aibot777/gitea-token-access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gitea-token-access/docs/manual-setup.md
delta-cloud-208e 295afe9b2a feat: initial repo — docs and scripts for Gitea read-only token access 
Three-layer access scheme: owner -> reader account -> scoped API token.
Includes 6 automation scripts, config template, EN/RU docs, and manual curl guide.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 14:47:04 +00:00

2.7 KiB
Raw Permalink Blame History

Manual Setup via curl

Step-by-step commands for setting up read-only access manually. Replace placeholders with your actual values.

Variables

GITEA_API="https://git.example.com/api/v1"
OWNER="myuser"
OWNER_PASS="mypassword"
READER="myreader"
READER_PASS="readerpassword"
READER_EMAIL="myreader@noreply.local"

1. Create Reader Account

curl -X POST "$GITEA_API/admin/users" \
  -u "$OWNER:$OWNER_PASS" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "'"$READER"'",
    "password": "'"$READER_PASS"'",
    "email": "'"$READER_EMAIL"'",
    "must_change_password": false,
    "visibility": "public"
  }'

Expected: HTTP 201

2. Activate Account

Some Gitea configurations require explicit activation:

curl -X PATCH "$GITEA_API/admin/users/$READER" \
  -u "$OWNER:$OWNER_PASS" \
  -H "Content-Type: application/json" \
  -d '{
    "active": true,
    "visibility": "public",
    "login_name": "'"$READER"'"
  }'

3. Create API Token

Authenticate as the reader to create a token with limited scope:

curl -X POST "$GITEA_API/users/$READER/tokens" \
  -u "$READER:$READER_PASS" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "installer-readonly",
    "scopes": ["read:repository"]
  }'

Response:

{
  "id": 1,
  "name": "installer-readonly",
  "sha1": "abc123...",
  "token_last_eight": "abc12345"
}

Save the sha1 value — it is only shown once.

4. Grant Access to a Repository

REPO="my-private-repo"

curl -X PUT "$GITEA_API/repos/$OWNER/$REPO/collaborators/$READER" \
  -u "$OWNER:$OWNER_PASS" \
  -H "Content-Type: application/json" \
  -d '{"permission": "read"}'

Expected: HTTP 204

5. Verify Access

With token (should work):

TOKEN="abc123..."

curl -H "Authorization: token $TOKEN" \
  "$GITEA_API/repos/$OWNER/$REPO"

Without token (should return 404 for private repo):

curl "$GITEA_API/repos/$OWNER/$REPO"

6. Clone with Token

git clone "https://$READER:$TOKEN@git.example.com/$OWNER/$REPO.git"

Or download a specific file:

curl -H "Authorization: token $TOKEN" \
  "$GITEA_API/repos/$OWNER/$REPO/raw/README.md"

7. Revoke Access

Remove from collaborators:

curl -X DELETE "$GITEA_API/repos/$OWNER/$REPO/collaborators/$READER" \
  -u "$OWNER:$OWNER_PASS"

8. Rotate Token

Delete old:

curl -X DELETE "$GITEA_API/users/$READER/tokens/installer-readonly" \
  -u "$READER:$READER_PASS"

Create new:

curl -X POST "$GITEA_API/users/$READER/tokens" \
  -u "$READER:$READER_PASS" \
  -H "Content-Type: application/json" \
  -d '{"name": "installer-readonly", "scopes": ["read:repository"]}'
Reference in New Issue View Git Blame Copy Permalink