From e4a3a9a2ccc53bf977230b9e22e2e75635dc8ada Mon Sep 17 00:00:00 2001 From: claudi Date: Wed, 28 Jan 2026 14:35:56 +0100 Subject: [PATCH] refactor: Use HTTP Basic Auth instead of tokens for package uploads - Replace token-based auth with HTTP Basic Auth (username/password) - Scripts now use FORGEJO_USER and FORGEJO_PASS environment variables - Same credentials used for git repository access - No special token creation needed - Simpler setup: set env vars and run upload script - Both Windows and macOS scripts updated --- FORGEJO_PACKAGES_SETUP.md | 105 +++++++++------------------ build/scripts/upload_to_packages.ps1 | 72 ++++++------------ build/scripts/upload_to_packages.sh | 80 ++++++-------------- 3 files changed, 80 insertions(+), 177 deletions(-) diff --git a/FORGEJO_PACKAGES_SETUP.md b/FORGEJO_PACKAGES_SETUP.md index 1441616..8f3040d 100644 --- a/FORGEJO_PACKAGES_SETUP.md +++ b/FORGEJO_PACKAGES_SETUP.md @@ -15,47 +15,25 @@ This guide explains how to distribute WebDrop Bridge builds using **Forgejo Pack ## Setup Requirements -### 1. Forgejo Personal Access Token +### 1. Use Your Existing Forgejo Credentials -Create a token with package write permissions: +You already have HTTP access to Forgejo. Just use the same username and password you use to log in. -1. Go to: https://git.him-tools.de/user/settings/applications -2. Click "Generate New Token" -3. Name: `BUILD_UPLOAD_TOKEN` -4. Scopes: Check `write:package`, `api` -5. Click "Generate Token" -6. Copy the token +Set environment variables with your Forgejo credentials: -### 2. Store Token Securely - -Choose one of these methods: - -**Option A: Environment Variable (Simplest)** +**Windows (PowerShell):** ```powershell -# Windows PowerShell -$env:FORGEJO_TOKEN = "your_token_here" +$env:FORGEJO_USER = "your_forgejo_username" +$env:FORGEJO_PASS = "your_forgejo_password" ``` -**Option B: Credential Manager (Windows - Most Secure)** -```powershell -.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token_here" -# Token is encrypted and stored for future use -``` - -**Option C: Config File** +**macOS/Linux:** ```bash -# macOS/Linux - Save to home directory -bash build/scripts/upload_to_packages.sh --save-token -t "your_token_here" -# Saved to ~/.config/webdrop-bridge/.env (chmod 600) +export FORGEJO_USER="your_forgejo_username" +export FORGEJO_PASS="your_forgejo_password" ``` -**Option D: Project .env (Development Only)** -Create `.env` in project root and add to `.gitignore`: -``` -FORGEJO_TOKEN=your_token_here -``` - -### 3. Build Scripts +### 2. Build Scripts Upload scripts are already created: - Windows: `build/scripts/upload_to_packages.ps1` @@ -83,23 +61,23 @@ bash build/scripts/build_macos.sh ### Step 2: Upload to Packages -After storing your token (see Setup Requirements above), uploading is simple: +After setting your environment variables (see Setup Requirements above), uploading is simple: **Windows Upload:** ```powershell +$env:FORGEJO_USER = "your_username" +$env:FORGEJO_PASS = "your_password" .\build\scripts\upload_to_packages.ps1 -Version 1.0.0 ``` **macOS Upload:** ```bash +export FORGEJO_USER="your_username" +export FORGEJO_PASS="your_password" bash build/scripts/upload_to_packages.sh -v 1.0.0 ``` -The scripts will automatically find your token from: -1. `-ForgejoToken` / `-t` parameter (if provided) -2. `$env:FORGEJO_TOKEN` / `$FORGEJO_TOKEN` environment variable -3. Windows Credential Manager / `~/.config/webdrop-bridge/.env` -4. Project `.env` file +Or set the environment variables once and they persist for all future uploads in that terminal session. ### Step 3: Tag and Commit @@ -193,30 +171,27 @@ async def check_for_updates(self) -> Optional[UpdateInfo]: **Basic Usage:** ```powershell -# After storing token (see Setup Requirements) -.