refactor: Use HTTP Basic Auth instead of tokens for package uploads

- Replace token-based auth with HTTP Basic Auth (username/password) - Scripts now use FORGEJO_USER and FORGEJO_PASS environment variables - Same credentials used for git repository access - No special token creation needed - Simpler setup: set env vars and run upload script - Both Windows and macOS scripts updated
2026-01-28 14:35:56 +01:00 · 2026-01-28 14:35:56 +01:00 · e4a3a9a2cc
commit e4a3a9a2cc
parent 1b37335f8a
3 changed files with 80 additions and 177 deletions
--- a/FORGEJO_PACKAGES_SETUP.md
+++ b/FORGEJO_PACKAGES_SETUP.md
@ -15,47 +15,25 @@ This guide explains how to distribute WebDrop Bridge builds using **Forgejo Pack
 ## Setup Requirements
-### 1. Forgejo Personal Access Token
+### 1. Use Your Existing Forgejo Credentials
-Create a token with package write permissions:
+You already have HTTP access to Forgejo. Just use the same username and password you use to log in.
-1. Go to: https://git.him-tools.de/user/settings/applications
+Set environment variables with your Forgejo credentials:
 2. Click "Generate New Token"
 3. Name: `BUILD_UPLOAD_TOKEN`
 4. Scopes: Check `write:package`, `api`
 5. Click "Generate Token"
 6. Copy the token
-### 2. Store Token Securely
+**Windows (PowerShell):**
 Choose one of these methods:
 **Option A: Environment Variable (Simplest)**
 ```powershell
-# Windows PowerShell
+$env:FORGEJO_USER = "your_forgejo_username"
-$env:FORGEJO_TOKEN = "your_token_here"
+$env:FORGEJO_PASS = "your_forgejo_password"
 ```
-**Option B: Credential Manager (Windows - Most Secure)**
+**macOS/Linux:**
 ```powershell
 .\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token_here"
 # Token is encrypted and stored for future use
 ```
 **Option C: Config File**
 ```bash
-# macOS/Linux - Save to home directory
+export FORGEJO_USER="your_forgejo_username"
-bash build/scripts/upload_to_packages.sh --save-token -t "your_token_here"
+export FORGEJO_PASS="your_forgejo_password"
 # Saved to ~/.config/webdrop-bridge/.env (chmod 600)
 ```
-**Option D: Project .env (Development Only)**
+### 2. Build Scripts
 Create `.env` in project root and add to `.gitignore`:
 ```
 FORGEJO_TOKEN=your_token_here
 ```
 ### 3. Build Scripts
 Upload scripts are already created:
 - Windows: `build/scripts/upload_to_packages.ps1`
@ -83,23 +61,23 @@ bash build/scripts/build_macos.sh
 ### Step 2: Upload to Packages
-After storing your token (see Setup Requirements above), uploading is simple:
+After setting your environment variables (see Setup Requirements above), uploading is simple:
 **Windows Upload:**
 ```powershell
 $env:FORGEJO_USER = "your_username"
 $env:FORGEJO_PASS = "your_password"
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 ```
 **macOS Upload:**
 ```bash
 export FORGEJO_USER="your_username"
 export FORGEJO_PASS="your_password"
 bash build/scripts/upload_to_packages.sh -v 1.0.0
 ```
-The scripts will automatically find your token from:
+Or set the environment variables once and they persist for all future uploads in that terminal session.
