refactor: Use HTTP Basic Auth instead of tokens for package uploads

- Replace token-based auth with HTTP Basic Auth (username/password)
- Scripts now use FORGEJO_USER and FORGEJO_PASS environment variables
- Same credentials used for git repository access
- No special token creation needed
- Simpler setup: set env vars and run upload script
- Both Windows and macOS scripts updated

FORGEJO_PACKAGES_SETUP.md

@@ -15,47 +15,25 @@ This guide explains how to distribute WebDrop Bridge builds using **Forgejo Pack
 
 ## Setup Requirements
 
-### 1. Forgejo Personal Access Token
+### 1. Use Your Existing Forgejo Credentials
 
-Create a token with package write permissions:
+You already have HTTP access to Forgejo. Just use the same username and password you use to log in.
 
-1. Go to: https://git.him-tools.de/user/settings/applications
-2. Click "Generate New Token"
-3. Name: `BUILD_UPLOAD_TOKEN`
-4. Scopes: Check `write:package`, `api`
-5. Click "Generate Token"
-6. Copy the token
+Set environment variables with your Forgejo credentials:
 
-### 2. Store Token Securely
-
-Choose one of these methods:
-
-**Option A: Environment Variable (Simplest)**
+**Windows (PowerShell):**
 ```powershell
-# Windows PowerShell
-$env:FORGEJO_TOKEN = "your_token_here"
+$env:FORGEJO_USER = "your_forgejo_username"
+$env:FORGEJO_PASS = "your_forgejo_password"
 ```
 
-**Option B: Credential Manager (Windows - Most Secure)**
-```powershell
-.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token_here"
-# Token is encrypted and stored for future use
-```
-
-**Option C: Config File**
+**macOS/Linux:**
 ```bash
-# macOS/Linux - Save to home directory
-bash build/scripts/upload_to_packages.sh --save-token -t "your_token_here"
-# Saved to ~/.config/webdrop-bridge/.env (chmod 600)
+export FORGEJO_USER="your_forgejo_username"
+export FORGEJO_PASS="your_forgejo_password"
 ```
 
-**Option D: Project .env (Development Only)**
-Create `.env` in project root and add to `.gitignore`:
-```
-FORGEJO_TOKEN=your_token_here
-```
-
-### 3. Build Scripts
+### 2. Build Scripts
 
 Upload scripts are already created:
 - Windows: `build/scripts/upload_to_packages.ps1`
@@ -83,23 +61,23 @@ bash build/scripts/build_macos.sh
 
 ### Step 2: Upload to Packages
 
-After storing your token (see Setup Requirements above), uploading is simple:
+After setting your environment variables (see Setup Requirements above), uploading is simple:
 
 **Windows Upload:**
 ```powershell
+$env:FORGEJO_USER = "your_username"
+$env:FORGEJO_PASS = "your_password"
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 ```
 
 **macOS Upload:**
 ```bash
+export FORGEJO_USER="your_username"
+export FORGEJO_PASS="your_password"
 bash build/scripts/upload_to_packages.sh -v 1.0.0
 ```
 
-The scripts will automatically find your token from:
-1. `-ForgejoToken` / `-t` parameter (if provided)
-2. `$env:FORGEJO_TOKEN` / `$FORGEJO_TOKEN` environment variable
-3. Windows Credential Manager / `~/.config/webdrop-bridge/.env`
-4. Project `.env` file
+Or set the environment variables once and they persist for all future uploads in that terminal session.
 
 ### Step 3: Tag and Commit
 
@@ -193,30 +171,27 @@ async def check_for_updates(self) -> Optional[UpdateInfo]:
 
 **Basic Usage:**
 ```powershell
-# After storing token (see Setup Requirements)
-.\build\scripts\upload_to_packages.ps1 -Version 1.0.0
-```
+# Set your Forgejo credentials
+$env:FORGEJO_USER = "your_username"
+$env:FORGEJO_PASS = "your_password"
 
-**First time setup - Save token to Credential Manager:**
-```powershell
-.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token"
-# Then future uploads just need version
+# Upload
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 ```
 
 **Parameters:**
 - `-Version` - Version number (required, e.g., "1.0.0")
-- `-ForgejoToken` - Personal access token (optional if stored)
-- `-SaveToken` - Save token to Credential Manager
+- `-ForgejoUser` - Forgejo username (optional if `$env:FORGEJO_USER` set)
+- `-ForgejoPW` - Forgejo password (optional if `$env:FORGEJO_PASS` set)
 - `-ForgejoUrl` - Forgejo server URL (default: https://git.him-tools.de)
 - `-Repo` - Repository (default: HIM-public/webdrop-bridge)
 - `-ExePath` - Path to exe file (default: build\dist\windows\WebDropBridge.exe)
 - `-ChecksumPath` - Path to checksum file
 
