gitforge/modules
Mathieu Fenniak c8d24ff06a feat: enable auth to git HTTP via authorized integrations (#12715)
Allow authentication to git HTTP & git LFS via an authorized integration.

This is the first step in getting rid of OAuth, basic auth, etc.'s usage of [`isGitRawOrAttachPath(req)`](26f18a94ee/services/auth/method/basic.go (L38-L40)).  I don't want to follow that pattern of HTTP route matching in the authentication method, so I've broken the HTTP routes related to git functionality out to using a separate authentication middleware in the top-level `web.Routes` handler.  As this approach is expanded to the other endpoints in order to add support to them for authorized integrations, eventually it will be possible to remove this URL matching completely and just rely on middleware installation.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12715
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-25 19:33:36 +02:00
..
actions feat: reusable workflow outer job is skipped if 'if:' block skips workflow (#12412) 2026-05-05 02:59:34 +02:00
activitypub feat: backend DB model for fine-grained repo access tokens 2026-02-27 17:17:29 +01:00
analyze
assetfs feat: optimization: use fs.ReadFile (#10987) 2026-01-22 16:26:18 +01:00
auth feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
avatar feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
avatarstore feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
base fix: "Follow symlink" to work with arbitrary links (#12246) 2026-04-27 23:54:21 +02:00
cache feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
card
charset chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
container chore: add new functions to container.Set 2025-10-14 14:40:49 -06:00
csv
emoji
eventsource ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
forgefed chore(federation): re-enable nilnil lint (#11253) 2026-04-13 22:05:29 +02:00
generate chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
git chore: remove some git configuration options (#12681) 2026-05-24 12:34:59 +02:00
gitrepo Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.1 (forgejo) (#10053) 2025-11-11 07:04:35 +01:00
graceful ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
hcaptcha
highlight fix(ui): show "Shell" instead of "Bash" in headers of shell script files (#12562) 2026-05-14 22:33:51 +02:00
hostmatcher chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
html
httpcache chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
httplib chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
indexer fix(issue-search): single exclude query was erroneosly considered as must (#12589) 2026-05-16 09:57:51 +02:00
issue/template chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
json feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
jwtx chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
keying fix: store pull mirror creds encrypted with keying (#11909) 2026-04-04 13:53:22 +02:00
label chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
lfs chore: add unit test for SearchPointerBlobs 2025-10-03 14:37:24 +02:00
log tests: make buffer log writer thread safe (#11962) 2026-04-04 16:29:14 +02:00
markup feat(ui): support Pandoc style code blocks (#12099) 2026-05-12 00:53:09 +02:00
mcaptcha
metrics
migration ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
nosql feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
optional chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
options
packages feat: support simple JSON API for PyPI package registry (#12095) 2026-04-30 16:58:28 +02:00
paginator
pprof
private chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
process
proxy
proxyprotocol ci: detect and prevent empty case statements in Go code (#11593) 2026-03-10 02:50:28 +01:00
public chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
queue feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
recaptcha
references
regexplru
repository feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
secret
session fix: only destroy session if exists 2026-03-19 02:18:52 +01:00
setting feat: fsck incoming objects (#12695) 2026-05-25 14:51:04 +02:00
sitemap
ssh fix: don't clobber authorized_keys file during installation (#10948) 2026-01-23 18:38:09 +01:00
storage chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
structs feat: expose access token creation date in API responses (#12620) 2026-05-20 18:45:38 +02:00
svg
sync
system
templates feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
test feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
testimport chore: move all test blank imports in a single package (#10662) 2026-01-02 05:32:32 +01:00
testlogger chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
timeutil
translation chore(i18n): May 2026 maintenence (#12718) 2026-05-25 10:59:49 +02:00
turnstile
typesniffer
updatechecker chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
uri
user
util chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
validation feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
web feat: enable auth to git HTTP via authorized integrations (#12715) 2026-05-25 19:33:36 +02:00
webhook
zstd