 1. `-ForgejoToken` / `-t` parameter (if provided)
 2. `$env:FORGEJO_TOKEN` / `$FORGEJO_TOKEN` environment variable
 3. Windows Credential Manager / `~/.config/webdrop-bridge/.env`
 4. Project `.env` file
 ### Step 3: Tag and Commit
@ -193,30 +171,27 @@ async def check_for_updates(self) -> Optional[UpdateInfo]:
 **Basic Usage:**
 ```powershell
-# After storing token (see Setup Requirements)
+# Set your Forgejo credentials
-.\build\scripts\upload_to_packages.ps1 -Version 1.0.0
+$env:FORGEJO_USER = "your_username"
-```
+$env:FORGEJO_PASS = "your_password"
-**First time setup - Save token to Credential Manager:**
+# Upload
 ```powershell
 .\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token"
 # Then future uploads just need version
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 ```
 **Parameters:**
 - `-Version` - Version number (required, e.g., "1.0.0")
- `-ForgejoToken` - Personal access token (optional if stored)
+- `-ForgejoUser` - Forgejo username (optional if `$env:FORGEJO_USER` set)
- `-SaveToken` - Save token to Credential Manager
+- `-ForgejoPW` - Forgejo password (optional if `$env:FORGEJO_PASS` set)
 - `-ForgejoUrl` - Forgejo server URL (default: https://git.him-tools.de)
 - `-Repo` - Repository (default: HIM-public/webdrop-bridge)
 - `-ExePath` - Path to exe file (default: build\dist\windows\WebDropBridge.exe)
 - `-ChecksumPath` - Path to checksum file
 **Script flow:**
-1. Check for token in: parameter → environment → Credential Manager
+1. Check for credentials in: parameter → environment variables
 2. Verify exe and checksum files exist
-3. Upload exe to Packages API
+3. Upload exe to Packages API with HTTP Basic Auth
 4. Upload checksum to Packages API
 5. Show success message with package URL
@ -224,41 +199,31 @@ async def check_for_updates(self) -> Optional[UpdateInfo]:
 **Basic Usage:**
 ```bash
-# After storing token (see Setup Requirements)
+# Set your Forgejo credentials
-bash build/scripts/upload_to_packages.sh -v 1.0.0
+export FORGEJO_USER="your_username"
-```
+export FORGEJO_PASS="your_password"
-**First time setup - Save token to config:**
+# Upload
 ```bash
 bash build/scripts/upload_to_packages.sh --save-token -t "your_token"
 # Then future uploads just need version
 bash build/scripts/upload_to_packages.sh -v 1.0.0
 ```
 **Options:**
 - `-v, --version` - Version number (required, e.g., "1.0.0")
 - `-t, --token` - Personal access token (optional if stored)
 - `--save-token` - Save token to ~/.config/webdrop-bridge/.env
 - `-u, --url` - Forgejo server URL (default: https://git.him-tools.de)
 **Script flow:**
-1. Check for token in: parameter → environment → ~/.config/webdrop-bridge/.env → project .env
+1. Check for credentials in: environment variables (`$FORGEJO_USER`, `$FORGEJO_PASS`)
 2. Verify dmg and checksum files exist
-3. Upload dmg to Packages API
+3. Upload dmg to Packages API with HTTP Basic Auth
 4. Upload checksum to Packages API
 5. Show success message with package URL
-### Token Resolution Order
+### Credential Resolution
-Both scripts check for tokens in this priority:
+Both scripts use HTTP Basic Authentication with your Forgejo username/password:
-1. **Parameter**: `-ForgejoToken "token"` (PowerShell) or `-t "token"` (Bash)
+- Same credentials you use to log into Forgejo
-2. **Environment**: `$env:FORGEJO_TOKEN` (PowerShell) or `$FORGEJO_TOKEN` (Bash)
+- Same credentials git uses when cloning over HTTPS
-3. **Stored Config**:
+- No special token creation needed
   - Windows: Credential Manager (via `-SaveToken` flag)
   - macOS/Linux: `~/.config/webdrop-bridge/.env`
 4. **Project File**: `.env` in project root (if exists)
 This design matches how git handles credentials!
 ## Complete Release Checklist
--- a/build/scripts/upload_to_packages.ps1
+++ b/build/scripts/upload_to_packages.ps1
@ -1,16 +1,17 @@
 # Upload Windows Build to Forgejo Packages
 # Usage: .\upload_to_packages.ps1 -Version 1.0.0
-# Set token via: $env:FORGEJO_TOKEN = "your_token"
+# Uses your Forgejo credentials (same as git)
