Add gitea auth

README.md

@@ -15,6 +15,7 @@ Supported authentication methods:
  * Google Sign-In (incl. Google for Work / GApps for domain) (documented [here](https://github.com/cesanta/docker_auth/blob/main/examples/reference.yml))
  * [Github Sign-In](docs/auth-methods.md#github)
  * Gitlab Sign-In
+ * Gitea basic auth
  * LDAP bind ([demo](https://github.com/kwk/docker-registry-setup))
  * MongoDB user collection
  * MySQL/MariaDB, PostgreSQL, SQLite database table

auth_server/Dockerfile

@@ -12,6 +12,7 @@ COPY . /build
 WORKDIR /build
 RUN make build
 
+
 FROM alpine:3.17
 COPY --from=build /build/auth_server /docker_auth/
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

auth_server/authn/gitea_auth.go

@@ -0,0 +1,102 @@
+/*
+   Copyright 2022 Cesanta Software Ltd.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package authn
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/cesanta/docker_auth/auth_server/api"
+)
+
+type GiteaAuthConfig struct {
+	HTTPTimeout     time.Duration `yaml:"http_timeout,omitempty"`
+	RevalidateAfter time.Duration `yaml:"revalidate_after,omitempty"`
+	ApiUri          string        `yaml:"api_uri,omitempty"`
+}
+
+type GiteaAuth struct {
+	config *GiteaAuthConfig
+	client *http.Client
+}
+
+type GiteaOrg struct {
+	Username string `json:"username"`
+}
+
+func NewGiteaAuth(c *GiteaAuthConfig) (*GiteaAuth, error) {
+	return &GiteaAuth{
+		config: c,
+		client: &http.Client{Timeout: 10 * time.Second},
+	}, nil
+}
+
+// func (gha *GiteaAuth) authUser(user string, password PasswordString) (err error, l Labels) {
+func (gha *GiteaAuth) Authenticate(user string, password api.PasswordString) (bool, api.Labels, error) {
+	url := fmt.Sprintf("%s/v1/user/orgs", gha.config.ApiUri)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		err = fmt.Errorf("unable to auth: %s", err)
+		return false, nil, err
+	}
+	req.SetBasicAuth(user, string(password))
+	resp, err := gha.client.Do(req)
+
+	if err != nil {
+		return false, nil, err
+	}
+
+	if resp.StatusCode == 401 {
+		return false, nil, nil
+	} else if resp.StatusCode != 200 {
+		err = fmt.Errorf("wrong error code %d", resp.StatusCode)
+		return false, nil, err
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		err = fmt.Errorf("unable to read body %s: %s", body, err)
+		return false, nil, err
+	}
+	resp.Body.Close()
+
+	orgs := make([]GiteaOrg, 0)
+	err = json.Unmarshal(body, &orgs)
+
+	if err != nil {
+		err = fmt.Errorf("could not unmarshal token user info %s: %s", body, err)
+		return false, nil, err
+	}
+
+	labels := api.Labels{"project": []string{}}
+
+	for _, org := range orgs {
+		labels["project"] = append(labels["project"], org.Username)
+	}
+
+	return true, labels, nil
+}
+
+func (gha *GiteaAuth) Stop() {
+}
+
+func (gha *GiteaAuth) Name() string {
+	return "Gitea"
+}

auth_server/go.mod

@@ -3,53 +3,45 @@ module github.com/cesanta/docker_auth/auth_server
 go 1.16
 
 require (
-	cloud.google.com/go/compute v1.10.0 // indirect
-	cloud.google.com/go/iam v0.5.0 // indirect
-	cloud.google.com/go/storage v1.27.0
-	github.com/PuerkitoBio/goquery v1.5.1 // indirect
-	github.com/casbin/casbin/v2 v2.55.1
+	cloud.google.com/go/compute v1.13.0 // indirect
+	cloud.google.com/go/iam v0.7.0 // indirect
+	cloud.google.com/go/storage v1.28.1
+	github.com/casbin/casbin/v2 v2.58.0
 	github.com/cesanta/glog v0.0.0-20150527111657-22eb27a0ae19
+	github.com/cooldrip/cstrftime v0.0.0-20180425110708-e16e2f942e1e // indirect
 	github.com/coreos/go-oidc/v3 v3.4.0
-	github.com/dchest/uniuri v0.0.0-20220929095258-3027df40b6ce
+	github.com/dchest/uniuri v1.2.0
 	github.com/deckarep/golang-set v1.8.0
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
+	github.com/go-git/go-git/v5 v5.5.0 // indirect
 	github.com/go-ldap/ldap v3.0.3+incompatible
 	github.com/go-redis/redis v6.15.9+incompatible
-	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-stack/stack v1.8.1 // indirect
-	github.com/gobuffalo/genny v0.1.1 // indirect
-	github.com/gobuffalo/gogen v0.1.1 // indirect
-	github.com/goccy/go-json v0.9.11 // indirect
+	github.com/go-sql-driver/mysql v1.7.0
+	github.com/goccy/go-json v0.10.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/jstemmer/go-junit-report v1.0.0 // indirect
-	github.com/karrick/godirwalk v1.10.3 // indirect
-	github.com/klauspost/compress v1.15.11 // indirect
+	github.com/klauspost/compress v1.15.12 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/lib/pq v1.10.7
-	github.com/magefile/mage v1.14.0 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible
 	github.com/montanaflynn/stats v0.6.6 // indirect
-	github.com/pelletier/go-toml v1.7.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/schwarmco/go-cartesian-product v0.0.0-20180515110546-d5ee747a6dc9
 	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/stretchr/testify v1.7.0 // indirect
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
-	go.mongodb.org/mongo-driver v1.10.2
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
-	golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b
-	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
-	golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 // indirect
-	golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	go.mongodb.org/mongo-driver v1.11.0
+	golang.org/x/crypto v0.3.0
+	golang.org/x/net v0.2.0
+	golang.org/x/oauth2 v0.2.0
+	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.98.0
-	google.golang.org/genproto v0.0.0-20220930163606-c98284e70a91 // indirect
+	google.golang.org/api v0.103.0
+	google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/fsnotify.v1 v1.4.7