diff --git a/conf/app.ini b/conf/app.ini index 8f04435b5ff..bb0654e2e27 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -126,6 +126,8 @@ SSH_KEY_TEST_PATH = SSH_KEYGEN_PATH = ssh-keygen ; Enable SSH Authorized Key Backup when rewriting all keys, default is true SSH_BACKUP_AUTHORIZED_KEYS = true +; Enable exposure of SSH clone URL to anonymous visitors, default is false +SSH_EXPOSE_ANONYMOUS = false ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode diff --git a/integrations/repo_test.go b/integrations/repo_test.go index 004156b446f..f5ba4d8d82e 100644 --- a/integrations/repo_test.go +++ b/integrations/repo_test.go @@ -5,8 +5,13 @@ package integrations import ( + "fmt" "net/http" "testing" + + "code.gitea.io/gitea/modules/setting" + + "github.com/stretchr/testify/assert" ) func TestViewRepo(t *testing.T) { @@ -37,3 +42,35 @@ func TestViewRepo3(t *testing.T) { session := loginUser(t, "user3") session.MakeRequest(t, req, http.StatusOK) } + +func TestViewRepo1CloneLinkAnonymous(t *testing.T) { + prepareTestEnv(t) + + req := NewRequest(t, "GET", "/user2/repo1") + resp := MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + link, exists := htmlDoc.doc.Find("#repo-clone-https").Attr("data-link") + assert.True(t, exists, "The template has changed") + assert.Equal(t, setting.AppURL+"user2/repo1.git", link) + _, exists = htmlDoc.doc.Find("#repo-clone-ssh").Attr("data-link") + assert.False(t, exists) +} + +func TestViewRepo1CloneLinkAuthorized(t *testing.T) { + prepareTestEnv(t) + + session := loginUser(t, "user2") + + req := NewRequest(t, "GET", "/user2/repo1") + resp := session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + link, exists := htmlDoc.doc.Find("#repo-clone-https").Attr("data-link") + assert.True(t, exists, "The template has changed") + assert.Equal(t, setting.AppURL+"user2/repo1.git", link) + link, exists = htmlDoc.doc.Find("#repo-clone-ssh").Attr("data-link") + assert.True(t, exists, "The template has changed") + sshURL := fmt.Sprintf("%s@%s:user2/repo1.git", setting.RunUser, setting.SSH.Domain) + assert.Equal(t, sshURL, link) +} diff --git a/modules/context/repo.go b/modules/context/repo.go index e46170b76de..d636496f501 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -285,6 +285,7 @@ func RepoAssignment() macaron.Handler { ctx.Data["IsRepositoryWriter"] = ctx.Repo.IsWriter() ctx.Data["DisableSSH"] = setting.SSH.Disabled + ctx.Data["ExposeAnonSSH"] = setting.SSH.ExposeAnonymous ctx.Data["DisableHTTP"] = setting.Repository.DisableHTTPGit ctx.Data["CloneLink"] = repo.CloneLink() ctx.Data["WikiCloneLink"] = repo.WikiCloneLink() diff --git a/modules/setting/setting.go b/modules/setting/setting.go index f24a87653bf..82187e81be7 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -99,6 +99,7 @@ var ( AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"` MinimumKeySizeCheck bool `ini:"-"` MinimumKeySizes map[string]int `ini:"-"` + ExposeAnonymous bool `ini:"SSH_EXPOSE_ANONYMOUS"` }{ Disabled: false, StartBuiltinServer: false, @@ -707,6 +708,7 @@ func NewContext() { } } SSH.AuthorizedKeysBackup = sec.Key("SSH_AUTHORIZED_KEYS_BACKUP").MustBool(true) + SSH.ExposeAnonymous = sec.Key("SSH_EXPOSE_ANONYMOUS").MustBool(false) if err = Cfg.Section("server").MapTo(&LFS); err != nil { log.Fatal(4, "Failed to map LFS settings: %v", err) diff --git a/templates/repo/bare.tmpl b/templates/repo/bare.tmpl index b72738fe348..bd37228ad15 100644 --- a/templates/repo/bare.tmpl +++ b/templates/repo/bare.tmpl @@ -28,9 +28,11 @@ {{else}} {{end}} - + {{if not (and $.DisableHTTP $.DisableSSH)}} + + {{end}}
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl index 664326c5620..5af574ee049 100644 --- a/templates/repo/home.tmpl +++ b/templates/repo/home.tmpl @@ -56,19 +56,21 @@ {{if UseHTTPS}}HTTPS{{else}}HTTP{{end}} {{end}} - {{if not $.DisableSSH}} + {{if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} {{end}} {{if not $.DisableHTTP}} - {{else}} + {{else if and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)}} {{end}} - + {{if or ((not $.DisableHTTP) (and (not $.DisableSSH) (or $.IsSigned $.ExposeAnonSSH)))}} + + {{end}}