lfs: implement HTTP routes (#6035)

* Bootstrap with GORM

* Fix lint error

* Set conn max lifetime to one minute

* Fallback to use gorm v1

* Define HTTP routes

* Finish authentication

* Save token updated

* Add docstring

* Finish authorization

* serveBatch rundown

* Define types in lfsutil

* Finish Batch

* authutil

* Finish basic

* Formalize response error

* Fix lint errors

* authutil: add tests

* dbutil: add tests

* lfsutil: add tests

* strutil: add tests

* Formalize 401 response

1 files changed, 35 insertions, 0 deletions

diff --git a/internal/authutil/basic.go b/internal/authutil/basic.go
new file mode 100644
index 00000000..891cf762
--- /dev/null
+++ b/internal/authutil/basic.go
@@ -0,0 +1,35 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package authutil
+
+import (
+	"encoding/base64"
+	"net/http"
+	"strings"
+)
+
+// DecodeBasic extracts username and password from given header using HTTP Basic Auth.
+// It returns empty strings if values are not presented or not valid.
+func DecodeBasic(header http.Header) (username, password string) {
+	if len(header) == 0 {
+		return "", ""
+	}
+
+	fields := strings.Fields(header.Get("Authorization"))
+	if len(fields) != 2 || fields[0] != "Basic" {
+		return "", ""
+	}
+
+	p, err := base64.StdEncoding.DecodeString(fields[1])
+	if err != nil {
+		return "", ""
+	}
+
+	creds := strings.SplitN(string(p), ":", 2)
+	if len(creds) == 1 {
+		return creds[0], ""
+	}
+	return creds[0], creds[1]
+}