From 4fa190944d11f63d450437274cdac7ad2e2454ec Mon Sep 17 00:00:00 2001
From: Pavel Goran <me@pvgoran.name>
Date: Wed, 16 Jul 2025 01:11:39 +0700
Subject: [PATCH] Support Basic Authentication for archive downloads

Resolves #35083
---
 services/auth/basic.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/auth/basic.go b/services/auth/basic.go
index b2bd14ef5d3bc..6d147deeb1388 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -46,10 +46,10 @@ func (b *Basic) Name() string {
 // name/token on successful validation.
 // Returns nil if header is empty or validation fails.
 func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
-	// Basic authentication should only fire on API, Feed, Download or on Git or LFSPaths
+	// Basic authentication should only fire on API, Feed, Download, Archives or on Git or LFSPaths
 	// Not all feed (rss/atom) clients feature the ability to add cookies or headers, so we need to allow basic auth for feeds
 	detector := newAuthPathDetector(req)
-	if !detector.isAPIPath() && !detector.isFeedRequest(req) && !detector.isContainerPath() && !detector.isAttachmentDownload() && !detector.isGitRawOrAttachOrLFSPath() {
+	if !detector.isAPIPath() && !detector.isFeedRequest(req) && !detector.isContainerPath() && !detector.isAttachmentDownload() && !detector.isArchivePath() && !detector.isGitRawOrAttachOrLFSPath() {
 		return nil, nil
 	}