Add a setting to allow anonymous access to individual gists while still RequireLogin everywhere else (#229)

* Add a setting to allow accessing individual gists without auth

This is a middle ground between the existing setting "Require Login",
which requires login to do anything at all, and having it off, which
shows a public list of gists and more generally allows discovering info
about the users/gists of the instance without login.

The idea of this setting is that it is "require login" for everything
except individual gists.

Fixes #228.


Co-authored-by: Thomas Miceli <tho.miceli@gmail.com>

internal/ssh/git_ssh.go

@@ -2,14 +2,16 @@ package ssh
 
 import (
 	"errors"
+	"io"
+	"os/exec"
+	"strings"
+
 	"github.com/rs/zerolog/log"
+	"github.com/thomiceli/opengist/internal/auth"
 	"github.com/thomiceli/opengist/internal/db"
 	"github.com/thomiceli/opengist/internal/git"
 	"golang.org/x/crypto/ssh"
 	"gorm.io/gorm"
-	"io"
-	"os/exec"
-	"strings"
 )
 
 func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
@@ -37,7 +39,7 @@ func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
 		return errors.New("gist not found")
 	}
 
-	requireLogin, err := db.GetSetting(db.SettingRequireLogin)
+	allowUnauthenticated, err := auth.ShouldAllowUnauthenticatedGistAccess(db.DBAuthInfo{}, true)
 	if err != nil {
 		return errors.New("internal server error")
 	}
@@ -50,7 +52,7 @@ func runGitCommand(ch ssh.Channel, gitCmd string, key string, ip string) error {
 	if verb == "receive-pack" ||
 		gist.Private == 2 ||
 		gist.ID == 0 ||
-		requireLogin == "1" {
+		!allowUnauthenticated {
 
 		pubKey, err := db.SSHKeyExistsForUser(key, gist.UserID)
 		if err != nil {