 **Script flow:**
-1. Check for token in: parameter → environment → Credential Manager
+1. Check for credentials in: parameter → environment variables
 2. Verify exe and checksum files exist
-3. Upload exe to Packages API
+3. Upload exe to Packages API with HTTP Basic Auth
 4. Upload checksum to Packages API
 5. Show success message with package URL
 
@@ -224,41 +199,31 @@ async def check_for_updates(self) -> Optional[UpdateInfo]:
 
 **Basic Usage:**
 ```bash
-# After storing token (see Setup Requirements)
-bash build/scripts/upload_to_packages.sh -v 1.0.0
-```
+# Set your Forgejo credentials
+export FORGEJO_USER="your_username"
+export FORGEJO_PASS="your_password"
 
-**First time setup - Save token to config:**
-```bash
-bash build/scripts/upload_to_packages.sh --save-token -t "your_token"
-# Then future uploads just need version
+# Upload
 bash build/scripts/upload_to_packages.sh -v 1.0.0
 ```
 
 **Options:**
 - `-v, --version` - Version number (required, e.g., "1.0.0")
-- `-t, --token` - Personal access token (optional if stored)
-- `--save-token` - Save token to ~/.config/webdrop-bridge/.env
 - `-u, --url` - Forgejo server URL (default: https://git.him-tools.de)
 
 **Script flow:**
-1. Check for token in: parameter → environment → ~/.config/webdrop-bridge/.env → project .env
+1. Check for credentials in: environment variables (`$FORGEJO_USER`, `$FORGEJO_PASS`)
 2. Verify dmg and checksum files exist
-3. Upload dmg to Packages API
+3. Upload dmg to Packages API with HTTP Basic Auth
 4. Upload checksum to Packages API
 5. Show success message with package URL
 
-### Token Resolution Order
+### Credential Resolution
 
-Both scripts check for tokens in this priority:
-1. **Parameter**: `-ForgejoToken "token"` (PowerShell) or `-t "token"` (Bash)
-2. **Environment**: `$env:FORGEJO_TOKEN` (PowerShell) or `$FORGEJO_TOKEN` (Bash)
-3. **Stored Config**:
-   - Windows: Credential Manager (via `-SaveToken` flag)
-   - macOS/Linux: `~/.config/webdrop-bridge/.env`
-4. **Project File**: `.env` in project root (if exists)
-
-This design matches how git handles credentials!
+Both scripts use HTTP Basic Authentication with your Forgejo username/password:
+- Same credentials you use to log into Forgejo
+- Same credentials git uses when cloning over HTTPS
+- No special token creation needed
 
 ## Complete Release Checklist
 

build/scripts/upload_to_packages.ps1

@@ -1,16 +1,17 @@
 # Upload Windows Build to Forgejo Packages
 # Usage: .\upload_to_packages.ps1 -Version 1.0.0
-# Set token via: $env:FORGEJO_TOKEN = "your_token"
-# Or store in Credential Manager: .\upload_to_packages.ps1 -SaveToken
+# Uses your Forgejo credentials (same as git)
+# Set via: $env:FORGEJO_USER = "username"; $env:FORGEJO_PASS = "password"
 
 param(
     [Parameter(Mandatory=$false)]
     [string]$Version,
     
     [Parameter(Mandatory=$false)]
-    [string]$ForgejoToken,
+    [string]$ForgejoUser,
     
-    [switch]$SaveToken,
+    [Parameter(Mandatory=$false)]
+    [string]$ForgejoPW,
     
     [string]$ForgejoUrl = "https://git.him-tools.de",
     [string]$Repo = "HIM-public/webdrop-bridge",
@@ -18,58 +19,24 @@ param(
     [string]$ChecksumPath = "build\dist\windows\WebDropBridge.exe.sha256"
 )
 