\build\scripts\upload_to_packages.ps1 -Version 1.0.0 -``` +# Set your Forgejo credentials +$env:FORGEJO_USER = "your_username" +$env:FORGEJO_PASS = "your_password" -**First time setup - Save token to Credential Manager:** -```powershell -.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token" -# Then future uploads just need version +# Upload .\build\scripts\upload_to_packages.ps1 -Version 1.0.0 ``` **Parameters:** - `-Version` - Version number (required, e.g., "1.0.0") -- `-ForgejoToken` - Personal access token (optional if stored) -- `-SaveToken` - Save token to Credential Manager +- `-ForgejoUser` - Forgejo username (optional if `$env:FORGEJO_USER` set) +- `-ForgejoPW` - Forgejo password (optional if `$env:FORGEJO_PASS` set) - `-ForgejoUrl` - Forgejo server URL (default: https://git.him-tools.de) - `-Repo` - Repository (default: HIM-public/webdrop-bridge) - `-ExePath` - Path to exe file (default: build\dist\windows\WebDropBridge.exe) - `-ChecksumPath` - Path to checksum file **Script flow:** -1. Check for token in: parameter → environment → Credential Manager +1. Check for credentials in: parameter → environment variables 2. Verify exe and checksum files exist -3. Upload exe to Packages API +3. Upload exe to Packages API with HTTP Basic Auth 4. Upload checksum to Packages API 5. Show success message with package URL @@ -224,41 +199,31 @@ async def check_for_updates(self) -> Optional[UpdateInfo]: **Basic Usage:** ```bash -# After storing token (see Setup Requirements) -bash build/scripts/upload_to_packages.sh -v 1.0.0 -``` +# Set your Forgejo credentials +export FORGEJO_USER="your_username" +export FORGEJO_PASS="your_password" -**First time setup - Save token to config:** -```bash -bash build/scripts/upload_to_packages.sh --save-token -t "your_token" -# Then future uploads just need version +# Upload bash build/scripts/upload_to_packages.sh -v 1.0.0 ``` **Options:** - `-v, --version` - Version number (required, e.g., "1.0.0") -- `-t, --token` - Personal access token (optional if stored) -- `--save-token` - Save token to ~/.config/webdrop-bridge/.env - `-u, --url` - Forgejo server URL (default: https://git.him-tools.de) **Script flow:** -1. Check for token in: parameter → environment → ~/.config/webdrop-bridge/.env → project .env +1. Check for credentials in: environment variables (`$FORGEJO_USER`, `$FORGEJO_PASS`) 2. Verify dmg and checksum files exist -3. Upload dmg to Packages API +3. Upload dmg to Packages API with HTTP Basic Auth 4. Upload checksum to Packages API 5. Show success message with package URL -### Token Resolution Order +### Credential Resolution -Both scripts check for tokens in this priority: -1. **Parameter**: `-ForgejoToken "token"` (PowerShell) or `-t "token"` (Bash) -2. **Environment**: `$env:FORGEJO_TOKEN` (PowerShell) or `$FORGEJO_TOKEN` (Bash) -3. **Stored Config**: - - Windows: Credential Manager (via `-SaveToken` flag) - - macOS/Linux: `~/.config/webdrop-bridge/.env` -4. **Project File**: `.env` in project root (if exists) - -This design matches how git handles credentials! +Both scripts use HTTP Basic Authentication with your Forgejo username/password: +- Same credentials you use to log into Forgejo +- Same credentials git uses when cloning over HTTPS +- No special token creation needed ## Complete Release Checklist diff --git a/build/scripts/upload_to_packages.ps1 b/build/scripts/upload_to_packages.ps1 index c3d3009..d609fe7 100644 --- a/build/scripts/upload_to_packages.ps1 +++ b/build/scripts/upload_to_packages.ps1 @@ -1,16 +1,17 @@ # Upload Windows Build to Forgejo Packages # Usage: .\upload_to_packages.ps1 -Version 1.0.0 -# Set token via: $env:FORGEJO_TOKEN = "your_token" -# Or store in Credential Manager: .