closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10016 Commits
2 Branches
178 MiB
Tree: 3270e7a443
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3270e7a443'
${ noResults }
gitea/vendor/github.com/go-openapi/runtime/middleware/router.go

478 lines
14 KiB
Raw Normal View History

Use vendored go-swagger (#8087) * Use vendored go-swagger * vendor go-swagger * revert un wanteed change * remove un-needed GO111MODULE * Update Makefile Co-Authored-By: techknowlogick <matti@mdranta.net>
4 years ago
[Vendor] update go-swagger v0.21.0 -> v0.25.0 (#12670) * Update go-swagger * vendor
3 years ago
Use vendored go-swagger (#8087) * Use vendored go-swagger * vendor go-swagger * revert un wanteed change * remove un-needed GO111MODULE * Update Makefile Co-Authored-By: techknowlogick <matti@mdranta.net>
4 years ago
[Vendor] update go-swagger v0.21.0 -> v0.25.0 (#12670) * Update go-swagger * vendor
3 years ago
Use vendored go-swagger (#8087) * Use vendored go-swagger * vendor go-swagger * revert un wanteed change * remove un-needed GO111MODULE * Update Makefile Co-Authored-By: techknowlogick <matti@mdranta.net>
4 years ago
[Vendor] update go-swagger v0.21.0 -> v0.25.0 (#12670) * Update go-swagger * vendor
3 years ago
Use vendored go-swagger (#8087) * Use vendored go-swagger * vendor go-swagger * revert un wanteed change * remove un-needed GO111MODULE * Update Makefile Co-Authored-By: techknowlogick <matti@mdranta.net>
4 years ago
 
  1. // Copyright 2015 go-swagger maintainers

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License");

  4. // you may not use this file except in compliance with the License.

  5. // You may obtain a copy of the License at

  6. //

  7. //    http://www.apache.org/licenses/LICENSE-2.0

  8. //

  9. // Unless required by applicable law or agreed to in writing, software

  10. // distributed under the License is distributed on an "AS IS" BASIS,

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. // See the License for the specific language governing permissions and

  13. // limitations under the License.

  14. 

  15. package middleware
  16. 

  17. import (
  18. 	"fmt"
  19. 	"net/http"
  20. 	fpath "path"
  21. 	"regexp"
  22. 	"strings"
  23. 

  24. 	"github.com/go-openapi/runtime/security"
  25. 

  26. 	"github.com/go-openapi/analysis"
  27. 	"github.com/go-openapi/errors"
  28. 	"github.com/go-openapi/loads"
  29. 	"github.com/go-openapi/spec"
  30. 	"github.com/go-openapi/strfmt"
  31. 

  32. 	"github.com/go-openapi/runtime"
  33. 	"github.com/go-openapi/runtime/middleware/denco"
  34. )
  35. 

  36. // RouteParam is a object to capture route params in a framework agnostic way.

  37. // implementations of the muxer should use these route params to communicate with the

  38. // swagger framework

  39. type RouteParam struct {
  40. 	Name  string
  41. 	Value string
  42. }
  43. 

  44. // RouteParams the collection of route params

  45. type RouteParams []RouteParam
  46. 

  47. // Get gets the value for the route param for the specified key

  48. func (r RouteParams) Get(name string) string {
  49. 	vv, _, _ := r.GetOK(name)
  50. 	if len(vv) > 0 {
  51. 		return vv[len(vv)-1]
  52. 	}
  53. 	return ""
  54. }
  55. 

  56. // GetOK gets the value but also returns booleans to indicate if a key or value

  57. // is present. This aids in validation and satisfies an interface in use there

  58. //

  59. // The returned values are: data, has key, has value

  60. func (r RouteParams) GetOK(name string) ([]string, bool, bool) {
  61. 	for _, p := range r {
  62. 		if p.Name == name {
  63. 			return []string{p.Value}, true, p.Value != ""
  64. 		}
  65. 	}
  66. 	return nil, false, false
  67. }
  68. 

  69. // NewRouter creates a new context aware router middleware

  70. func NewRouter(ctx *Context, next http.Handler) http.Handler {
  71. 	if ctx.router == nil {
  72. 		ctx.router = DefaultRouter(ctx.spec, ctx.api)
  73. 	}
  74. 

