diff --git a/MEMORY.md b/MEMORY.md index 1a34d1e..24e4371 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -714,3 +714,36 @@ Optionally also set `SMARTSHEET_CRON_SECRET`. - `findRowByColumn` is O(n) over up to 2,500 rows; fine for typical water-log sheets but switches to search-API dependency if any brand ever exceeds ~10k entries/year. + +## 2026-07: Gitea API runs on internal port 3013, not the public 3000 + +When using the Gitea REST API from a script or cron job that runs +*on the Gitea host itself*, hit `http://localhost:3013`, NOT +`http://localhost:3000`. The public port (3000) is the reverse proxy +and does NOT route `/api/v1/*` directly. The internal Gitea port is +set by `LOCAL_ROOT_URL` in `/home/git/custom/conf/app.ini`. + +This came up while adding the SMARTSHEET_TOKEN_ENC_KEY secret: +1. Initial PUT to `localhost:3000/api/v1/...` returned HTML 404 + (the 3000 service doesn't speak the Gitea API) +2. Switched to `localhost:3013` and got HTTP 201 + +For API tokens used in cron / automation, prefer generating them +via `gitea admin user generate-access-token` (CLI) over the UI. +The token shows once in stdout; capture immediately and unset. +There's no `delete-access-token` subcommand in this Gitea version +(`admin user delete-access-token` errors with "flag not defined") — +to revoke, DELETE directly from the SQLite `access_token` table: + +```bash +sudo -S -p "" -u git python3 -c " +import sqlite3 +c = sqlite3.connect('/home/git/data/gitea.db') +print(c.execute(\"DELETE FROM access_token WHERE name='MY-TOKEN'\").rowcount) +c.commit() +" <<< "$SUDOPW" +``` + +Gitea is on **SQLite** here (`/home/git/data/gitea.db`), not the +`HOST = 127.0.0.1:3306` listed in app.ini (that's stale config from +when the DB was MySQL).