closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6596 Commits
2 Branches
178 MiB
Tree: 52c2cb15db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '52c2cb15db'
${ noResults }
gitea/vendor/github.com/gorilla/mux/regexp.go

316 lines
8.5 KiB
Raw Normal View History

Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
 
  1. // Copyright 2012 The Gorilla Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package mux
  6. 

  7. import (
  8. 	"bytes"
  9. 	"fmt"
  10. 	"net/http"
  11. 	"net/url"
  12. 	"regexp"
  13. 	"strconv"
  14. 	"strings"
  15. )
  16. 

  17. // newRouteRegexp parses a route template and returns a routeRegexp,

  18. // used to match a host, a path or a query string.

  19. //

  20. // It will extract named variables, assemble a regexp to be matched, create

  21. // a "reverse" template to build URLs and compile regexps to validate variable

  22. // values used in URL building.

  23. //

  24. // Previously we accepted only Python-like identifiers for variable

  25. // names ([a-zA-Z_][a-zA-Z0-9_]*), but currently the only restriction is that

  26. // name and pattern can't be empty, and names can't contain a colon.

  27. func newRouteRegexp(tpl string, matchHost, matchPrefix, matchQuery, strictSlash, useEncodedPath bool) (*routeRegexp, error) {
  28. 	// Check if it is well-formed.

  29. 	idxs, errBraces := braceIndices(tpl)
  30. 	if errBraces != nil {
  31. 		return nil, errBraces
  32. 	}
  33. 	// Backup the original.

  34. 	template := tpl
  35. 	// Now let's parse it.

  36. 	defaultPattern := "[^/]+"
  37. 	if matchQuery {
  38. 		defaultPattern = "[^?&]*"
  39. 	} else if matchHost {
  40. 		defaultPattern = "[^.]+"
  41. 		matchPrefix = false
  42. 	}
  43. 	// Only match strict slash if not matching

  44. 	if matchPrefix || matchHost || matchQuery {
  45. 		strictSlash = false
  46. 	}
  47. 	// Set a flag for strictSlash.

  48. 	endSlash := false
  49. 	if strictSlash && strings.HasSuffix(tpl, "/") {
  50. 		tpl = tpl[:len(tpl)-1]
  51. 		endSlash = true
  52. 	}
  53. 	varsN := make([]string, len(idxs)/2)
  54. 	varsR := make([]*regexp.Regexp, len(idxs)/2)
  55. 	pattern := bytes.NewBufferString("")
  56. 	pattern.WriteByte('^')
  57. 	reverse := bytes.NewBufferString("")
  58. 	var end int
  59. 	var err error
  60. 	for i := 0; i < len(idxs); i += 2 {
  61. 		// Set all values we are interested in.

  62. 		raw := tpl[end:idxs[i]]
  63. 		end = idxs[i+1]
  64. 		parts := strings.SplitN(tpl[idxs[i]+1:end-1], ":", 2)
  65. 		name := parts[0]
  66. 		patt := defaultPattern
  67. 		if len(parts) == 2 {
  68. 			patt = parts[1]
  69. 		}
  70. 		// Name or pattern can't be empty.

  71. 		if name == "" || patt == "" {
  72. 			return nil, fmt.Errorf("mux: missing name or pattern in %q",
  73. 				tpl[idxs[i]:end])
  74. 		}
  75. 		// Build the regexp pattern.

  76. 		fmt.Fprintf(pattern, "%s(?P<%s>%s)", regexp.QuoteMeta(raw), varGroupName(i/2), patt)
  77. 

  78. 		// Build the reverse template.

  79. 		fmt.Fprintf(reverse, "%s%%s", raw)
  80. 

  81. 		// Append variable name and compiled pattern.

  82. 		varsN[i/2] = name
  83. 		varsR[i/2], err = regexp.Compile(fmt.Sprintf("^%s$", patt))
  84. 		if err != nil {
  85. 			return nil, err
  86. 		}
  87. 	}
  88. 	// Add the remaining.