  75. 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
  76. 		if _, rCtx, ok := ctx.RouteInfo(r); ok {
  77. 			next.ServeHTTP(rw, rCtx)
  78. 			return
  79. 		}
  80. 

  81. 		// Not found, check if it exists in the other methods first

  82. 		if others := ctx.AllowedMethods(r); len(others) > 0 {
  83. 			ctx.Respond(rw, r, ctx.analyzer.RequiredProduces(), nil, errors.MethodNotAllowed(r.Method, others))
  84. 			return
  85. 		}
  86. 

  87. 		ctx.Respond(rw, r, ctx.analyzer.RequiredProduces(), nil, errors.NotFound("path %s was not found", r.URL.EscapedPath()))
  88. 	})
  89. }
  90. 

  91. // RoutableAPI represents an interface for things that can serve

  92. // as a provider of implementations for the swagger router

  93. type RoutableAPI interface {
  94. 	HandlerFor(string, string) (http.Handler, bool)
  95. 	ServeErrorFor(string) func(http.ResponseWriter, *http.Request, error)
  96. 	ConsumersFor([]string) map[string]runtime.Consumer
  97. 	ProducersFor([]string) map[string]runtime.Producer
  98. 	AuthenticatorsFor(map[string]spec.SecurityScheme) map[string]runtime.Authenticator
  99. 	Authorizer() runtime.Authorizer
  100. 	Formats() strfmt.Registry
  101. 	DefaultProduces() string
  102. 	DefaultConsumes() string
  103. }
  104. 

  105. // Router represents a swagger aware router

  106. type Router interface {
  107. 	Lookup(method, path string) (*MatchedRoute, bool)
  108. 	OtherMethods(method, path string) []string
  109. }
  110. 

  111. type defaultRouteBuilder struct {
  112. 	spec     *loads.Document
  113. 	analyzer *analysis.Spec
  114. 	api      RoutableAPI
  115. 	records  map[string][]denco.Record
  116. }
  117. 

  118. type defaultRouter struct {
  119. 	spec    *loads.Document
  120. 	routers map[string]*denco.Router
  121. }
  122. 

  123. func newDefaultRouteBuilder(spec *loads.Document, api RoutableAPI) *defaultRouteBuilder {
  124. 	return &defaultRouteBuilder{
  125. 		spec:     spec,
  126. 		analyzer: analysis.New(spec.Spec()),
  127. 		api:      api,
  128. 		records:  make(map[string][]denco.Record),
  129. 	}
  130. }
  131. 

  132. // DefaultRouter creates a default implemenation of the router

  133. func DefaultRouter(spec *loads.Document, api RoutableAPI) Router {
  134. 	builder := newDefaultRouteBuilder(spec, api)
  135. 	if spec != nil {
  136. 		for method, paths := range builder.analyzer.Operations() {
  137. 			for path, operation := range paths {
  138. 				fp := fpath.Join(spec.BasePath(), path)
  139. 				debugLog("adding route %s %s %q", method, fp, operation.ID)
  140. 				builder.AddRoute(method, fp, operation)
  141. 			}
  142. 		}
  143. 	}
  144. 	return builder.Build()
  145. }
  146. 

  147. // RouteAuthenticator is an authenticator that can compose several authenticators together.

  148. // It also knows when it contains an authenticator that allows for anonymous pass through.

  149. // Contains a group of 1 or more authenticators that have a logical AND relationship

  150. type RouteAuthenticator struct {
  151. 	Authenticator  map[string]runtime.Authenticator
  152. 	Schemes        []string
  153. 	Scopes         map[string][]string
  154. 	allScopes      []string
  155. 	commonScopes   []string
  156. 	allowAnonymous bool
  157. }
  158. 

  159. func (ra *RouteAuthenticator) AllowsAnonymous() bool {
  160. 	return ra.allowAnonymous
  161. }
  162. 

  163. // AllScopes returns a list of unique scopes that is the combination

  164. // of all the scopes in the requirements

  165. func (ra *RouteAuthenticator) AllScopes() []string {
  166. 	return ra.allScopes
  167. }
  168. 

  169. // CommonScopes returns a list of unique scopes that are common in all the

  170. // scopes in the requirements

  171. func (ra *RouteAuthenticator) CommonScopes() []string {
  172. 	return ra.commonScopes
  173. }
  174. 

