fix username spoofing

request/gitea.go

@@ -9,7 +9,9 @@ import (
 	"math/rand"
 	"net/http"
 	"os"
+	"os/user"
 	"path/filepath"
+	"syscall"
 	"time"
 
 	email "git.tilde.town/tildetown/town/email"
@@ -33,7 +35,14 @@ func processGitea(rp string) error {
 	usernames := []string{}
 
 	for _, file := range files {
-		usernames = append(usernames, file.Name())
+		sysInfo := file.Sys()
+		uid := sysInfo.(*syscall.Stat_t).Uid
+		user, err := user.LookupId(fmt.Sprintf("%d", uid))
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to get owner of file named '%s': %s", file.Name(), err)
+			continue
+		}
+		usernames = append(usernames, user.Username)
 	}
 
 	if len(usernames) == 0 {