closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1049 Commits
2 Branches
178 MiB
Tree: c117f9e73f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c117f9e73f'
${ noResults }
gitea/modules/middleware/context.go

381 lines
8.7 KiB
Raw Normal View History

move templateFuncs to one file, add middleware context.
10 years ago
Add auto-login
10 years ago
Clean code
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
zip archive download
10 years ago
Add auto-login
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Change new martini impot path
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add cache
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
modify RepoAssignment
10 years ago
add csrf check
10 years ago
modify RepoAssignment
10 years ago
Finish watch backend
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
Support private repo
10 years ago
modify RepoAssignment
10 years ago
add Owner to Context.Repo
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
Mirror fix
10 years ago
zip archive download
10 years ago
modify RepoAssignment
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean api code
10 years ago
Clean code
10 years ago
Clean oauth code
10 years ago
Clean code
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
Add: rename repository
10 years ago
Add flash
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
Clean code
10 years ago
Add router log config option
10 years ago
Add some log
10 years ago
Add router log config option
10 years ago
Work on admin
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
add csrf check
10 years ago
Add auto-login
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
Work on form resubmit
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
update session
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
fix context
10 years ago
fork render
10 years ago
fix some link
10 years ago
Work on admin
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package middleware
  6. 

  7. import (
  8. 	"crypto/hmac"
  9. 	"crypto/sha1"
  10. 	"encoding/base64"
  11. 	"fmt"
  12. 	"html/template"
  13. 	"io"
  14. 	"net/http"
  15. 	"net/url"
  16. 	"path/filepath"
  17. 	"strconv"
  18. 	"strings"
  19. 	"time"
  20. 

  21. 	"github.com/go-martini/martini"
  22. 

  23. 	"github.com/gogits/cache"
  24. 	"github.com/gogits/git"
  25. 	"github.com/gogits/session"
  26. 

  27. 	"github.com/gogits/gogs/models"
  28. 	"github.com/gogits/gogs/modules/auth"
  29. 	"github.com/gogits/gogs/modules/base"
  30. 	"github.com/gogits/gogs/modules/log"
  31. )
  32. 

  33. // Context represents context of a request.

  34. type Context struct {
  35. 	*Render
  36. 	c        martini.Context
  37. 	p        martini.Params
  38. 	Req      *http.Request
  39. 	Res      http.ResponseWriter
  40. 	Flash    *Flash
  41. 	Session  session.SessionStore
  42. 	Cache    cache.Cache
  43. 	User     *models.User
  44. 	IsSigned bool
  45. 

  46. 	csrfToken string
  47. 

  48. 	Repo struct {
  49. 		IsOwner    bool
  50. 		IsWatching bool
  51. 		IsBranch   bool
  52. 		IsTag      bool
  53. 		IsCommit   bool
  54. 		HasAccess  bool
  55. 		Repository *models.Repository
  56. 		Owner      *models.User
  57. 		Commit     *git.Commit
  58. 		GitRepo    *git.Repository
  59. 		BranchName string
  60. 		CommitId   string
  61. 		RepoLink   string
  62. 		CloneLink  struct {
  63. 			SSH   string
  64. 			HTTPS string
  65. 			Git   string
  66. 		}
  67. 		Mirror *models.Mirror
  68. 	}
  69. }
  70. 

  71. // Query querys form parameter.

  72. func (ctx *Context) Query(name string) string {
  73. 	ctx.Req.ParseForm()
  74. 	return ctx.Req.Form.Get(name)
  75. }
  76. 

  77. // func (ctx *Context) Param(name string) string {

  78. // 	return ctx.p[name]

  79. // }

  80. 

  81. // HasError returns true if error occurs in form validation.

  82. func (ctx *Context) HasApiError() bool {
  83. 	hasErr, ok := ctx.Data["HasError"]
  84. 	if !ok {
  85. 		return false
  86. 	}
  87. 	return hasErr.(bool)
  88. }
  89. 

  90. func (ctx *Context) GetErrMsg() string {
  91. 	return ctx.Data["ErrorMsg"].(string)
  92. }
  93. 

  94. // HasError returns true if error occurs in form validation.

  95. func (ctx *Context) HasError() bool {
  96. 	hasErr, ok := ctx.Data["HasError"]
  97. 	if !ok {
  98. 		return false
  99. 	}
  100. 	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
  101. 	ctx.Data["Flash"] = ctx.Flash
  102. 	return hasErr.(bool)
  103. }
  104. 

  105. // HTML calls render.HTML underlying but reduce one argument.

  106. func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) {
  107. 	ctx.Render.HTML(status, name, ctx.Data, htmlOpt...)
  108. }
  109. 

