closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1211 Commits
2 Branches
178 MiB
Tree: cdffdeddc9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cdffdeddc9'
${ noResults }
gitea/modules/middleware/context.go

385 lines
8.8 KiB
Raw Normal View History

move templateFuncs to one file, add middleware context.
10 years ago
Add auto-login
10 years ago
Clean code
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
zip archive download
10 years ago
Add auto-login
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Change new martini impot path
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add cache
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Fixed #209
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
modify RepoAssignment
10 years ago
add csrf check
10 years ago
modify RepoAssignment
10 years ago
Fix bug that collaborators are able to modify settings of repository
10 years ago
Mirror fix
10 years ago
zip archive download
10 years ago
modify RepoAssignment
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean api code
10 years ago
Clean code
10 years ago
Clean oauth code
10 years ago
Clean code
10 years ago
Work on admin
10 years ago
In progress of name template name constant
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
In progress of name template name constant
10 years ago
Add: rename repository
10 years ago
Add flash
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
Clean code
10 years ago
Add router log config option
10 years ago
Add some log
10 years ago
Add router log config option
10 years ago
In progress of name template name constant
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
add csrf check
10 years ago
Add auto-login
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
Work on form resubmit
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
Fixed #209
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
update session
10 years ago
Fixed #209
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Fix #165
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
fix context
10 years ago
fork render
10 years ago
fix some link
10 years ago
Work on admin
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package middleware
  6. 

  7. import (
  8. 	"crypto/hmac"
  9. 	"crypto/sha1"
  10. 	"encoding/base64"
  11. 	"fmt"
  12. 	"html/template"
  13. 	"io"
  14. 	"net/http"
  15. 	"net/url"
  16. 	"path/filepath"
  17. 	"strconv"
  18. 	"strings"
  19. 	"time"
  20. 

  21. 	"github.com/go-martini/martini"
  22. 

  23. 	"github.com/gogits/cache"
  24. 	"github.com/gogits/git"
  25. 	"github.com/gogits/session"
  26. 

  27. 	"github.com/gogits/gogs/models"
  28. 	"github.com/gogits/gogs/modules/auth"
  29. 	"github.com/gogits/gogs/modules/base"
  30. 	"github.com/gogits/gogs/modules/log"
  31. 	"github.com/gogits/gogs/modules/setting"
  32. )
  33. 

  34. // Context represents context of a request.

  35. type Context struct {
  36. 	*Render
  37. 	c        martini.Context
  38. 	p        martini.Params
  39. 	Req      *http.Request
  40. 	Res      http.ResponseWriter
  41. 	Flash    *Flash
  42. 	Session  session.SessionStore
  43. 	Cache    cache.Cache
  44. 	User     *models.User
  45. 	IsSigned bool
  46. 

  47. 	csrfToken string
  48. 

  49. 	Repo struct {
  50. 		IsOwner     bool
  51. 		IsTrueOwner bool
  52. 		IsWatching  bool
  53. 		IsBranch    bool
  54. 		IsTag       bool
  55. 		IsCommit    bool
  56. 		HasAccess   bool
  57. 		Repository  *models.Repository
  58. 		Owner       *models.User
  59. 		Commit      *git.Commit
  60. 		Tag         *git.Tag
  61. 		GitRepo     *git.Repository
  62. 		BranchName  string
  63. 		TagName     string
  64. 		CommitId    string
  65. 		RepoLink    string
  66. 		CloneLink   struct {
  67. 			SSH   string
  68. 			HTTPS string
  69. 			Git   string
  70. 		}
  71. 		Mirror *models.Mirror
  72. 	}
  73. }
  74. 

  75. // Query querys form parameter.

  76. func (ctx *Context) Query(name string) string {
  77. 	ctx.Req.ParseForm()
  78. 	return ctx.Req.Form.Get(name)
  79. }
  80. 

  81. // func (ctx *Context) Param(name string) string {

  82. // 	return ctx.p[name]

  83. // }

  84. 

  85. // HasError returns true if error occurs in form validation.

  86. func (ctx *Context) HasApiError() bool {
  87. 	hasErr, ok := ctx.Data["HasError"]
  88. 	if !ok {
  89. 		return false
  90. 	}
  91. 	return hasErr.(bool)
  92. }
  93. 

  94. func (ctx *Context) GetErrMsg() string {
  95. 	return ctx.Data["ErrorMsg"].(string)
  96. }
  97. 

  98. // HasError returns true if error occurs in form validation.

  99. func (ctx *Context) HasError() bool {
  100. 	hasErr, ok := ctx.Data["HasError"]
  101. 	if !ok {
  102. 		return false
  103. 	}
  104. 	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
  105. 	ctx.Data["Flash"] = ctx.Flash
  106. 	return hasErr.(bool)
  107. }
  108. 

