Add basic auth support to rss/atom feeds (#33371)

Allows RSS readers to access private feeds using their basic auth capabilities. Not all clients feature the ability to add cookies or headers. fixes #32458 Tested with miniflux no credentials: ![image](https://github.com/user-attachments/assets/8c3369f2-1cf6-4ce3-ac6e-84447e454928) basic auth entered: ![image](https://github.com/user-attachments/assets/c93ff22c-1429-4a80-898f-91d9f35c7c61) ![image](https://github.com/user-attachments/assets/60d83afd-9dde-4973-a440-ff8138799e87) --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-27 03:07:39 +01:00 · 2025-01-27 03:07:39 +01:00 · c79adf00b8
commit c79adf00b8
parent 26b51aa032
3 changed files with 57 additions and 19 deletions
--- a/services/auth/auth_test.go
+++ b/services/auth/auth_test.go
@ -9,6 +9,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"

 	"github.com/stretchr/testify/assert"
 )
@ -92,6 +93,19 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
 			true,
 		},
 	}
+
+	defer test.MockVariableValue(&setting.LFS.StartServer)()
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
+			setting.LFS.StartServer = false
+			assert.Equal(t, tt.want, newAuthPathDetector(req).isGitRawOrAttachOrLFSPath())
+
+			setting.LFS.StartServer = true
+			assert.Equal(t, tt.want, newAuthPathDetector(req).isGitRawOrAttachOrLFSPath())
+		})
+	}
+
 	lfsTests := []string{
 		"/owner/repo/info/lfs/",
 		"/owner/repo/info/lfs/objects/batch",
@ -103,19 +117,6 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
 		"/owner/repo/info/lfs/locks/verify",
 		"/owner/repo/info/lfs/locks/123/unlock",
 	}
-
-	origLFSStartServer := setting.LFS.StartServer
-
-	for _, tt := range tests {
-		t.Run(tt.path, func(t *testing.T) {
-			req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
-			setting.LFS.StartServer = false
-			assert.Equal(t, tt.want, newAuthPathDetector(req).isGitRawOrAttachOrLFSPath())
-
-			setting.LFS.StartServer = true
-			assert.Equal(t, tt.want, newAuthPathDetector(req).isGitRawOrAttachOrLFSPath())
-		})
-	}
 	for _, tt := range lfsTests {
 		t.Run(tt, func(t *testing.T) {
 			req, _ := http.NewRequest("POST", tt, nil)
@ -128,5 +129,27 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
 			assert.Equalf(t, setting.LFS.StartServer, got, "isGitOrLFSPath(%q) = %v, want %v", tt, got, setting.LFS.StartServer)
 		})
 	}
-	setting.LFS.StartServer = origLFSStartServer
+}
+
+func Test_isFeedRequest(t *testing.T) {
+	tests := []struct {
+		want bool
+		path string
+	}{
+		{true, "/user.rss"},
+		{true, "/user/repo.atom"},
+		{false, "/user/repo"},
+		{false, "/use/repo/file.rss"},
+
+		{true, "/org/repo/rss/branch/xxx"},
+		{true, "/org/repo/atom/tag/xxx"},
+		{false, "/org/repo/branch/main/rss/any"},
+		{false, "/org/atom/any"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			req, _ := http.NewRequest("GET", "http://localhost"+tt.path, nil)
+			assert.Equal(t, tt.want, newAuthPathDetector(req).isFeedRequest(req))
+		})
+	}
 }