Fix security issues with cache by proxying access (#503)

This is the forgejo-runner-side patch for a partial overhaul of the cache system to fix some access control issues with caches. This code depends on changes in act which are being reviewed here: forgejo/act#107 Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/502 Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/503 Reviewed-by: Gusted <gusted@noreply.code.forgejo.org> Co-authored-by: Kwonunn <kwonunnx@gmail.com> Co-committed-by: Kwonunn <kwonunnx@gmail.com>
2025-09-15 18:57:01 +00:00 · 2025-03-22 00:03:09 +00:00 · 2025-03-22 00:03:09 +00:00 · 46eb63a952
commit 46eb63a952
parent e5e28d16a5
8 changed files with 139 additions and 38 deletions
--- a/internal/app/cmd/cmd.go
+++ b/internal/app/cmd/cmd.go
@ -85,6 +85,7 @@ func Execute(ctx context.Context) {
 	cacheCmd.Flags().StringVarP(&cacheArgs.Dir, "dir", "d", "", "Cache directory")
 	cacheCmd.Flags().StringVarP(&cacheArgs.Host, "host", "s", "", "Host of the cache server")
 	cacheCmd.Flags().Uint16VarP(&cacheArgs.Port, "port", "p", 0, "Port of the cache server")
+	cacheCmd.Flags().StringVarP(&cacheArgs.Secret, "secret", "", "", "Shared cache secret")
 	rootCmd.AddCommand(cacheCmd)

 	// hide completion command