-# Or store in Credential Manager: .\upload_to_packages.ps1 -SaveToken
+# Set via: $env:FORGEJO_USER = "username"; $env:FORGEJO_PASS = "password"
 param(
    [Parameter(Mandatory=$false)]
    [string]$Version,
    [Parameter(Mandatory=$false)]
-    [string]$ForgejoToken,
+    [string]$ForgejoUser,
-    [switch]$SaveToken,
+    [Parameter(Mandatory=$false)]
    [string]$ForgejoPW,
    [string]$ForgejoUrl = "https://git.him-tools.de",
    [string]$Repo = "HIM-public/webdrop-bridge",
@ -18,58 +19,24 @@ param(
    [string]$ChecksumPath = "build\dist\windows\WebDropBridge.exe.sha256"
 )
 # Helper function to manage credentials
 function Get-ForgejoToken {
    param([switch]$Save, [string]$Token)
    if ($Save -and $Token) {
        # Save to Credential Manager
        $cred = New-Object System.Management.Automation.PSCredential(
            "forgejo",
            (ConvertTo-SecureString $Token -AsPlainText -Force)
        )
        $cred | Export-Clixml -Path "$env:APPDATA\forgejo_token.xml" -Force
        Write-Host "✓ Token saved to Credential Manager" -ForegroundColor Green
        return $Token
    }
    # Try to load from Credential Manager
    if (Test-Path "$env:APPDATA\forgejo_token.xml") {
        $cred = Import-Clixml -Path "$env:APPDATA\forgejo_token.xml"
        return $cred.GetNetworkCredential().Password
    }
    return $null
 }
 # Handle -SaveToken flag
 if ($SaveToken) {
    if (-not $ForgejoToken) {
        $ForgejoToken = Read-Host "Enter Forgejo token to save" -AsSecureString | %{[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($_))}
    }
    Get-ForgejoToken -Save -Token $ForgejoToken
    exit 0
 }
 $ErrorActionPreference = "Stop"
-# Get token from sources (in order of priority)
+# Get credentials from sources (in order of priority)
-if (-not $ForgejoToken) {
+if (-not $ForgejoUser) {
-    # Try environment variable first
+    $ForgejoUser = $env:FORGEJO_USER
    $ForgejoToken = $env:FORGEJO_TOKEN
 }
-if (-not $ForgejoToken) {
+if (-not $ForgejoPW) {
-    # Try Credential Manager
+    $ForgejoPW = $env:FORGEJO_PASS
    $ForgejoToken = Get-ForgejoToken
 }
-if (-not $ForgejoToken) {
+if (-not $ForgejoUser -or -not $ForgejoPW) {
-    Write-Host "ERROR: No Forgejo token found!" -ForegroundColor Red
+    Write-Host "ERROR: Forgejo credentials not found!" -ForegroundColor Red
-    Write-Host "Set token using one of these methods:" -ForegroundColor Yellow
+    Write-Host "Set credentials using environment variables:" -ForegroundColor Yellow
-    Write-Host "  1. Environment variable: `$env:FORGEJO_TOKEN = 'your_token'" 
+    Write-Host "  `$env:FORGEJO_USER = 'your_username'" 
-    Write-Host "  2. Credential Manager: .\upload_to_packages.ps1 -SaveToken"  
+    Write-Host "  `$env:FORGEJO_PASS = 'your_password'"
-    Write-Host "  3. Parameter: -ForgejoToken 'your_token'"
+    Write-Host "" -ForegroundColor Yellow
    Write-Host "These should match your Forgejo login credentials."
    exit 1
 }
@ -100,12 +67,15 @@ $checksum = Get-Content $ChecksumPath -Raw
 Write-Host "File: WebDropBridge.exe ($([math]::Round($exeSize, 2)) MB)"
 Write-Host "Checksum: $($checksum.Substring(0, 16))..."
 # Create basic auth header
 $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${ForgejoUser}:${ForgejoPW}"))
 # Upload executable
 Write-Host "`nUploading executable..." -ForegroundColor Yellow
 $exeUrl = "$ForgejoUrl/api/v1/repos/$Repo/packages/generic/webdrop-bridge/$Version/WebDropBridge.exe"
 $headers = @{
-    "Authorization" = "token $ForgejoToken"
+    "Authorization" = "Basic $auth"
 }
 try {
--- a/build/scripts/upload_to_packages.sh
+++ b/build/scripts/upload_to_packages.sh
@ -1,88 +1,53 @@
 #!/bin/bash
 # Upload macOS Build to Forgejo Packages
 # Usage: ./upload_to_packages.sh -v 1.0.0
-# Set token via: export FORGEJO_TOKEN="your_token"
+# Uses your Forgejo credentials (same as git)
-# Or store in config: ./upload_to_packages.sh --save-token -t "your_token"
+# Set via: export FORGEJO_USER="username"; export FORGEJO_PASS="password"