  109. // HTML calls render.HTML underlying but reduce one argument.

  110. func (ctx *Context) HTML(status int, name base.TplName, htmlOpt ...HTMLOptions) {
  111. 	ctx.Render.HTML(status, string(name), ctx.Data, htmlOpt...)
  112. }
  113. 

  114. // RenderWithErr used for page has form validation but need to prompt error to users.

  115. func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form auth.Form) {
  116. 	if form != nil {
  117. 		auth.AssignForm(form, ctx.Data)
  118. 	}
  119. 	ctx.Flash.ErrorMsg = msg
  120. 	ctx.Data["Flash"] = ctx.Flash
  121. 	ctx.HTML(200, tpl)
  122. }
  123. 

  124. // Handle handles and logs error by given status.

  125. func (ctx *Context) Handle(status int, title string, err error) {
  126. 	if err != nil {
  127. 		log.Error("%s: %v", title, err)
  128. 		if martini.Dev != martini.Prod {
  129. 			ctx.Data["ErrorMsg"] = err
  130. 		}
  131. 	}
  132. 

  133. 	switch status {
  134. 	case 404:
  135. 		ctx.Data["Title"] = "Page Not Found"
  136. 	case 500:
  137. 		ctx.Data["Title"] = "Internal Server Error"
  138. 	}
  139. 	ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
  140. }
  141. 

  142. func (ctx *Context) Debug(msg string, args ...interface{}) {
  143. 	log.Debug(msg, args...)
  144. }
  145. 

  146. func (ctx *Context) GetCookie(name string) string {
  147. 	cookie, err := ctx.Req.Cookie(name)
  148. 	if err != nil {
  149. 		return ""
  150. 	}
  151. 	return cookie.Value
  152. }
  153. 

  154. func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
  155. 	cookie := http.Cookie{}
  156. 	cookie.Name = name
  157. 	cookie.Value = value
  158. 

  159. 	if len(others) > 0 {
  160. 		switch v := others[0].(type) {
  161. 		case int:
  162. 			cookie.MaxAge = v
  163. 		case int64:
  164. 			cookie.MaxAge = int(v)
  165. 		case int32:
  166. 			cookie.MaxAge = int(v)
  167. 		}
  168. 	}
  169. 

  170. 	// default "/"

  171. 	if len(others) > 1 {
  172. 		if v, ok := others[1].(string); ok && len(v) > 0 {
  173. 			cookie.Path = v
  174. 		}
  175. 	} else {
  176. 		cookie.Path = "/"
  177. 	}
  178. 

  179. 	// default empty

  180. 	if len(others) > 2 {
  181. 		if v, ok := others[2].(string); ok && len(v) > 0 {
  182. 			cookie.Domain = v
  183. 		}
  184. 	}
  185. 

  186. 	// default empty

  187. 	if len(others) > 3 {
  188. 		switch v := others[3].(type) {
  189. 		case bool:
  190. 			cookie.Secure = v
  191. 		default:
  192. 			if others[3] != nil {
  193. 				cookie.Secure = true
  194. 			}
  195. 		}
  196. 	}
  197. 

  198. 	// default false. for session cookie default true

  199. 	if len(others) > 4 {
  200. 		if v, ok := others[4].(bool); ok && v {
  201. 			cookie.HttpOnly = true
  202. 		}
  203. 	}
  204. 

  205. 	ctx.Res.Header().Add("Set-Cookie", cookie.String())
  206. }
  207. 

  208. // Get secure cookie from request by a given key.

  209. func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
  210. 	val := ctx.GetCookie(key)
  211. 	if val == "" {
  212. 		return "", false
  213. 	}
  214. 

  215. 	parts := strings.SplitN(val, "|", 3)
  216. 

  217. 	if len(parts) != 3 {
  218. 		return "", false
  219. 	}
  220. 

  221. 	vs := parts[0]
  222. 	timestamp := parts[1]
  223. 	sig := parts[2]
  224. 

  225. 	h := hmac.New(sha1.New, []byte(Secret))
  226. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  227. 

  228. 	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
  229. 		return "", false
  230. 	}
  231. 	res, _ := base64.URLEncoding.DecodeString(vs)
  232. 	return string(res), true
  233. }
  234. 

  235. // Set Secure cookie for response.

  236. func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
  237. 	vs := base64.URLEncoding.EncodeToString([]byte(value))
  238. 	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
  239. 	h := hmac.New(sha1.New, []byte(Secret))
  240. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  241. 	sig := fmt.Sprintf("%02x", h.Sum(nil))
  242. 	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
  243. 	ctx.SetCookie(name, cookie, others...)
  244. }
  245. 

  246. func (ctx *Context) CsrfToken() string {
  247. 	if len(ctx.csrfToken) > 0 {
  248. 		return ctx.csrfToken
  249. 	}
  250. 

