### Problem The Go-get middleware (`lib/gitlab/middleware/go.rb`) currently only supports HTTP Basic authentication. This limits custom GOAUTH commands, Supporting Bearer, PRIVATE-TOKEN, and JOB-TOKEN authentication provides more options for custom commands, which are used when using a project as a Go package within a private subgroup (see https://gitlab.com/gitlab-org/gitlab/-/work_items/388573+). ### Relevant code In `lib/gitlab/middleware/go.rb`, the `can_read_project?` method currently only handles Basic auth: ```ruby def can_read_project?(request, project) return true if project.public? return false unless has_basic_credentials?(request) login, password = user_name_and_password(request) auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, request: request) auth_result.success? && auth_result.authentication_abilities_include?(:read_project) && auth_result.can_perform_action_on_project?(:read_project, project) end ``` ### Proposal Extend `can_read_project?` to also accept: - **`Authorization: Bearer <token>`** (personal/project/group access tokens, OAuth tokens) - **`PRIVATE-TOKEN`** header - **`JOB-TOKEN`** header (for CI/CD pipelines fetching Go dependencies) This should reuse existing GitLab authentication infrastructure where possible. ### Related issues - #501192 - #388573