  89. 	raw := tpl[end:]
  90. 	pattern.WriteString(regexp.QuoteMeta(raw))
  91. 	if strictSlash {
  92. 		pattern.WriteString("[/]?")
  93. 	}
  94. 	if matchQuery {
  95. 		// Add the default pattern if the query value is empty

  96. 		if queryVal := strings.SplitN(template, "=", 2)[1]; queryVal == "" {
  97. 			pattern.WriteString(defaultPattern)
  98. 		}
  99. 	}
  100. 	if !matchPrefix {
  101. 		pattern.WriteByte('$')
  102. 	}
  103. 	reverse.WriteString(raw)
  104. 	if endSlash {
  105. 		reverse.WriteByte('/')
  106. 	}
  107. 	// Compile full regexp.

  108. 	reg, errCompile := regexp.Compile(pattern.String())
  109. 	if errCompile != nil {
  110. 		return nil, errCompile
  111. 	}
  112. 	// Done!

  113. 	return &routeRegexp{
  114. 		template:       template,
  115. 		matchHost:      matchHost,
  116. 		matchQuery:     matchQuery,
  117. 		strictSlash:    strictSlash,
  118. 		useEncodedPath: useEncodedPath,
  119. 		regexp:         reg,
  120. 		reverse:        reverse.String(),
  121. 		varsN:          varsN,
  122. 		varsR:          varsR,
  123. 	}, nil
  124. }
  125. 

  126. // routeRegexp stores a regexp to match a host or path and information to

  127. // collect and validate route variables.

  128. type routeRegexp struct {
  129. 	// The unmodified template.

  130. 	template string
  131. 	// True for host match, false for path or query string match.

  132. 	matchHost bool
  133. 	// True for query string match, false for path and host match.

  134. 	matchQuery bool
  135. 	// The strictSlash value defined on the route, but disabled if PathPrefix was used.

  136. 	strictSlash bool
  137. 	// Determines whether to use encoded path from getPath function or unencoded

  138. 	// req.URL.Path for path matching

  139. 	useEncodedPath bool
  140. 	// Expanded regexp.

  141. 	regexp *regexp.Regexp
  142. 	// Reverse template.

  143. 	reverse string
  144. 	// Variable names.

  145. 	varsN []string
  146. 	// Variable regexps (validators).

  147. 	varsR []*regexp.Regexp
  148. }
  149. 

  150. // Match matches the regexp against the URL host or path.

  151. func (r *routeRegexp) Match(req *http.Request, match *RouteMatch) bool {
  152. 	if !r.matchHost {
  153. 		if r.matchQuery {
  154. 			return r.matchQueryString(req)
  155. 		}
  156. 		path := req.URL.Path
  157. 		if r.useEncodedPath {
  158. 			path = getPath(req)
  159. 		}
  160. 		return r.regexp.MatchString(path)
  161. 	}
  162. 

  163. 	return r.regexp.MatchString(getHost(req))
  164. }
  165. 

  166. // url builds a URL part using the given values.

  167. func (r *routeRegexp) url(values map[string]string) (string, error) {
  168. 	urlValues := make([]interface{}, len(r.varsN))
  169. 	for k, v := range r.varsN {
  170. 		value, ok := values[v]
  171. 		if !ok {
  172. 			return "", fmt.Errorf("mux: missing route variable %q", v)
  173. 		}
  174. 		urlValues[k] = value
  175. 	}
  176. 	rv := fmt.Sprintf(r.reverse, urlValues...)
  177. 	if !r.regexp.MatchString(rv) {
  178. 		// The URL is checked against the full regexp, instead of checking

  179. 		// individual variables. This is faster but to provide a good error

  180. 		// message, we check individual regexps if the URL doesn't match.

  181. 		for k, v := range r.varsN {
  182. 			if !r.varsR[k].MatchString(values[v]) {
  183. 				return "", fmt.Errorf(
  184. 					"mux: variable %q doesn't match, expected %q", values[v],
  185. 					r.varsR[k].String())
  186. 			}
  187. 		}
  188. 	}
  189. 	return rv, nil
  190. }
  191. 

  192. // getURLQuery returns a single query parameter from a request URL.

  193. // For a URL with foo=bar&baz=ding, we return only the relevant key

  194. // value pair for the routeRegexp.

  195. func (r *routeRegexp) getURLQuery(req *http.Request) string {
  196. 	if !r.matchQuery {
  197. 		return ""
  198. 	}
  199. 	templateKey := strings.SplitN(r.template, "=", 2)[0]
  200. 	for key, vals := range req.URL.Query() {
  201. 		if key == templateKey && len(vals) > 0 {
  202. 			return key + "=" + vals[0]
  203. 		}
  204. 	}
  205. 	return ""
  206. }
  207. 