  175. // Authenticate Authenticator interface implementation

  176. func (ra *RouteAuthenticator) Authenticate(req *http.Request, route *MatchedRoute) (bool, interface{}, error) {
  177. 	if ra.allowAnonymous {
  178. 		route.Authenticator = ra
  179. 		return true, nil, nil
  180. 	}
  181. 	// iterate in proper order

  182. 	var lastResult interface{}
  183. 	for _, scheme := range ra.Schemes {
  184. 		if authenticator, ok := ra.Authenticator[scheme]; ok {
  185. 			applies, princ, err := authenticator.Authenticate(&security.ScopedAuthRequest{
  186. 				Request:        req,
  187. 				RequiredScopes: ra.Scopes[scheme],
  188. 			})
  189. 			if !applies {
  190. 				return false, nil, nil
  191. 			}
  192. 			if err != nil {
  193. 				route.Authenticator = ra
  194. 				return true, nil, err
  195. 			}
  196. 			lastResult = princ
  197. 		}
  198. 	}
  199. 	route.Authenticator = ra
  200. 	return true, lastResult, nil
  201. }
  202. 

  203. func stringSliceUnion(slices ...[]string) []string {
  204. 	unique := make(map[string]struct{})
  205. 	var result []string
  206. 	for _, slice := range slices {
  207. 		for _, entry := range slice {
  208. 			if _, ok := unique[entry]; ok {
  209. 				continue
  210. 			}
  211. 			unique[entry] = struct{}{}
  212. 			result = append(result, entry)
  213. 		}
  214. 	}
  215. 	return result
  216. }
  217. 

  218. func stringSliceIntersection(slices ...[]string) []string {
  219. 	unique := make(map[string]int)
  220. 	var intersection []string
  221. 

  222. 	total := len(slices)
  223. 	var emptyCnt int
  224. 	for _, slice := range slices {
  225. 		if len(slice) == 0 {
  226. 			emptyCnt++
  227. 			continue
  228. 		}
  229. 

  230. 		for _, entry := range slice {
  231. 			unique[entry]++
  232. 			if unique[entry] == total-emptyCnt { // this entry appeared in all the non-empty slices

  233. 				intersection = append(intersection, entry)
  234. 			}
  235. 		}
  236. 	}
  237. 

  238. 	return intersection
  239. }
  240. 

  241. // RouteAuthenticators represents a group of authenticators that represent a logical OR

  242. type RouteAuthenticators []RouteAuthenticator
  243. 

  244. // AllowsAnonymous returns true when there is an authenticator that means optional auth

  245. func (ras RouteAuthenticators) AllowsAnonymous() bool {
  246. 	for _, ra := range ras {
  247. 		if ra.AllowsAnonymous() {
  248. 			return true
  249. 		}
  250. 	}
  251. 	return false
  252. }
  253. 

  254. // Authenticate method implemention so this collection can be used as authenticator

  255. func (ras RouteAuthenticators) Authenticate(req *http.Request, route *MatchedRoute) (bool, interface{}, error) {
  256. 	var lastError error
  257. 	var allowsAnon bool
  258. 	var anonAuth RouteAuthenticator
  259. 

  260. 	for _, ra := range ras {
  261. 		if ra.AllowsAnonymous() {
  262. 			anonAuth = ra
  263. 			allowsAnon = true
  264. 			continue
  265. 		}
  266. 		applies, usr, err := ra.Authenticate(req, route)
  267. 		if !applies || err != nil || usr == nil {
  268. 			if err != nil {
  269. 				lastError = err
  270. 			}
  271. 			continue
  272. 		}
  273. 		return applies, usr, nil
  274. 	}
  275. 

  276. 	if allowsAnon && lastError == nil {
  277. 		route.Authenticator = &anonAuth
  278. 		return true, nil, lastError
  279. 	}
  280. 	return lastError != nil, nil, lastError
  281. }
  282. 

  283. type routeEntry struct {
  284. 	PathPattern    string
  285. 	BasePath       string
  286. 	Operation      *spec.Operation
  287. 	Consumes       []string
  288. 	Consumers      map[string]runtime.Consumer
  289. 	Produces       []string
  290. 	Producers      map[string]runtime.Producer
  291. 	Parameters     map[string]spec.Parameter
  292. 	Handler        http.Handler
  293. 	Formats        strfmt.Registry
  294. 	Binder         *UntypedRequestBinder
  295. 	Authenticators RouteAuthenticators
  296. 	Authorizer     runtime.Authorizer
  297. }
  298. 

