Add insecure gitea client flag (#259)

CHANGELOG.md

@@ -5,13 +5,16 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 
 ## [1.8.9] - unreleased
 ### Added
+- GHORG_INSECURE_GITEA_CLIENT to allow cloning from Gitea instances using http; thanks @zerrol
 ### Changed
 ### Deprecated
 ### Removed
 - Logging errors from security command
 ### Fixed
-- GHORG_RECLONE_PATH from getting unset
+- GHORG_RECLONE_PATH from getting unset; thanks @afonsoc12
 ### Security
+- Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
+- Bump github.com/spf13/cobra from 1.5.0 to 1.6.1
 
 ## [1.8.8] - 10/11/22
 ### Added

cmd/clone.go

@@ -153,6 +153,10 @@ func cloneFunc(cmd *cobra.Command, argz []string) {
 		os.Setenv("GHORG_INSECURE_GITLAB_CLIENT", "true")
 	}
 
+	if cmd.Flags().Changed("insecure-gitea-client") {
+		os.Setenv("GHORG_INSECURE_GITEA_CLIENT", "true")
+	}
+
 	if cmd.Flags().Changed("skip-forks") {
 		os.Setenv("GHORG_SKIP_FORKS", "true")
 	}

cmd/root.go

@@ -41,6 +41,7 @@ var (
 	cloneWiki                    bool
 	preserveDir                  bool
 	insecureGitlabClient         bool
+	insecureGiteaClient          bool
 	fetchAll                     bool
 	ghorgReCloneVerbose          bool
 	ghorgReCloneQuiet            bool
@@ -123,6 +124,8 @@ func getOrSetDefaults(envVar string) {
 			os.Setenv(envVar, "false")
 		case "GHORG_INSECURE_GITLAB_CLIENT":
 			os.Setenv(envVar, "false")
+		case "GHORG_INSECURE_GITEA_CLIENT":
+			os.Setenv(envVar, "false")
 		case "GHORG_BACKUP":
 			os.Setenv(envVar, "false")
 		case "GHORG_RECLONE_VERBOSE":
@@ -207,6 +210,7 @@ func InitConfig() {
 	getOrSetDefaults("GHORG_DRY_RUN")
 	getOrSetDefaults("GHORG_CLONE_WIKI")
 	getOrSetDefaults("GHORG_INSECURE_GITLAB_CLIENT")
+	getOrSetDefaults("GHORG_INSECURE_GITEA_CLIENT")
 	getOrSetDefaults("GHORG_BACKUP")
 	getOrSetDefaults("GHORG_RECLONE_VERBOSE")
 	getOrSetDefaults("GHORG_RECLONE_QUIET")
@@ -268,6 +272,7 @@ func init() {
 	cloneCmd.Flags().BoolVar(&fetchAll, "fetch-all", false, "GHORG_FETCH_ALL - Fetches all remote branches for each repo by running a git fetch --all")
 	cloneCmd.Flags().BoolVar(&dryRun, "dry-run", false, "GHORG_DRY_RUN - Perform a dry run of the clone; fetches repos but does not clone them")
 	cloneCmd.Flags().BoolVar(&insecureGitlabClient, "insecure-gitlab-client", false, "GHORG_INSECURE_GITLAB_CLIENT - Skip TLS certificate verification for hosted gitlab instances")
+	cloneCmd.Flags().BoolVar(&insecureGiteaClient, "insecure-gitea-client", false, "GHORG_INSECURE_GITEA_CLIENT - Must be set to clone from a Gitea instance using http")
 	cloneCmd.Flags().BoolVar(&cloneWiki, "clone-wiki", false, "GHORG_CLONE_WIKI - Additionally clone the wiki page for repo")
 	cloneCmd.Flags().BoolVar(&skipForks, "skip-forks", false, "GHORG_SKIP_FORKS - Skips repo if its a fork, github/gitlab/gitea only")
 	cloneCmd.Flags().BoolVar(&preserveDir, "preserve-dir", false, "GHORG_PRESERVE_DIRECTORY_STRUCTURE - Clones repos in a directory structure that matches gitlab namespaces eg company/unit/subunit/app would clone into ghorg/unit/subunit/app, gitlab only")

sample-conf.yaml

@@ -165,7 +165,7 @@ GHORG_PRESERVE_DIRECTORY_STRUCTURE: false
 
 # Skip TLS certificate verification for hosted gitlab instances
 # flag (--insecure-gitlab-client)
-GHORG_INSECURE_GITLAB_CLIENT:
+GHORG_INSECURE_GITLAB_CLIENT: false
 
 # Exclude gitlab groups by regex
 # flag (--gitlab-group-exclude-match-regex)
@@ -180,6 +180,10 @@ GHORG_GITLAB_GROUP_EXCLUDE_MATCH_REGEX:
 # flag (--token, -t) eg: --token=bGVhdmUgYSBjb21tZW50IG9uIGlzc3VlIDY2
 GHORG_GITEA_TOKEN:
 
+# Must be present if your gitea instance uses http
+# flag (--insecure-gitea-client)
+GHORG_INSECURE_GITEA_CLIENT: false
+
 # +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
 # |B|I|T|B|U|C|K|E|T| |S|P|E|C|I|F|I|C|
 # +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+

scm/gitea.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"code.gitea.io/sdk/gitea"
+	"github.com/gabrie30/ghorg/colorlog"
 )
 
 var (
@@ -117,6 +118,21 @@ func (_ Gitea) NewClient() (Client, error) {
 	return client, nil
 }
 
+func (_ Gitea) addTokenToCloneURL(url string, token string) string {
+	isHTTP := strings.HasPrefix(url, "http://")
+
+	if isHTTP {
+		if os.Getenv("GHORG_INSECURE_GITEA_CLIENT") == "true" {
+			splitURL := strings.Split(url, "http://")
+			return "http://" + token + "@" + splitURL[1]
+		}
+		colorlog.PrintErrorAndExit("You are attempting clone from an insecure Gitea instance. You must set the (--insecure-gitea-client) flag to proceed.")
+	}
+
+	splitURL := strings.Split(url, "https://")
+	return "https://" + token + "@" + splitURL[1]
+}
+
 func (c Gitea) filter(rps []*gitea.Repository) (repoData []Repo, err error) {
 	for _, rp := range rps {
 
@@ -159,7 +175,7 @@ func (c Gitea) filter(rps []*gitea.Repository) (repoData []Repo, err error) {
 		if os.Getenv("GHORG_CLONE_PROTOCOL") == "https" {
 			cloneURL := rp.CloneURL
 			if rp.Private {
-				cloneURL = "https://" + os.Getenv("GHORG_GITEA_TOKEN") + strings.TrimPrefix(cloneURL, "https://")
+				cloneURL = c.addTokenToCloneURL(cloneURL, os.Getenv("GHORG_GITEA_TOKEN"))
 			}
 			r.CloneURL = cloneURL
 			r.URL = cloneURL