diff options
| author | Drew DeVault <sir@cmpwn.com> | 2019-04-09 20:12:47 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2019-04-09 20:12:47 -0400 |
| commit | 6686cfa10fe670603e13087e5d7fb7aa1b73e933 (patch) | |
| tree | 79f4e036c52227f3c7dd9cff4a554f95849d90b9 | |
| parent | d280a6173ca645ae1576fee98499ceea8a94d146 (diff) | |
Update to use core.sr.ht's get_origin
| -rw-r--r-- | config.example.ini | 11 | ||||
| -rwxr-xr-x | gitsrht-keys | 4 | ||||
| -rw-r--r-- | gitsrht/service.py | 6 | ||||
| -rw-r--r-- | gitsrht/templates/index.html | 2 |
4 files changed, 18 insertions, 5 deletions
diff --git a/config.example.ini b/config.example.ini index 22b62c7..a5806b7 100644 --- a/config.example.ini +++ b/config.example.ini @@ -40,6 +40,17 @@ pgp-privkey= pgp-pubkey= pgp-key-id= +[webhooks] +# +# base64-encoded Ed25519 key for signing webhook payloads. This should be +# consistent for all *.sr.ht sites, as we'll use this key to verify signatures +# from other sites in your network. +# +# Use the srht-webhook-keygen command to generate a key. +# +# If omitted, webhook payloads are unsigned. +private-key= + [git.sr.ht] # # URL git.sr.ht is being served at (protocol://domain) diff --git a/gitsrht-keys b/gitsrht-keys index 8a18a77..3258f3d 100755 --- a/gitsrht-keys +++ b/gitsrht-keys @@ -3,7 +3,7 @@ import os import sys import requests from srht.api import get_results -from srht.config import cfg +from srht.config import cfg, get_origin from srht.database import DbSession db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User, SSHKey @@ -18,7 +18,7 @@ user = (User.query.join(SSHKey) .filter(SSHKey.key.ilike(f"%{b64key}%"))).one_or_none() if not user: # Fall back to meta.sr.ht first - meta_origin = cfg("meta.sr.ht", "origin") + meta_origin = get_origin("meta.sr.ht") r = requests.get(f"{meta_origin}/api/ssh-key/{b64key}") if r.status_code == 200: username = r.json()["owner"]["name"] diff --git a/gitsrht/service.py b/gitsrht/service.py index d73f4ad..c8a92e9 100644 --- a/gitsrht/service.py +++ b/gitsrht/service.py @@ -1,15 +1,16 @@ from flask import Blueprint, request, url_for from gitsrht.types import User, OAuthToken, SSHKey +from scmsrht.oauth import delegated_scopes as scm_scopes from srht.api import get_results from srht.database import db -from srht.config import cfg +from srht.config import cfg, get_origin from srht.flask import csrf_bypass from srht.oauth import AbstractOAuthService import json import requests origin = cfg("git.sr.ht", "origin") -meta_origin = cfg("meta.sr.ht", "origin") +meta_origin = get_origin("meta.sr.ht") client_id = cfg("git.sr.ht", "oauth-client-id") client_secret = cfg("git.sr.ht", "oauth-client-secret") builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None) @@ -20,6 +21,7 @@ class GitOAuthService(AbstractOAuthService): required_scopes=["profile", "keys"] + ([ "{}/jobs:write".format(builds_client_id) ] if builds_client_id else []), + delegated_scopes=scm_scopes, token_class=OAuthToken, user_class=User) def ensure_user_sshkey(self, user, meta_key): diff --git a/gitsrht/templates/index.html b/gitsrht/templates/index.html index 8d534c5..8024b18 100644 --- a/gitsrht/templates/index.html +++ b/gitsrht/templates/index.html @@ -23,7 +23,7 @@ </ul> <a class="btn btn-primary" - href="{{cfg("meta.sr.ht", "origin")}}/register" + href="{{get_origin("meta.sr.ht", external=True)}}/register" >Register here {{icon('caret-right')}}</a> or <a href="{{oauth_url}}"> |