  299. // MatchedRoute represents the route that was matched in this request

  300. type MatchedRoute struct {
  301. 	routeEntry
  302. 	Params        RouteParams
  303. 	Consumer      runtime.Consumer
  304. 	Producer      runtime.Producer
  305. 	Authenticator *RouteAuthenticator
  306. }
  307. 

  308. // HasAuth returns true when the route has a security requirement defined

  309. func (m *MatchedRoute) HasAuth() bool {
  310. 	return len(m.Authenticators) > 0
  311. }
  312. 

  313. // NeedsAuth returns true when the request still

  314. // needs to perform authentication

  315. func (m *MatchedRoute) NeedsAuth() bool {
  316. 	return m.HasAuth() && m.Authenticator == nil
  317. }
  318. 

  319. func (d *defaultRouter) Lookup(method, path string) (*MatchedRoute, bool) {
  320. 	mth := strings.ToUpper(method)
  321. 	debugLog("looking up route for %s %s", method, path)
  322. 	if Debug {
  323. 		if len(d.routers) == 0 {
  324. 			debugLog("there are no known routers")
  325. 		}
  326. 		for meth := range d.routers {
  327. 			debugLog("got a router for %s", meth)
  328. 		}
  329. 	}
  330. 	if router, ok := d.routers[mth]; ok {
  331. 		if m, rp, ok := router.Lookup(fpath.Clean(path)); ok && m != nil {
  332. 			if entry, ok := m.(*routeEntry); ok {
  333. 				debugLog("found a route for %s %s with %d parameters", method, path, len(entry.Parameters))
  334. 				var params RouteParams
  335. 				for _, p := range rp {
  336. 					v, err := pathUnescape(p.Value)
  337. 					if err != nil {
  338. 						debugLog("failed to escape %q: %v", p.Value, err)
  339. 						v = p.Value
  340. 					}
  341. 					// a workaround to handle fragment/composing parameters until they are supported in denco router

  342. 					// check if this parameter is a fragment within a path segment

  343. 					if xpos := strings.Index(entry.PathPattern, fmt.Sprintf("{%s}", p.Name)) + len(p.Name) + 2; xpos < len(entry.PathPattern) && entry.PathPattern[xpos] != '/' {
  344. 						// extract fragment parameters

  345. 						ep := strings.Split(entry.PathPattern[xpos:], "/")[0]
  346. 						pnames, pvalues := decodeCompositParams(p.Name, v, ep, nil, nil)
  347. 						for i, pname := range pnames {
  348. 							params = append(params, RouteParam{Name: pname, Value: pvalues[i]})
  349. 						}
  350. 					} else {
  351. 						// use the parameter directly

  352. 						params = append(params, RouteParam{Name: p.Name, Value: v})
  353. 					}
  354. 				}
  355. 				return &MatchedRoute{routeEntry: *entry, Params: params}, true
  356. 			}
  357. 		} else {
  358. 			debugLog("couldn't find a route by path for %s %s", method, path)
  359. 		}
  360. 	} else {
  361. 		debugLog("couldn't find a route by method for %s %s", method, path)
  362. 	}
  363. 	return nil, false
  364. }
  365. 

  366. func (d *defaultRouter) OtherMethods(method, path string) []string {
  367. 	mn := strings.ToUpper(method)
  368. 	var methods []string
  369. 	for k, v := range d.routers {
  370. 		if k != mn {
  371. 			if _, _, ok := v.Lookup(fpath.Clean(path)); ok {
  372. 				methods = append(methods, k)
  373. 				continue
  374. 			}
  375. 		}
  376. 	}
  377. 	return methods
  378. }
  379. 

  380. // convert swagger parameters per path segment into a denco parameter as multiple parameters per segment are not supported in denco

  381. var pathConverter = regexp.MustCompile(`{(.+?)}([^/]*)`)
  382. 

