MarcoBuster/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-22 10:37:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

use only acccess key and secret to form a remote clone url for codecommit

Browse Source
This commit is contained in:
Ben Chang 2024-12-19 06:29:09 +00:00
parent 5ec8df02f6
commit c20e4cd1e3
1 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
services/migrations/codecommit.go
View File

@ -5,10 +5,15 @@ package migrations
import ( import (
"context" "context"
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt" "fmt"
"hash"
"net/url" "net/url"
"strconv" "strconv"
"strings" "strings"
"time"
git_module "code.gitea.io/gitea/modules/git" git_module "code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
@ -71,6 +76,7 @@ func NewCodeCommitDownloader(ctx context.Context, repoName, baseURL, accessKeyID
Credentials: credentials.NewStaticCredentialsProvider(accessKeyID, secretAccessKey, ""), Credentials: credentials.NewStaticCredentialsProvider(accessKeyID, secretAccessKey, ""),
Region: region, Region: region,
}), }),
regionName: region,
} }
return &downloader return &downloader
@ -84,6 +90,7 @@ type CodeCommitDownloader struct {
repoName string repoName string
baseURL string baseURL string
allPullRequestIDs []string allPullRequestIDs []string
regionName string
} }
// SetContext set context // SetContext set context
@ -227,7 +234,10 @@ func (c *CodeCommitDownloader) FormatCloneURL(opts MigrateOptions, remoteAddr st
if err != nil { if err != nil {
return "", err return "", err
} }
u.User = url.UserPassword(opts.AuthUsername, opts.AuthPassword) now := time.Now().UTC()
datetime := now.Format("20060102T150405Z")
signature := generateSigV4AuthPassword(opts.AWSSecretAccessKey, u.Host, u.Path, c.regionName, now)
u.User = url.UserPassword(opts.AWSAccessKeyID, datetime+signature)
return u.String(), nil return u.String(), nil
} }
@ -267,3 +277,34 @@ func (c *CodeCommitDownloader) getUsernameFromARN(arn string) string {
} }
return "" return ""
} }
func generateSigV4AuthPassword(secretKey string, host string, path string, region string, now time.Time) string {
amzDate := now.Format("20060102T150405")
date := now.Format("20060102")
canonicalRequest := fmt.Sprintf("GIT\n%s\n\nhost:%s\n\nhost\n", path, host)
stringToSign := "AWS4-HMAC-SHA256\n"
stringToSign += amzDate + "\n"
stringToSign += fmt.Sprintf("%s/%s/%s/aws4_request\n", date, region, "codecommit")
stringToSign += hex.EncodeToString(makeHash(sha256.New(), []byte(canonicalRequest)))
signKey := sign([]byte("AWS4"+secretKey), date)
signKey = sign(signKey, region)
signKey = sign(signKey, "codecommit")
signKey = sign(signKey, "aws4_request")
signature := sign(signKey, stringToSign)
return hex.EncodeToString(signature)
}
func sign(key []byte, msg string) []byte {
h := hmac.New(sha256.New, key)
h.Write([]byte(msg))
return h.Sum(nil)
}
func makeHash(hash hash.Hash, b []byte) []byte {
hash.Reset()
hash.Write(b)
return hash.Sum(nil)
}