]> Cypherpunks.ru repositories - gocheese.git/blobdiff - upload.go
projects / gocheese.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More convenient trusted-host
[gocheese.git] / upload.go
diff --git a/upload.go b/upload.go
index ff7ad7415543ea6d0a0768e72631726bd4430920..7e5ed2a6c5f7a9a5b55eb102c01f83ebadc63413 100644 (file)
--- a/upload.go
+++ b/upload.go
@@ -1,20 +1,18 @@
-/*
-GoCheese -- Python private package repository and caching proxy
-Copyright (C) 2019-2023 Sergey Matveev <stargrave@stargrave.org>
-              2019-2023 Elena Balakhonova <balakhonova_e@riseup.net>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// GoCheese -- Python private package repository and caching proxy
+// Copyright (C) 2019-2024 Sergey Matveev <stargrave@stargrave.org>
+//               2019-2024 Elena Balakhonova <balakhonova_e@riseup.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package main
 
@@ -38,19 +36,15 @@ import (
 var NormalizationRe = regexp.MustCompilePOSIX("[-_.]+")
 
 func serveUpload(w http.ResponseWriter, r *http.Request) {
-       // Authentication
-       username, password, ok := r.BasicAuth()
-       if !ok {
-               log.Println(r.RemoteAddr, "unauthenticated", username)
-               http.Error(w, "unauthenticated", http.StatusUnauthorized)
+       user := r.Context().Value(CtxUserKey).(*User)
+       if user == nil {
+               log.Println(r.RemoteAddr, "unauthorised")
+               http.Error(w, "unauthorised", http.StatusUnauthorized)
                return
        }
-       PasswordsM.RLock()
-       auther, ok := Passwords[username]
-       PasswordsM.RUnlock()
-       if !ok || !auther.Auth(password) {
-               log.Println(r.RemoteAddr, "unauthenticated", username)
-               http.Error(w, "unauthenticated", http.StatusUnauthorized)
+       if user.ro {
+               log.Println(r.RemoteAddr, "ro user", user.name)
+               http.Error(w, "unauthorised", http.StatusUnauthorized)
                return
        }
 
@@ -95,7 +89,7 @@ func serveUpload(w http.ResponseWriter, r *http.Request) {
 
        for _, file := range r.MultipartForm.File["content"] {
                filename := file.Filename
-               log.Println(r.RemoteAddr, "put", filename, "by", username)
+               log.Println(r.RemoteAddr, "put", filename, "by", user.name)
                path := filepath.Join(dirPath, filename)
                if _, err = os.Stat(path); err == nil {
                        log.Println(r.RemoteAddr, filename, "already exists")
Python private package repository and caching proxy