  110. // RenderWithErr used for page has form validation but need to prompt error to users.

  111. func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) {
  112. 	if form != nil {
  113. 		auth.AssignForm(form, ctx.Data)
  114. 	}
  115. 	ctx.Flash.ErrorMsg = msg
  116. 	ctx.Data["Flash"] = ctx.Flash
  117. 	ctx.HTML(200, tpl)
  118. }
  119. 

  120. // Handle handles and logs error by given status.

  121. func (ctx *Context) Handle(status int, title string, err error) {
  122. 	if err != nil {
  123. 		log.Error("%s: %v", title, err)
  124. 		if martini.Dev != martini.Prod {
  125. 			ctx.Data["ErrorMsg"] = err
  126. 		}
  127. 	}
  128. 

  129. 	switch status {
  130. 	case 404:
  131. 		ctx.Data["Title"] = "Page Not Found"
  132. 	case 500:
  133. 		ctx.Data["Title"] = "Internal Server Error"
  134. 	}
  135. 	ctx.HTML(status, fmt.Sprintf("status/%d", status))
  136. }
  137. 

  138. func (ctx *Context) Debug(msg string, args ...interface{}) {
  139. 	log.Debug(msg, args...)
  140. }
  141. 

  142. func (ctx *Context) GetCookie(name string) string {
  143. 	cookie, err := ctx.Req.Cookie(name)
  144. 	if err != nil {
  145. 		return ""
  146. 	}
  147. 	return cookie.Value
  148. }
  149. 

  150. func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
  151. 	cookie := http.Cookie{}
  152. 	cookie.Name = name
  153. 	cookie.Value = value
  154. 

  155. 	if len(others) > 0 {
  156. 		switch v := others[0].(type) {
  157. 		case int:
  158. 			cookie.MaxAge = v
  159. 		case int64:
  160. 			cookie.MaxAge = int(v)
  161. 		case int32:
  162. 			cookie.MaxAge = int(v)
  163. 		}
  164. 	}
  165. 

  166. 	// default "/"

  167. 	if len(others) > 1 {
  168. 		if v, ok := others[1].(string); ok && len(v) > 0 {
  169. 			cookie.Path = v
  170. 		}
  171. 	} else {
  172. 		cookie.Path = "/"
  173. 	}
  174. 

  175. 	// default empty

  176. 	if len(others) > 2 {
  177. 		if v, ok := others[2].(string); ok && len(v) > 0 {
  178. 			cookie.Domain = v
  179. 		}
  180. 	}
  181. 

  182. 	// default empty

  183. 	if len(others) > 3 {
  184. 		switch v := others[3].(type) {
  185. 		case bool:
  186. 			cookie.Secure = v
  187. 		default:
  188. 			if others[3] != nil {
  189. 				cookie.Secure = true
  190. 			}
  191. 		}
  192. 	}
  193. 

  194. 	// default false. for session cookie default true

  195. 	if len(others) > 4 {
  196. 		if v, ok := others[4].(bool); ok && v {
  197. 			cookie.HttpOnly = true
  198. 		}
  199. 	}
  200. 

  201. 	ctx.Res.Header().Add("Set-Cookie", cookie.String())
  202. }
  203. 

  204. // Get secure cookie from request by a given key.

  205. func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
  206. 	val := ctx.GetCookie(key)
  207. 	if val == "" {
  208. 		return "", false
  209. 	}
  210. 

  211. 	parts := strings.SplitN(val, "|", 3)
  212. 

  213. 	if len(parts) != 3 {
  214. 		return "", false
  215. 	}
  216. 

  217. 	vs := parts[0]
  218. 	timestamp := parts[1]
  219. 	sig := parts[2]
  220. 

  221. 	h := hmac.New(sha1.New, []byte(Secret))
  222. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  223. 

  224. 	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
  225. 		return "", false
  226. 	}
  227. 	res, _ := base64.URLEncoding.DecodeString(vs)
  228. 	return string(res), true
  229. }
  230. 

  231. // Set Secure cookie for response.

  232. func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
  233. 	vs := base64.URLEncoding.EncodeToString([]byte(value))
  234. 	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
  235. 	h := hmac.New(sha1.New, []byte(Secret))
  236. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  237. 	sig := fmt.Sprintf("%02x", h.Sum(nil))
  238. 	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
  239. 	ctx.SetCookie(name, cookie, others...)
  240. }
  241. 

  242. func (ctx *Context) CsrfToken() string {
  243. 	if len(ctx.csrfToken) > 0 {
  244. 		return ctx.csrfToken
  245. 	}
  246. 

