added special public token

tionis · tionis · commit ede6298a8027 · 2025-08-30T04:23:40.000+02:00
Fixes #5
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1 @@
+.vscode/copilot-instructions.md
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Patchwork
 
-[![CI](https://github.com/tionis/patchwork/workflows/CI/badge.svg)](https://githPatchwork uses a Forgejo-integrated authentication system. Each user maintains a `config.yaml` file in their `.patchwork` repository to define access tokens, permissions, and notification settings.b.com/tionis/patchwork/actions/workflows/ci.yml)
+[![CI](https://github.com/tionis/patchwork/workflows/CI/badge.svg)](https://github.com/tionis/patchwork/actions/workflows/ci.yml)
 [![Test](https://github.com/tionis/patchwork/workflows/Test/badge.svg)](https://github.com/tionis/patchwork/actions/workflows/test.yml)
 [![codecov](https://codecov.io/gh/tionis/patchwork/branch/main/graph/badge.svg)](https://codecov.io/gh/tionis/patchwork)
 [![Go Report Card](https://goreportcard.com/badge/github.com/tionis/patchwork)](https://goreportcard.com/report/github.com/tionis/patchwork)
@@ -655,6 +655,8 @@ The server is organized by namespaces with different access patterns:
   connections. Uses token-based authentication via `Authorization` header. Tokens are managed through
   the `huproxy` field in the user's `config.yaml` file in their `.patchwork` repository.
 
+If a request is made to a user namespace without an `Authorization` header or `toke` query parameter, it is treated as a request with the token `public`. This allows for creating public endpoints within a user's namespace that can be accessed without authentication.
+
 ### ACL File Format
 
 For user namespaces, access control is managed through YAML files stored in
diff --git a/TODO.md b/TODO.md
@@ -103,8 +103,7 @@ The current manual testing approach of using separate curl commands in terminals
 - Consider adding debug endpoints to inspect channel states
 - Add metrics for request-responder success/failure rates
 
-### 3. Authentication and Access Control
-- If a request comes in for the user namespace that does not have a token set, treat it as it had a token with the value "public". This should also be documented. This allows users to selectivly open their namespace to unauthenticated outsiders
+
 
 ---
 
diff --git a/assets/index.html b/assets/index.html
@@ -231,6 +231,9 @@ <h3>User Namespaces</h3>
     <code>.patchwork</code> repository in your account and add a <code>config.yaml</code> 
     file to define tokens, permissions, notification settings, and HuProxy access.
   </p>
+  <p>
+    If a request is made to a user namespace without an <code>Authorization</code> header or <code>token</code> query parameter, it is treated as a request with the token <code>public</code>. This allows for creating public endpoints within a user's namespace that can be accessed without authentication.
+  </p>
   
   <h4>config.yaml Format</h4>
   <p>Create a <code>config.yaml</code> file in your <code>.patchwork</code> repository:</p>
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -25,7 +25,8 @@ func AuthenticateToken(
 	}
 
 	if token == "" {
-		return false, "no token provided", nil
+		// If no token is provided for a user namespace, treat it as a "public" token
+		token = "public"
 	}
 
 	// For HuProxy, pass the path as the operation to check against patterns

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,8 @@ func AuthenticateToken(`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`if token == "" {`
`28`		`- return false, "no token provided", nil`
	`28`	`+ // If no token is provided for a user namespace, treat it as a "public" token`
	`29`	`+ token = "public"`
`29`	`30`	`}`
`30`	`31`
`31`	`32`	`// For HuProxy, pass the path as the operation to check against patterns`