  383. func decodeCompositParams(name string, value string, pattern string, names []string, values []string) ([]string, []string) {
  384. 	pleft := strings.Index(pattern, "{")
  385. 	names = append(names, name)
  386. 	if pleft < 0 {
  387. 		if strings.HasSuffix(value, pattern) {
  388. 			values = append(values, value[:len(value)-len(pattern)])
  389. 		} else {
  390. 			values = append(values, "")
  391. 		}
  392. 	} else {
  393. 		toskip := pattern[:pleft]
  394. 		pright := strings.Index(pattern, "}")
  395. 		vright := strings.Index(value, toskip)
  396. 		if vright >= 0 {
  397. 			values = append(values, value[:vright])
  398. 		} else {
  399. 			values = append(values, "")
  400. 			value = ""
  401. 		}
  402. 		return decodeCompositParams(pattern[pleft+1:pright], value[vright+len(toskip):], pattern[pright+1:], names, values)
  403. 	}
  404. 	return names, values
  405. }
  406. 

  407. func (d *defaultRouteBuilder) AddRoute(method, path string, operation *spec.Operation) {
  408. 	mn := strings.ToUpper(method)
  409. 

  410. 	bp := fpath.Clean(d.spec.BasePath())
  411. 	if len(bp) > 0 && bp[len(bp)-1] == '/' {
  412. 		bp = bp[:len(bp)-1]
  413. 	}
  414. 

  415. 	debugLog("operation: %#v", *operation)
  416. 	if handler, ok := d.api.HandlerFor(method, strings.TrimPrefix(path, bp)); ok {
  417. 		consumes := d.analyzer.ConsumesFor(operation)
  418. 		produces := d.analyzer.ProducesFor(operation)
  419. 		parameters := d.analyzer.ParamsFor(method, strings.TrimPrefix(path, bp))
  420. 

  421. 		record := denco.NewRecord(pathConverter.ReplaceAllString(path, ":$1"), &routeEntry{
  422. 			BasePath:       bp,
  423. 			PathPattern:    path,
  424. 			Operation:      operation,
  425. 			Handler:        handler,
  426. 			Consumes:       consumes,
  427. 			Produces:       produces,
  428. 			Consumers:      d.api.ConsumersFor(normalizeOffers(consumes)),
  429. 			Producers:      d.api.ProducersFor(normalizeOffers(produces)),
  430. 			Parameters:     parameters,
  431. 			Formats:        d.api.Formats(),
  432. 			Binder:         NewUntypedRequestBinder(parameters, d.spec.Spec(), d.api.Formats()),
  433. 			Authenticators: d.buildAuthenticators(operation),
  434. 			Authorizer:     d.api.Authorizer(),
  435. 		})
  436. 		d.records[mn] = append(d.records[mn], record)
  437. 	}
  438. }
  439. 

  440. func (d *defaultRouteBuilder) buildAuthenticators(operation *spec.Operation) RouteAuthenticators {
  441. 	requirements := d.analyzer.SecurityRequirementsFor(operation)
  442. 	var auths []RouteAuthenticator
  443. 	for _, reqs := range requirements {
  444. 		var schemes []string
  445. 		scopes := make(map[string][]string, len(reqs))
  446. 		var scopeSlices [][]string
  447. 		for _, req := range reqs {
  448. 			schemes = append(schemes, req.Name)
  449. 			scopes[req.Name] = req.Scopes
  450. 			scopeSlices = append(scopeSlices, req.Scopes)
  451. 		}
  452. 

  453. 		definitions := d.analyzer.SecurityDefinitionsForRequirements(reqs)
  454. 		authenticators := d.api.AuthenticatorsFor(definitions)
  455. 		auths = append(auths, RouteAuthenticator{
  456. 			Authenticator:  authenticators,
  457. 			Schemes:        schemes,
  458. 			Scopes:         scopes,
  459. 			allScopes:      stringSliceUnion(scopeSlices...),
  460. 			commonScopes:   stringSliceIntersection(scopeSlices...),
  461. 			allowAnonymous: len(reqs) == 1 && reqs[0].Name == "",
  462. 		})
  463. 	}
  464. 	return auths
  465. }
  466. 

  467. func (d *defaultRouteBuilder) Build() *defaultRouter {
  468. 	routers := make(map[string]*denco.Router)
  469. 	for method, records := range d.records {
  470. 		router := denco.New()
  471. 		_ = router.Build(records)
  472. 		routers[method] = router
  473. 	}
  474. 	return &defaultRouter{
  475. 		spec:    d.spec,
  476. 		routers: routers,
  477. 	}
  478. }