  247. 	token := ctx.GetCookie("_csrf")
  248. 	if len(token) == 0 {
  249. 		token = base.GetRandomString(30)
  250. 		ctx.SetCookie("_csrf", token)
  251. 	}
  252. 	ctx.csrfToken = token
  253. 	return token
  254. }
  255. 

  256. func (ctx *Context) CsrfTokenValid() bool {
  257. 	token := ctx.Query("_csrf")
  258. 	if token == "" {
  259. 		token = ctx.Req.Header.Get("X-Csrf-Token")
  260. 	}
  261. 	if token == "" {
  262. 		return false
  263. 	} else if ctx.csrfToken != token {
  264. 		return false
  265. 	}
  266. 	return true
  267. }
  268. 

  269. func (ctx *Context) ServeFile(file string, names ...string) {
  270. 	var name string
  271. 	if len(names) > 0 {
  272. 		name = names[0]
  273. 	} else {
  274. 		name = filepath.Base(file)
  275. 	}
  276. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  277. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  278. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  279. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  280. 	ctx.Res.Header().Set("Expires", "0")
  281. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  282. 	ctx.Res.Header().Set("Pragma", "public")
  283. 	http.ServeFile(ctx.Res, ctx.Req, file)
  284. }
  285. 

  286. func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
  287. 	modtime := time.Now()
  288. 	for _, p := range params {
  289. 		switch v := p.(type) {
  290. 		case time.Time:
  291. 			modtime = v
  292. 		}
  293. 	}
  294. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  295. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  296. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  297. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  298. 	ctx.Res.Header().Set("Expires", "0")
  299. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  300. 	ctx.Res.Header().Set("Pragma", "public")
  301. 	http.ServeContent(ctx.Res, ctx.Req, name, modtime, r)
  302. }
  303. 

  304. type Flash struct {
  305. 	url.Values
  306. 	ErrorMsg, SuccessMsg string
  307. }
  308. 

  309. func (f *Flash) Error(msg string) {
  310. 	f.Set("error", msg)
  311. 	f.ErrorMsg = msg
  312. }
  313. 

  314. func (f *Flash) Success(msg string) {
  315. 	f.Set("success", msg)
  316. 	f.SuccessMsg = msg
  317. }
  318. 

  319. // InitContext initializes a classic context for a request.

  320. func InitContext() martini.Handler {
  321. 	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
  322. 

  323. 		ctx := &Context{
  324. 			c: c,
  325. 			// p:      p,

  326. 			Req:    r,
  327. 			Res:    res,
  328. 			Cache:  base.Cache,
  329. 			Render: rd,
  330. 		}
  331. 

  332. 		ctx.Data["PageStartTime"] = time.Now()
  333. 

  334. 		// start session

  335. 		ctx.Session = base.SessionManager.SessionStart(res, r)
  336. 

  337. 		// Get flash.

  338. 		values, err := url.ParseQuery(ctx.GetCookie("gogs_flash"))
  339. 		if err != nil {
  340. 			log.Error("InitContext.ParseQuery(flash): %v", err)
  341. 		} else if len(values) > 0 {
  342. 			ctx.Flash = &Flash{Values: values}
  343. 			ctx.Flash.ErrorMsg = ctx.Flash.Get("error")
  344. 			ctx.Flash.SuccessMsg = ctx.Flash.Get("success")
  345. 			ctx.Data["Flash"] = ctx.Flash
  346. 			ctx.SetCookie("gogs_flash", "", -1)
  347. 		}
  348. 		ctx.Flash = &Flash{Values: url.Values{}}
  349. 

  350. 		rw := res.(martini.ResponseWriter)
  351. 		rw.Before(func(martini.ResponseWriter) {
  352. 			ctx.Session.SessionRelease(res)
  353. 

  354. 			if flash := ctx.Flash.Encode(); len(flash) > 0 {
  355. 				ctx.SetCookie("gogs_flash", ctx.Flash.Encode(), 0)
  356. 			}
  357. 		})
  358. 

  359. 		// Get user from session if logined.

  360. 		user := auth.SignedInUser(ctx.Session)
  361. 		ctx.User = user
  362. 		ctx.IsSigned = user != nil
  363. 

  364. 		ctx.Data["IsSigned"] = ctx.IsSigned
  365. 

  366. 		if user != nil {
  367. 			ctx.Data["SignedUser"] = user
  368. 			ctx.Data["SignedUserId"] = user.Id
  369. 			ctx.Data["SignedUserName"] = user.Name
  370. 			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
  371. 		}
  372. 

  373. 		// get or create csrf token

  374. 		ctx.Data["CsrfToken"] = ctx.CsrfToken()
  375. 		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
  376. 

  377. 		c.Map(ctx)
  378. 

  379. 		c.Next()
  380. 	}
  381. }