aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/docs/auth.md
blob: 4eabcd51121de9a7a6c594dbfaf29b3507a62043 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

In order to access private repositories hosted on a third-party platform like
GitHub or Bitbucket, cgitize needs to pass authentication on the hosting
server.  Authentication in Git is done either via HTTPS, or via SSH.

When using SSH, there're multiple methods to give cgitize access to SSH keys.

1. Use SSH keys (possibly passwordless) directly.  This is stupid, since it
   would require storing SSH keys and the passwords to them on the cgitize
   server.  Plus, I don't think either GitHub or Bitbucket support read-only
   SSH keys.

2. Give cgitize access to a ssh-agent.  This is less stupid, but would require
   a cumbersome setup.  The host ssh-agent can be used (including when cgitize
   is run in a Docker container), but in my experience, this is somewhat
   inconvenient (you have to add keys manually to the ssh-agent every time you
   reboot, etc.).

When using HTTPS, there're multiple options to access the private repositories.

1. Pass the account password in the URL.  Doesn't work with 2FA, incredibly
   insecure.

2. Use OAuth.  I thought this was too complicated to implement quickly.

3. Use per-application passwords.  This option is pretty cool.  Both GitHub (in
   the form of "personal access tokens") and Bitbucket (calls them "app
   passwords") support creating one-purpose passwords that are supposed to be
   used by a single app only.  They allow to bypass the 2FA also.  Let's do
   this!

Passing the access tokens to Git is tricky though.  First, simply including
them in the clone URL would be incredibly stupid, since that URL is going to be
visible on the cgit web pages.  There's an option to use the Git
`credentials.helper`, but I thought that it was quite hard to get right in a
cross-platform way.

Now, there's `url.<url>.insteadOf`.  It can be used to make Git rewrite every
URL to include the access token.

* I don't want to set it permanently to avoid leaking the access token.
* I don't want to set it in the repository's `--local` .git/config, since it is
  probably readable by other users.
* I don't want to ever use it on the command line to avoid leaking it.

Eventually, the option I settled on is to

1. `chmod 0600 ~/.gitconfig`.
2. Append the section to ~/.gitconfig from Python (_not_ by using `git
   config`).
3. Undo everything once we're done.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 22:32:13 +0000