  251. 	token := ctx.GetCookie("_csrf")
  252. 	if len(token) == 0 {
  253. 		token = base.GetRandomString(30)
  254. 		ctx.SetCookie("_csrf", token)
  255. 	}
  256. 	ctx.csrfToken = token
  257. 	return token
  258. }
  259. 

  260. func (ctx *Context) CsrfTokenValid() bool {
  261. 	token := ctx.Query("_csrf")
  262. 	if token == "" {
  263. 		token = ctx.Req.Header.Get("X-Csrf-Token")
  264. 	}
  265. 	if token == "" {
  266. 		return false
  267. 	} else if ctx.csrfToken != token {
  268. 		return false
  269. 	}
  270. 	return true
  271. }
  272. 

  273. func (ctx *Context) ServeFile(file string, names ...string) {
  274. 	var name string
  275. 	if len(names) > 0 {
  276. 		name = names[0]
  277. 	} else {
  278. 		name = filepath.Base(file)
  279. 	}
  280. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  281. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  282. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  283. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  284. 	ctx.Res.Header().Set("Expires", "0")
  285. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  286. 	ctx.Res.Header().Set("Pragma", "public")
  287. 	http.ServeFile(ctx.Res, ctx.Req, file)
  288. }
  289. 

  290. func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
  291. 	modtime := time.Now()
  292. 	for _, p := range params {
  293. 		switch v := p.(type) {
  294. 		case time.Time:
  295. 			modtime = v
  296. 		}
  297. 	}
  298. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  299. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  300. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  301. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  302. 	ctx.Res.Header().Set("Expires", "0")
  303. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  304. 	ctx.Res.Header().Set("Pragma", "public")
  305. 	http.ServeContent(ctx.Res, ctx.Req, name, modtime, r)
  306. }
  307. 

  308. type Flash struct {
  309. 	url.Values
  310. 	ErrorMsg, SuccessMsg string
  311. }
  312. 

  313. func (f *Flash) Error(msg string) {
  314. 	f.Set("error", msg)
  315. 	f.ErrorMsg = msg
  316. }
  317. 

  318. func (f *Flash) Success(msg string) {
  319. 	f.Set("success", msg)
  320. 	f.SuccessMsg = msg
  321. }
  322. 

  323. // InitContext initializes a classic context for a request.

  324. func InitContext() martini.Handler {
  325. 	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
  326. 

  327. 		ctx := &Context{
  328. 			c: c,
  329. 			// p:      p,

  330. 			Req:    r,
  331. 			Res:    res,
  332. 			Cache:  setting.Cache,
  333. 			Render: rd,
  334. 		}
  335. 

  336. 		ctx.Data["PageStartTime"] = time.Now()
  337. 

  338. 		// start session

  339. 		ctx.Session = setting.SessionManager.SessionStart(res, r)
  340. 

  341. 		// Get flash.

  342. 		values, err := url.ParseQuery(ctx.GetCookie("gogs_flash"))
  343. 		if err != nil {
  344. 			log.Error("InitContext.ParseQuery(flash): %v", err)
  345. 		} else if len(values) > 0 {
  346. 			ctx.Flash = &Flash{Values: values}
  347. 			ctx.Flash.ErrorMsg = ctx.Flash.Get("error")
  348. 			ctx.Flash.SuccessMsg = ctx.Flash.Get("success")
  349. 			ctx.Data["Flash"] = ctx.Flash
  350. 			ctx.SetCookie("gogs_flash", "", -1)
  351. 		}
  352. 		ctx.Flash = &Flash{Values: url.Values{}}
  353. 

  354. 		rw := res.(martini.ResponseWriter)
  355. 		rw.Before(func(martini.ResponseWriter) {
  356. 			ctx.Session.SessionRelease(res)
  357. 

  358. 			if flash := ctx.Flash.Encode(); len(flash) > 0 {
  359. 				ctx.SetCookie("gogs_flash", ctx.Flash.Encode(), 0)
  360. 			}
  361. 		})
  362. 

  363. 		// Get user from session if logined.

  364. 		user := auth.SignedInUser(ctx.req.Header, ctx.Session)
  365. 		ctx.User = user
  366. 		ctx.IsSigned = user != nil
  367. 

  368. 		ctx.Data["IsSigned"] = ctx.IsSigned
  369. 

  370. 		if user != nil {
  371. 			ctx.Data["SignedUser"] = user
  372. 			ctx.Data["SignedUserId"] = user.Id
  373. 			ctx.Data["SignedUserName"] = user.Name
  374. 			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
  375. 		}
  376. 

  377. 		// get or create csrf token

  378. 		ctx.Data["CsrfToken"] = ctx.CsrfToken()
  379. 		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
  380. 

  381. 		c.Map(ctx)
  382. 

  383. 		c.Next()
  384. 	}
  385. }