You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

139 lines
3.3 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
9 years ago
10 years ago
9 years ago
10 years ago
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package middleware
  5. import (
  6. "fmt"
  7. "net/url"
  8. "github.com/go-macaron/csrf"
  9. "gopkg.in/macaron.v1"
  10. "github.com/gogits/gogs/models"
  11. "github.com/gogits/gogs/modules/auth"
  12. "github.com/gogits/gogs/modules/base"
  13. "github.com/gogits/gogs/modules/log"
  14. "github.com/gogits/gogs/modules/setting"
  15. )
  16. type ToggleOptions struct {
  17. SignInRequire bool
  18. SignOutRequire bool
  19. AdminRequire bool
  20. DisableCsrf bool
  21. }
  22. // AutoSignIn reads cookie and try to auto-login.
  23. func AutoSignIn(ctx *Context) (bool, error) {
  24. if !models.HasEngine {
  25. return false, nil
  26. }
  27. uname := ctx.GetCookie(setting.CookieUserName)
  28. if len(uname) == 0 {
  29. return false, nil
  30. }
  31. isSucceed := false
  32. defer func() {
  33. if !isSucceed {
  34. log.Trace("auto-login cookie cleared: %s", uname)
  35. ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
  36. ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
  37. }
  38. }()
  39. u, err := models.GetUserByName(uname)
  40. if err != nil {
  41. if !models.IsErrUserNotExist(err) {
  42. return false, fmt.Errorf("GetUserByName: %v", err)
  43. }
  44. return false, nil
  45. }
  46. if val, _ := ctx.GetSuperSecureCookie(
  47. base.EncodeMd5(u.Rands+u.Passwd), setting.CookieRememberName); val != u.Name {
  48. return false, nil
  49. }
  50. isSucceed = true
  51. ctx.Session.Set("uid", u.Id)
  52. ctx.Session.Set("uname", u.Name)
  53. return true, nil
  54. }
  55. func Toggle(options *ToggleOptions) macaron.Handler {
  56. return func(ctx *Context) {
  57. // Cannot view any page before installation.
  58. if !setting.InstallLock {
  59. ctx.Redirect(setting.AppSubUrl + "/install")
  60. return
  61. }
  62. // Checking non-logged users landing page.
  63. if !ctx.IsSigned && ctx.Req.RequestURI == "/" && setting.LandingPageUrl != setting.LANDING_PAGE_HOME {
  64. ctx.Redirect(setting.AppSubUrl + string(setting.LandingPageUrl))
  65. return
  66. }
  67. // Redirect to dashboard if user tries to visit any non-login page.
  68. if options.SignOutRequire && ctx.IsSigned && ctx.Req.RequestURI != "/" {
  69. ctx.Redirect(setting.AppSubUrl + "/")
  70. return
  71. }
  72. if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
  73. csrf.Validate(ctx.Context, ctx.csrf)
  74. if ctx.Written() {
  75. return
  76. }
  77. }
  78. if options.SignInRequire {
  79. if !ctx.IsSigned {
  80. // Restrict API calls with error message.
  81. if auth.IsAPIPath(ctx.Req.URL.Path) {
  82. ctx.APIError(403, "", "Only signed in user is allowed to call APIs.")
  83. return
  84. }
  85. ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
  86. ctx.Redirect(setting.AppSubUrl + "/user/login")
  87. return
  88. } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
  89. ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
  90. ctx.HTML(200, "user/auth/activate")
  91. return
  92. }
  93. }
  94. if options.AdminRequire {
  95. if !ctx.User.IsAdmin {
  96. ctx.Error(403)
  97. return
  98. }
  99. ctx.Data["PageIsAdmin"] = true
  100. }
  101. }
  102. }
  103. // Contexter middleware already checks token for user sign in process.
  104. func ApiReqToken() macaron.Handler {
  105. return func(ctx *Context) {
  106. if !ctx.IsSigned {
  107. ctx.Error(401)
  108. return
  109. }
  110. }
  111. }
  112. func ApiReqBasicAuth() macaron.Handler {
  113. return func(ctx *Context) {
  114. if !ctx.IsBasicAuth {
  115. ctx.Error(401)
  116. return
  117. }
  118. }
  119. }