security sections are fully functional

2026-05-07 15:06:45 +02:00
parent 5e60b814ed
commit 53aa5cbbf5
20 changed files with 946 additions and 41 deletions
@@ -33,7 +33,7 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, staticFi
 	}))

 	csrf := middleware.CSRF(!cfg.Debug)
-	auth := middleware.NewAuth(store)
+	auth      := middleware.NewAuth(store, engine, handlers.LookupAccessToken)

 	repoH    := handlers.NewRepoHandler(engine, cfg)
 	userH    := handlers.NewUserHandler(engine, store)
@@ -44,6 +44,8 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, staticFi
 	issueH   := handlers.NewIssueHandler(engine)
 	sshKeyH  := handlers.NewSSHKeyHandler(engine)
 	memberH  := handlers.NewMemberHandler(engine)
+	keyH     := handlers.NewDeployKeyHandler(engine)
+	tokenH   := handlers.NewAccessTokenHandler(engine)

 	// ── Git smart-HTTP transport ───────────────────────────────────────────────
 	// These routes MUST be registered before the SPA catch-all and outside CSRF.
@@ -141,6 +143,16 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, staticFi
 						r.With(csrf).Patch("/{username}", memberH.UpdatePermission)
 						r.With(csrf).Delete("/{username}", memberH.Remove)
 					})
+					r.Route("/keys", func(r chi.Router) {
+						r.Get("/", keyH.List)
+						r.With(csrf).Post("/", keyH.Create)
+						r.With(csrf).Delete("/{keyID}", keyH.Delete)
+					})
+					r.Route("/tokens", func(r chi.Router) {
+						r.Get("/", tokenH.List)
+						r.With(csrf).Post("/", tokenH.Create)
+						r.With(csrf).Delete("/{tokenID}", tokenH.Delete)
+					})
 				})
 			})
 		})