 set -e
 # Parse arguments
 VERSION=""
-FORGEJO_TOKEN=""
+FORGEJO_USER=""
 FORGEJO_PASS=""
 FORGEJO_URL="https://git.him-tools.de"
 REPO="HIM-public/webdrop-bridge"
 DMG_PATH="build/dist/macos/WebDropBridge.dmg"
 CHECKSUM_PATH="build/dist/macos/WebDropBridge.dmg.sha256"
 SAVE_TOKEN=false
 while [[ $# -gt 0 ]]; do
    case $1 in
        -v|--version) VERSION="$2"; shift 2;;
        -t|--token) FORGEJO_TOKEN="$2"; shift 2;;
        -u|--url) FORGEJO_URL="$2"; shift 2;;
        --save-token) SAVE_TOKEN=true; shift;;
        *) echo "Unknown option: $1"; exit 1;;
    esac
 done
-# Load token from environment or .env file
+# Load credentials from environment
-if [ -z "$FORGEJO_TOKEN" ]; then
+if [ -z "$FORGEJO_USER" ]; then
-    # Check if .env file exists in project root
+    FORGEJO_USER="$FORGEJO_USER"
    if [ -f ".env" ]; then
        export $(grep "FORGEJO_TOKEN" .env | xargs)
    fi
    # Check if saved in home config
    if [ -z "$FORGEJO_TOKEN" ] && [ -f "$HOME/.config/webdrop-bridge/.env" ]; then
        export $(grep "FORGEJO_TOKEN" "$HOME/.config/webdrop-bridge/.env" | xargs)
    fi
 fi
-# Handle --save-token flag
+if [ -z "$FORGEJO_PASS" ]; then
-if [ "$SAVE_TOKEN" = true ]; then
+    FORGEJO_PASS="$FORGEJO_PASS"
    if [ -z "$FORGEJO_TOKEN" ]; then
        read -sp "Enter Forgejo token to save: " FORGEJO_TOKEN
        echo ""
    fi
    mkdir -p "$HOME/.config/webdrop-bridge"
    echo "FORGEJO_TOKEN=$FORGEJO_TOKEN" > "$HOME/.config/webdrop-bridge/.env"
    chmod 600 "$HOME/.config/webdrop-bridge/.env"
    echo "✓ Token saved to $HOME/.config/webdrop-bridge/.env"
    exit 0
 fi
 # Verify required parameters
 if [ -z "$VERSION" ]; then
    echo "ERROR: Version parameter required" >&2
-    echo "Usage: $0 -v VERSION [-t TOKEN] [-u FORGEJO_URL]" >&2
+    echo "Usage: $0 -v VERSION [-u FORGEJO_URL]" >&2
    echo "Example: $0 -v 1.0.0" >&2
    exit 1
 fi
 if [ -z "$FORGEJO_USER" ] || [ -z "$FORGEJO_PASS" ]; then
    echo "ERROR: Forgejo credentials not found!" >&2
    echo "" >&2
-    echo "Token can be set via:" >&2
+    echo "Set your credentials using environment variables:" >&2
-    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
+    echo "  export FORGEJO_USER='your_username'" >&2
-    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
+    echo "  export FORGEJO_PASS='your_password'" >&2
    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
    echo "  4. Parameter: -t 'your_token'" >&2
    exit 1
 fi
 if [ -z "$FORGEJO_TOKEN" ]; then
    echo "ERROR: Forgejo token not found!" >&2
    echo "" >&2
-    echo "Set token using one of these methods:" >&2
+    echo "These should match your Forgejo login credentials." >&2
    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
    echo "  4. Parameter: -t 'your_token'" >&2
    exit 1
 fi
 # Verify files exist
 if [ ! -f "$DMG_PATH" ]; then
    echo "ERROR: DMG file not found at $DMG_PATH"
    exit 1
 fi
 if [ ! -f "$CHECKSUM_PATH" ]; then
    echo "ERROR: Checksum file not found at $CHECKSUM_PATH"
    exit 1
 fi
@ -95,13 +60,16 @@ CHECKSUM=$(cat "$CHECKSUM_PATH")
 echo "File: WebDropBridge.dmg ($DMG_SIZE MB)"
 echo "Checksum: ${CHECKSUM:0:16}..."
 # Create basic auth header
 BASIC_AUTH=$(echo -n "${FORGEJO_USER}:${FORGEJO_PASS}" | base64)
 # Upload DMG
 echo ""
 echo "Uploading DMG..."
 DMG_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg"
 HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \
-    -H "Authorization: token $FORGEJO_TOKEN" \
+    -H "Authorization: Basic $BASIC_AUTH" \
    --data-binary "@$DMG_PATH" \
    -H "Content-Type: application/octet-stream" \
    "$DMG_URL" \
@ -120,7 +88,7 @@ echo "Uploading checksum..."
 CHECKSUM_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg.sha256"
 HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \
-    -H "Authorization: token $FORGEJO_TOKEN" \
+    -H "Authorization: Basic $BASIC_AUTH" \
    -d "$CHECKSUM" \
    -H "Content-Type: text/plain" \
    "$CHECKSUM_URL" \