-# Helper function to manage credentials
-function Get-ForgejoToken {
-    param([switch]$Save, [string]$Token)
-    
-    if ($Save -and $Token) {
-        # Save to Credential Manager
-        $cred = New-Object System.Management.Automation.PSCredential(
-            "forgejo",
-            (ConvertTo-SecureString $Token -AsPlainText -Force)
-        )
-        $cred | Export-Clixml -Path "$env:APPDATA\forgejo_token.xml" -Force
-        Write-Host "✓ Token saved to Credential Manager" -ForegroundColor Green
-        return $Token
-    }
-    
-    # Try to load from Credential Manager
-    if (Test-Path "$env:APPDATA\forgejo_token.xml") {
-        $cred = Import-Clixml -Path "$env:APPDATA\forgejo_token.xml"
-        return $cred.GetNetworkCredential().Password
-    }
-    
-    return $null
-}
-
-# Handle -SaveToken flag
-if ($SaveToken) {
-    if (-not $ForgejoToken) {
-        $ForgejoToken = Read-Host "Enter Forgejo token to save" -AsSecureString | %{[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($_))}
-    }
-    Get-ForgejoToken -Save -Token $ForgejoToken
-    exit 0
-}
-
 $ErrorActionPreference = "Stop"
 
-# Get token from sources (in order of priority)
-if (-not $ForgejoToken) {
-    # Try environment variable first
-    $ForgejoToken = $env:FORGEJO_TOKEN
+# Get credentials from sources (in order of priority)
+if (-not $ForgejoUser) {
+    $ForgejoUser = $env:FORGEJO_USER
 }
 
-if (-not $ForgejoToken) {
-    # Try Credential Manager
-    $ForgejoToken = Get-ForgejoToken
+if (-not $ForgejoPW) {
+    $ForgejoPW = $env:FORGEJO_PASS
 }
 
-if (-not $ForgejoToken) {
-    Write-Host "ERROR: No Forgejo token found!" -ForegroundColor Red
-    Write-Host "Set token using one of these methods:" -ForegroundColor Yellow
-    Write-Host "  1. Environment variable: `$env:FORGEJO_TOKEN = 'your_token'" 
-    Write-Host "  2. Credential Manager: .\upload_to_packages.ps1 -SaveToken"  
-    Write-Host "  3. Parameter: -ForgejoToken 'your_token'"
+if (-not $ForgejoUser -or -not $ForgejoPW) {
+    Write-Host "ERROR: Forgejo credentials not found!" -ForegroundColor Red
+    Write-Host "Set credentials using environment variables:" -ForegroundColor Yellow
+    Write-Host "  `$env:FORGEJO_USER = 'your_username'" 
+    Write-Host "  `$env:FORGEJO_PASS = 'your_password'"
+    Write-Host "" -ForegroundColor Yellow
+    Write-Host "These should match your Forgejo login credentials."
     exit 1
 }
 
@@ -100,12 +67,15 @@ $checksum = Get-Content $ChecksumPath -Raw
 Write-Host "File: WebDropBridge.exe ($([math]::Round($exeSize, 2)) MB)"
 Write-Host "Checksum: $($checksum.Substring(0, 16))..."
 
+# Create basic auth header
+$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${ForgejoUser}:${ForgejoPW}"))
+
 # Upload executable
 Write-Host "`nUploading executable..." -ForegroundColor Yellow
 $exeUrl = "$ForgejoUrl/api/v1/repos/$Repo/packages/generic/webdrop-bridge/$Version/WebDropBridge.exe"
 
 $headers = @{
-    "Authorization" = "token $ForgejoToken"
+    "Authorization" = "Basic $auth"
 }
 
 try {

build/scripts/upload_to_packages.sh

@@ -1,88 +1,53 @@
 #!/bin/bash
 # Upload macOS Build to Forgejo Packages
 # Usage: ./upload_to_packages.sh -v 1.0.0
-# Set token via: export FORGEJO_TOKEN="your_token"
-# Or store in config: ./upload_to_packages.sh --save-token -t "your_token"
+# Uses your Forgejo credentials (same as git)
+# Set via: export FORGEJO_USER="username"; export FORGEJO_PASS="password"
 
 set -e
 
 # Parse arguments
 VERSION=""
-FORGEJO_TOKEN=""
+FORGEJO_USER=""
+FORGEJO_PASS=""
 FORGEJO_URL="https://git.him-tools.de"
 REPO="HIM-public/webdrop-bridge"
 DMG_PATH="build/dist/macos/WebDropBridge.dmg"
 CHECKSUM_PATH="build/dist/macos/WebDropBridge.dmg.sha256"
-SAVE_TOKEN=false
 
 while [[ $# -gt 0 ]]; do
     case $1 in
         -v|--version) VERSION="$2"; shift 2;;
-        -t|--token) FORGEJO_TOKEN="$2"; shift 2;;
         -u|--url) FORGEJO_URL="$2"; shift 2;;
-        --save-token) SAVE_TOKEN=true; shift;;
         *) echo "Unknown option: $1"; exit 1;;
     esac
 done
 
