aibot777/gitea-token-access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gitea-token-access/docs/manual-setup.md
delta-cloud-208e 295afe9b2a feat: initial repo — docs and scripts for Gitea read-only token access 
Three-layer access scheme: owner -> reader account -> scoped API token.
Includes 6 automation scripts, config template, EN/RU docs, and manual curl guide.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 14:47:04 +00:00

138 lines
2.7 KiB
Markdown
Raw Permalink Blame History

# Manual Setup via curl
Step-by-step commands for setting up read-only access manually.
Replace placeholders with your actual values.
## Variables
```bash
GITEA_API="https://git.example.com/api/v1"
OWNER="myuser"
OWNER_PASS="mypassword"
READER="myreader"
READER_PASS="readerpassword"
READER_EMAIL="myreader@noreply.local"
```
## 1. Create Reader Account
```bash
curl -X POST "$GITEA_API/admin/users" \
-u "$OWNER:$OWNER_PASS" \
-H "Content-Type: application/json" \
-d '{
"username": "'"$READER"'",
"password": "'"$READER_PASS"'",
"email": "'"$READER_EMAIL"'",
"must_change_password": false,
"visibility": "public"
}'
```
Expected: HTTP 201
## 2. Activate Account
Some Gitea configurations require explicit activation:
```bash
curl -X PATCH "$GITEA_API/admin/users/$READER" \
-u "$OWNER:$OWNER_PASS" \
-H "Content-Type: application/json" \
-d '{
"active": true,
"visibility": "public",
"login_name": "'"$READER"'"
}'
```
## 3. Create API Token
Authenticate as the reader to create a token with limited scope:
```bash
curl -X POST "$GITEA_API/users/$READER/tokens" \
-u "$READER:$READER_PASS" \
-H "Content-Type: application/json" \
-d '{
"name": "installer-readonly",
"scopes": ["read:repository"]
}'
```
Response:
```json
{
"id": 1,
"name": "installer-readonly",
"sha1": "abc123...",
"token_last_eight": "abc12345"
}
```
Save the `sha1` value — it is only shown once.
## 4. Grant Access to a Repository
```bash
REPO="my-private-repo"
curl -X PUT "$GITEA_API/repos/$OWNER/$REPO/collaborators/$READER" \
-u "$OWNER:$OWNER_PASS" \
-H "Content-Type: application/json" \
-d '{"permission": "read"}'
```
Expected: HTTP 204
## 5. Verify Access
With token (should work):
```bash
TOKEN="abc123..."
curl -H "Authorization: token $TOKEN" \
"$GITEA_API/repos/$OWNER/$REPO"
```
Without token (should return 404 for private repo):
```bash
curl "$GITEA_API/repos/$OWNER/$REPO"
```
## 6. Clone with Token
```bash
git clone "https://$READER:$TOKEN@git.example.com/$OWNER/$REPO.git"
```
Or download a specific file:
```bash
curl -H "Authorization: token $TOKEN" \
"$GITEA_API/repos/$OWNER/$REPO/raw/README.md"
```
## 7. Revoke Access
Remove from collaborators:
```bash
curl -X DELETE "$GITEA_API/repos/$OWNER/$REPO/collaborators/$READER" \
-u "$OWNER:$OWNER_PASS"
```
## 8. Rotate Token
Delete old:
```bash
curl -X DELETE "$GITEA_API/users/$READER/tokens/installer-readonly" \
-u "$READER:$READER_PASS"
```
Create new:
```bash
curl -X POST "$GITEA_API/users/$READER/tokens" \
-u "$READER:$READER_PASS" \
-H "Content-Type: application/json" \
-d '{"name": "installer-readonly", "scopes": ["read:repository"]}'
```
Reference in New Issue View Git Blame Copy Permalink