\upload_to_packages.ps1 -SaveToken +# Uses your Forgejo credentials (same as git) +# Set via: $env:FORGEJO_USER = "username"; $env:FORGEJO_PASS = "password" param( [Parameter(Mandatory=$false)] [string]$Version, [Parameter(Mandatory=$false)] - [string]$ForgejoToken, + [string]$ForgejoUser, - [switch]$SaveToken, + [Parameter(Mandatory=$false)] + [string]$ForgejoPW, [string]$ForgejoUrl = "https://git.him-tools.de", [string]$Repo = "HIM-public/webdrop-bridge", @@ -18,58 +19,24 @@ param( [string]$ChecksumPath = "build\dist\windows\WebDropBridge.exe.sha256" ) -# Helper function to manage credentials -function Get-ForgejoToken { - param([switch]$Save, [string]$Token) - - if ($Save -and $Token) { - # Save to Credential Manager - $cred = New-Object System.Management.Automation.PSCredential( - "forgejo", - (ConvertTo-SecureString $Token -AsPlainText -Force) - ) - $cred | Export-Clixml -Path "$env:APPDATA\forgejo_token.xml" -Force - Write-Host "✓ Token saved to Credential Manager" -ForegroundColor Green - return $Token - } - - # Try to load from Credential Manager - if (Test-Path "$env:APPDATA\forgejo_token.xml") { - $cred = Import-Clixml -Path "$env:APPDATA\forgejo_token.xml" - return $cred.GetNetworkCredential().Password - } - - return $null -} - -# Handle -SaveToken flag -if ($SaveToken) { - if (-not $ForgejoToken) { - $ForgejoToken = Read-Host "Enter Forgejo token to save" -AsSecureString | %{[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($_))} - } - Get-ForgejoToken -Save -Token $ForgejoToken - exit 0 -} - $ErrorActionPreference = "Stop" -# Get token from sources (in order of priority) -if (-not $ForgejoToken) { - # Try environment variable first - $ForgejoToken = $env:FORGEJO_TOKEN +# Get credentials from sources (in order of priority) +if (-not $ForgejoUser) { + $ForgejoUser = $env:FORGEJO_USER } -if (-not $ForgejoToken) { - # Try Credential Manager - $ForgejoToken = Get-ForgejoToken +if (-not $ForgejoPW) { + $ForgejoPW = $env:FORGEJO_PASS } -if (-not $ForgejoToken) { - Write-Host "ERROR: No Forgejo token found!" -ForegroundColor Red - Write-Host "Set token using one of these methods:" -ForegroundColor Yellow - Write-Host " 1. Environment variable: `$env:FORGEJO_TOKEN = 'your_token'" - Write-Host " 2. Credential Manager: .\upload_to_packages.ps1 -SaveToken" - Write-Host " 3. Parameter: -ForgejoToken 'your_token'" +if (-not $ForgejoUser -or -not $ForgejoPW) { + Write-Host "ERROR: Forgejo credentials not found!" -ForegroundColor Red + Write-Host "Set credentials using environment variables:" -ForegroundColor Yellow + Write-Host " `$env:FORGEJO_USER = 'your_username'" + Write-Host " `$env:FORGEJO_PASS = 'your_password'" + Write-Host "" -ForegroundColor Yellow + Write-Host "These should match your Forgejo login credentials." exit 1 } @@ -100,12 +67,15 @@ $checksum = Get-Content $ChecksumPath -Raw Write-Host "File: WebDropBridge.exe ($([math]::Round($exeSize, 2)) MB)" Write-Host "Checksum: $($checksum.Substring(0, 16))..." +# Create basic auth header +$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${ForgejoUser}:${ForgejoPW}")) + # Upload executable Write-Host "`nUploading executable..." -ForegroundColor Yellow $exeUrl = "$ForgejoUrl/api/v1/repos/$Repo/packages/generic/webdrop-bridge/$Version/WebDropBridge.exe" $headers = @{ - "Authorization" = "token $ForgejoToken" + "Authorization" = "Basic $auth" } try { diff --git a/build/scripts/upload_to_packages.sh b/build/scripts/upload_to_packages.sh index 14733a3..2575b8b 100644 --- a/build/scripts/upload_to_packages.sh +++ b/build/scripts/upload_to_packages.sh @@ -1,88 +1,53 @@ #!