-# Load token from environment or .env file
-if [ -z "$FORGEJO_TOKEN" ]; then
-    # Check if .env file exists in project root
-    if [ -f ".env" ]; then
-        export $(grep "FORGEJO_TOKEN" .env | xargs)
-    fi
-    # Check if saved in home config
-    if [ -z "$FORGEJO_TOKEN" ] && [ -f "$HOME/.config/webdrop-bridge/.env" ]; then
-        export $(grep "FORGEJO_TOKEN" "$HOME/.config/webdrop-bridge/.env" | xargs)
-    fi
+# Load credentials from environment
+if [ -z "$FORGEJO_USER" ]; then
+    FORGEJO_USER="$FORGEJO_USER"
 fi
 
-# Handle --save-token flag
-if [ "$SAVE_TOKEN" = true ]; then
-    if [ -z "$FORGEJO_TOKEN" ]; then
-        read -sp "Enter Forgejo token to save: " FORGEJO_TOKEN
-        echo ""
-    fi
-    mkdir -p "$HOME/.config/webdrop-bridge"
-    echo "FORGEJO_TOKEN=$FORGEJO_TOKEN" > "$HOME/.config/webdrop-bridge/.env"
-    chmod 600 "$HOME/.config/webdrop-bridge/.env"
-    echo "✓ Token saved to $HOME/.config/webdrop-bridge/.env"
-    exit 0
+if [ -z "$FORGEJO_PASS" ]; then
+    FORGEJO_PASS="$FORGEJO_PASS"
 fi
 
 # Verify required parameters
 if [ -z "$VERSION" ]; then
     echo "ERROR: Version parameter required" >&2
-    echo "Usage: $0 -v VERSION [-t TOKEN] [-u FORGEJO_URL]" >&2
+    echo "Usage: $0 -v VERSION [-u FORGEJO_URL]" >&2
     echo "Example: $0 -v 1.0.0" >&2
+    exit 1
+fi
+
+if [ -z "$FORGEJO_USER" ] || [ -z "$FORGEJO_PASS" ]; then
+    echo "ERROR: Forgejo credentials not found!" >&2
     echo "" >&2
-    echo "Token can be set via:" >&2
-    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
-    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
-    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
-    echo "  4. Parameter: -t 'your_token'" >&2
-    exit 1
-fi
-
-if [ -z "$FORGEJO_TOKEN" ]; then
-    echo "ERROR: Forgejo token not found!" >&2
+    echo "Set your credentials using environment variables:" >&2
+    echo "  export FORGEJO_USER='your_username'" >&2
+    echo "  export FORGEJO_PASS='your_password'" >&2
     echo "" >&2
-    echo "Set token using one of these methods:" >&2
-    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
-    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
-    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
-    echo "  4. Parameter: -t 'your_token'" >&2
-    exit 1
-fi
-
-# Verify files exist
-if [ ! -f "$DMG_PATH" ]; then
-    echo "ERROR: DMG file not found at $DMG_PATH"
-    exit 1
-fi
-
-if [ ! -f "$CHECKSUM_PATH" ]; then
-    echo "ERROR: Checksum file not found at $CHECKSUM_PATH"
+    echo "These should match your Forgejo login credentials." >&2
     exit 1
 fi
 
@@ -95,13 +60,16 @@ CHECKSUM=$(cat "$CHECKSUM_PATH")
 echo "File: WebDropBridge.dmg ($DMG_SIZE MB)"
 echo "Checksum: ${CHECKSUM:0:16}..."
 
+# Create basic auth header
+BASIC_AUTH=$(echo -n "${FORGEJO_USER}:${FORGEJO_PASS}" | base64)
+
 # Upload DMG
 echo ""
 echo "Uploading DMG..."
 DMG_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg"
 
 HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \
-    -H "Authorization: token $FORGEJO_TOKEN" \
+    -H "Authorization: Basic $BASIC_AUTH" \
     --data-binary "@$DMG_PATH" \
     -H "Content-Type: application/octet-stream" \
     "$DMG_URL" \
@@ -120,7 +88,7 @@ echo "Uploading checksum..."
 CHECKSUM_URL="$FORGEJO_URL/api/v1/repos/$REPO/packages/generic/webdrop-bridge/$VERSION/WebDropBridge.dmg.sha256"
 
 HTTP_CODE=$(curl -s -w "%{http_code}" -X PUT \
-    -H "Authorization: token $FORGEJO_TOKEN" \
+    -H "Authorization: Basic $BASIC_AUTH" \
     -d "$CHECKSUM" \
     -H "Content-Type: text/plain" \
     "$CHECKSUM_URL" \