogit_ssh.PublicKeys{User: user, Signer: signer}
|
|
|
|
}
|
2020-12-11 08:42:41 -05:00
|
|
|
return auth, nil
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
2020-12-11 08:42:41 -05:00
|
|
|
return nil, fmt.Errorf("don't know how to handle url scheme %v", remoteURL.Scheme)
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
|
|
|
|
2020-12-07 20:21:05 -05:00
|
|
|
func readSSHPrivKey(keyFile string, passwordCallback pwCallback) (sig ssh.Signer, err error) {
|
2020-04-18 23:09:03 -04:00
|
|
|
if keyFile != "" {
|
2020-09-30 01:11:33 -04:00
|
|
|
keyFile, err = utils.AbsPathWithExpansion(keyFile)
|
2020-04-18 23:09:03 -04:00
|
|
|
} else {
|
2020-09-30 01:11:33 -04:00
|
|
|
keyFile, err = utils.AbsPathWithExpansion("~/.ssh/id_rsa")
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-09-07 21:40:02 -04:00
|
|
|
sshKey, err := os.ReadFile(keyFile)
|
2020-04-18 23:09:03 -04:00
|
|
|
if err != nil {
|
2021-06-29 03:54:43 -04:00
|
|
|
return nil, fmt.Errorf("can not read ssh key '%s'", keyFile)
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
|
|
|
sig, err = ssh.ParsePrivateKey(sshKey)
|
2020-12-11 08:42:41 -05:00
|
|
|
if _, ok := err.(*ssh.PassphraseMissingError); ok && passwordCallback != nil {
|
2020-12-07 20:21:05 -05:00
|
|
|
// allow for up to 3 password attempts
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
var pass string
|
|
|
|
pass, err = passwordCallback(keyFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
sig, err = ssh.ParsePrivateKeyWithPassphrase(sshKey, []byte(pass))
|
|
|
|
if err == nil {
|
|
|
|
break
|
|
|
|
}
|
2020-04-18 23:09:03 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return sig, err
|
|
|
|
}
|