  208. func (r *routeRegexp) matchQueryString(req *http.Request) bool {
  209. 	return r.regexp.MatchString(r.getURLQuery(req))
  210. }
  211. 

  212. // braceIndices returns the first level curly brace indices from a string.

  213. // It returns an error in case of unbalanced braces.

  214. func braceIndices(s string) ([]int, error) {
  215. 	var level, idx int
  216. 	var idxs []int
  217. 	for i := 0; i < len(s); i++ {
  218. 		switch s[i] {
  219. 		case '{':
  220. 			if level++; level == 1 {
  221. 				idx = i
  222. 			}
  223. 		case '}':
  224. 			if level--; level == 0 {
  225. 				idxs = append(idxs, idx, i+1)
  226. 			} else if level < 0 {
  227. 				return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
  228. 			}
  229. 		}
  230. 	}
  231. 	if level != 0 {
  232. 		return nil, fmt.Errorf("mux: unbalanced braces in %q", s)
  233. 	}
  234. 	return idxs, nil
  235. }
  236. 

  237. // varGroupName builds a capturing group name for the indexed variable.

  238. func varGroupName(idx int) string {
  239. 	return "v" + strconv.Itoa(idx)
  240. }
  241. 

  242. // ----------------------------------------------------------------------------

  243. // routeRegexpGroup

  244. // ----------------------------------------------------------------------------

  245. 

  246. // routeRegexpGroup groups the route matchers that carry variables.

  247. type routeRegexpGroup struct {
  248. 	host    *routeRegexp
  249. 	path    *routeRegexp
  250. 	queries []*routeRegexp
  251. }
  252. 

  253. // setMatch extracts the variables from the URL once a route matches.

  254. func (v *routeRegexpGroup) setMatch(req *http.Request, m *RouteMatch, r *Route) {
  255. 	// Store host variables.

  256. 	if v.host != nil {
  257. 		host := getHost(req)
  258. 		matches := v.host.regexp.FindStringSubmatchIndex(host)
  259. 		if len(matches) > 0 {
  260. 			extractVars(host, matches, v.host.varsN, m.Vars)
  261. 		}
  262. 	}
  263. 	path := req.URL.Path
  264. 	if r.useEncodedPath {
  265. 		path = getPath(req)
  266. 	}
  267. 	// Store path variables.

  268. 	if v.path != nil {
  269. 		matches := v.path.regexp.FindStringSubmatchIndex(path)
  270. 		if len(matches) > 0 {
  271. 			extractVars(path, matches, v.path.varsN, m.Vars)
  272. 			// Check if we should redirect.

  273. 			if v.path.strictSlash {
  274. 				p1 := strings.HasSuffix(path, "/")
  275. 				p2 := strings.HasSuffix(v.path.template, "/")
  276. 				if p1 != p2 {
  277. 					u, _ := url.Parse(req.URL.String())
  278. 					if p1 {
  279. 						u.Path = u.Path[:len(u.Path)-1]
  280. 					} else {
  281. 						u.Path += "/"
  282. 					}
  283. 					m.Handler = http.RedirectHandler(u.String(), 301)
  284. 				}
  285. 			}
  286. 		}
  287. 	}
  288. 	// Store query string variables.

  289. 	for _, q := range v.queries {
  290. 		queryURL := q.getURLQuery(req)
  291. 		matches := q.regexp.FindStringSubmatchIndex(queryURL)
  292. 		if len(matches) > 0 {
  293. 			extractVars(queryURL, matches, q.varsN, m.Vars)
  294. 		}
  295. 	}
  296. }
  297. 

  298. // getHost tries its best to return the request host.

  299. func getHost(r *http.Request) string {
  300. 	if r.URL.IsAbs() {
  301. 		return r.URL.Host
  302. 	}
  303. 	host := r.Host
  304. 	// Slice off any port information.

  305. 	if i := strings.Index(host, ":"); i != -1 {
  306. 		host = host[:i]
  307. 	}
  308. 	return host
  309. 

  310. }
  311. 

  312. func extractVars(input string, matches []int, names []string, output map[string]string) {
  313. 	for i, name := range names {
  314. 		output[name] = input[matches[2*i+2]:matches[2*i+3]]
  315. 	}
  316. }