/bin/bash # Upload macOS Build to Forgejo Packages # Usage: ./upload_to_packages.sh -v 1.0.0 -# Set token via: export FORGEJO_TOKEN="your_token" -# Or store in config: ./upload_to_packages.sh --save-token -t "your_token" +# Uses your Forgejo credentials (same as git) +# Set via: export FORGEJO_USER="username"; export FORGEJO_PASS="password" set -e # Parse arguments VERSION="" -FORGEJO_TOKEN="" +FORGEJO_USER="" +FORGEJO_PASS="" FORGEJO_URL="https://git.him-tools.de" REPO="HIM-public/webdrop-bridge" DMG_PATH="build/dist/macos/WebDropBridge.dmg" CHECKSUM_PATH="build/dist/macos/WebDropBridge.dmg.sha256" -SAVE_TOKEN=false while [[ $# -gt 0 ]]; do case $1 in -v|--version) VERSION="$2"; shift 2;; - -t|--token) FORGEJO_TOKEN="$2"; shift 2;; -u|--url) FORGEJO_URL="$2"; shift 2;; - --save-token) SAVE_TOKEN=true; shift;; *) echo "Unknown option: $1"; exit 1;; esac done -# Load token from environment or .env file -if [ -z "$FORGEJO_TOKEN" ]; then - # Check if .env file exists in project root - if [ -f ".env" ]; then - export $(grep "FORGEJO_TOKEN" .env | xargs) - fi - # Check if saved in home config - if [ -z "$FORGEJO_TOKEN" ] && [ -f "$HOME/.config/webdrop-bridge/.env" ]; then - export $(grep "FORGEJO_TOKEN" "$HOME/.config/webdrop-bridge/.env" | xargs) - fi +# Load credentials from environment +if [ -z "$FORGEJO_USER" ]; then + FORGEJO_USER="$FORGEJO_USER" fi -# Handle --save-token flag -if [ "$SAVE_TOKEN" = true ]; then - if [ -z "$FORGEJO_TOKEN" ]; then - read -sp "Enter Forgejo token to save: " FORGEJO_TOKEN - echo "" - fi - mkdir -p "$HOME/.config/webdrop-bridge" - echo "FORGEJO_TOKEN=$FORGEJO_TOKEN" > "$HOME/.config/webdrop-bridge/.env" - chmod 600 "$HOME/.config/webdrop-bridge/.env" - echo "✓ Token saved to $HOME/.config/webdrop-bridge/.env" - exit 0 +if [ -z "$FORGEJO_PASS" ]; then + FORGEJO_PASS="$FORGEJO_PASS" fi # Verify required parameters if [ -z "$VERSION" ]; then echo "ERROR: Version parameter required" >&2 - echo "Usage: $0 -v VERSION [-t TOKEN] [-u FORGEJO_URL]" >&2 + echo "Usage: $0 -v VERSION [-u FORGEJO_URL]" >&2 echo "Example: $0 -v 1.0.0" >&2 + exit 1 +fi + +if [ -z "$FORGEJO_USER" ] || [ -z "$FORGEJO_PASS" ]; then + echo "ERROR: Forgejo credentials not found!" >&2 echo "" >&2 - echo "Token can be set via:" >&2 - echo " 1. Environment: export FORGEJO_TOKEN='your_token'" >&2 - echo " 2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2 - echo " 3. Config: $0 --save-token -t 'your_token'" >&2 - echo " 4. Parameter: -t 'your_token'" >&2 - exit 1 -fi - -if [ -z "$FORGEJO_TOKEN" ]; then - echo "ERROR: Forgejo token not found!" >&2 + echo "Set your credentials using environment variables:" >&2 + echo " export FORGEJO_USER='your_username'" >&2 + echo " export FORGEJO_PASS='your_password'" >&2 echo "" >&2 - echo "Set token using one of these methods:" >&2 - echo " 1. Environment: export FORGEJO_TOKEN='your_token'" >&2 - echo " 2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2 - echo " 3. Config: $0 --save-token -t 'your_token'" >&2 - echo " 4. Parameter: -t 'your_token'" >&2 - exit 1 -fi - -# Verify files exist -if [ ! -f "$DMG_PATH" ]; then - echo "ERROR: DMG file not found at $DMG_PATH" - exit 1 -fi - -if [ ! -f "$CHECKSUM_PATH" ]; then - echo "ERROR: Checksum file not found at $CHECKSUM_PATH" + echo "These should match your Forgejo login credentials." >&2 exit 1 fi @@ -95,13 +60,16 @@ CHECKSUM=$(cat "$CHECKSUM_PATH") echo "File: WebDropBridge.dmg ($DMG_SIZE MB)" echo "Checksum: ${CHECKSUM:0:16}..." +# Create basic auth header +BASIC_AUTH=$(echo -n "${FORGEJO_USER}:${FORGEJO_PASS}" | base64) + # Upload DMG echo "" echo "Uploading DMG..." DMG_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg" HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \ - -H "Authorization: token $FORGEJO_TOKEN" \ + -H "Authorization: Basic $BASIC_AUTH" \ --data-binary "@$DMG_PATH" \ -H "Content-Type: application/octet-stream" \ "$DMG_URL" \ @@ -120,7 +88,7 @@ echo "Uploading checksum..." CHECKSUM_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg.sha256" HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \ - -H "Authorization: token $FORGEJO_TOKEN" \ + -H "Authorization: Basic $BASIC_AUTH" \ -d "$CHECKSUM" \ -H "Content-Type: text/plain" \ "$CHECKSUM_URL" \