closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1195 Commits
2 Branches
178 MiB
Tree: ee9b7f322f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee9b7f322f'
${ noResults }
gitea/modules/middleware/context.go

382 lines
8.8 KiB
Raw Normal View History

move templateFuncs to one file, add middleware context.
10 years ago
Add auto-login
10 years ago
Clean code
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
zip archive download
10 years ago
Add auto-login
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Change new martini impot path
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add cache
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Fixed #209
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Work on form resubmit
10 years ago
update session
10 years ago
add cache
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
modify RepoAssignment
10 years ago
add csrf check
10 years ago
modify RepoAssignment
10 years ago
Finish watch backend
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
Support private repo
10 years ago
modify RepoAssignment
10 years ago
add Owner to Context.Repo
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
Mirror fix
10 years ago
zip archive download
10 years ago
modify RepoAssignment
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean api code
10 years ago
Clean code
10 years ago
Clean oauth code
10 years ago
Clean code
10 years ago
Work on admin
10 years ago
In progress of name template name constant
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
In progress of name template name constant
10 years ago
Add: rename repository
10 years ago
Add flash
10 years ago
Work on admin
10 years ago
Clean code
10 years ago
Clean code
10 years ago
Add router log config option
10 years ago
Add some log
10 years ago
Add router log config option
10 years ago
In progress of name template name constant
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
remove Context.IsValid & verify repo in middleware repo.go
10 years ago
add csrf check
10 years ago
Add auto-login
10 years ago
add csrf check
10 years ago
zip archive download
10 years ago
Work on form resubmit
10 years ago
Clean code
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
update session
10 years ago
Fixed #209
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
update session
10 years ago
Fixed #209
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
Work on form resubmit
10 years ago
Add flash
10 years ago
Work on form resubmit
10 years ago
add csrf check
10 years ago
update session
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Fix #165
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
fork render
10 years ago
fix context
10 years ago
fork render
10 years ago
fix some link
10 years ago
Work on admin
10 years ago
fix context
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
add csrf check
10 years ago
fork render
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package middleware
  6. 

  7. import (
  8. 	"crypto/hmac"
  9. 	"crypto/sha1"
  10. 	"encoding/base64"
  11. 	"fmt"
  12. 	"html/template"
  13. 	"io"
  14. 	"net/http"
  15. 	"net/url"
  16. 	"path/filepath"
  17. 	"strconv"
  18. 	"strings"
  19. 	"time"
  20. 

  21. 	"github.com/go-martini/martini"
  22. 

  23. 	"github.com/gogits/cache"
  24. 	"github.com/gogits/git"
  25. 	"github.com/gogits/session"
  26. 

  27. 	"github.com/gogits/gogs/models"
  28. 	"github.com/gogits/gogs/modules/auth"
  29. 	"github.com/gogits/gogs/modules/base"
  30. 	"github.com/gogits/gogs/modules/log"
  31. 	"github.com/gogits/gogs/modules/setting"
  32. )
  33. 

  34. // Context represents context of a request.

  35. type Context struct {
  36. 	*Render
  37. 	c        martini.Context
  38. 	p        martini.Params
  39. 	Req      *http.Request
  40. 	Res      http.ResponseWriter
  41. 	Flash    *Flash
  42. 	Session  session.SessionStore
  43. 	Cache    cache.Cache
  44. 	User     *models.User
  45. 	IsSigned bool
  46. 

  47. 	csrfToken string
  48. 

  49. 	Repo struct {
  50. 		IsOwner    bool
  51. 		IsWatching bool
  52. 		IsBranch   bool
  53. 		IsTag      bool
  54. 		IsCommit   bool
  55. 		HasAccess  bool
  56. 		Repository *models.Repository
  57. 		Owner      *models.User
  58. 		Commit     *git.Commit
  59. 		GitRepo    *git.Repository
  60. 		BranchName string
  61. 		CommitId   string
  62. 		RepoLink   string
  63. 		CloneLink  struct {
  64. 			SSH   string
  65. 			HTTPS string
  66. 			Git   string
  67. 		}
  68. 		Mirror *models.Mirror
  69. 	}
  70. }
  71. 

  72. // Query querys form parameter.

  73. func (ctx *Context) Query(name string) string {
  74. 	ctx.Req.ParseForm()
  75. 	return ctx.Req.Form.Get(name)
  76. }
  77. 

  78. // func (ctx *Context) Param(name string) string {

  79. // 	return ctx.p[name]

  80. // }

  81. 

  82. // HasError returns true if error occurs in form validation.

  83. func (ctx *Context) HasApiError() bool {
  84. 	hasErr, ok := ctx.Data["HasError"]
  85. 	if !ok {
  86. 		return false
  87. 	}
  88. 	return hasErr.(bool)
  89. }
  90. 

  91. func (ctx *Context) GetErrMsg() string {
  92. 	return ctx.Data["ErrorMsg"].(string)
  93. }
  94. 

  95. // HasError returns true if error occurs in form validation.

  96. func (ctx *Context) HasError() bool {
  97. 	hasErr, ok := ctx.Data["HasError"]
  98. 	if !ok {
  99. 		return false
  100. 	}
  101. 	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
  102. 	ctx.Data["Flash"] = ctx.Flash
  103. 	return hasErr.(bool)
  104. }
  105. 

  106. // HTML calls render.HTML underlying but reduce one argument.

  107. func (ctx *Context) HTML(status int, name base.TplName, htmlOpt ...HTMLOptions) {
  108. 	ctx.Render.HTML(status, string(name), ctx.Data, htmlOpt...)
  109. }
  110. 

  111. // RenderWithErr used for page has form validation but need to prompt error to users.

  112. func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form auth.Form) {
  113. 	if form != nil {
  114. 		auth.AssignForm(form, ctx.Data)
  115. 	}
  116. 	ctx.Flash.ErrorMsg = msg
  117. 	ctx.Data["Flash"] = ctx.Flash
  118. 	ctx.HTML(200, tpl)
  119. }
  120. 

  121. // Handle handles and logs error by given status.

  122. func (ctx *Context) Handle(status int, title string, err error) {
  123. 	if err != nil {
  124. 		log.Error("%s: %v", title, err)
  125. 		if martini.Dev != martini.Prod {
  126. 			ctx.Data["ErrorMsg"] = err
  127. 		}
  128. 	}
  129. 

  130. 	switch status {
  131. 	case 404:
  132. 		ctx.Data["Title"] = "Page Not Found"
  133. 	case 500:
  134. 		ctx.Data["Title"] = "Internal Server Error"
  135. 	}
  136. 	ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
  137. }
  138. 

  139. func (ctx *Context) Debug(msg string, args ...interface{}) {
  140. 	log.Debug(msg, args...)
  141. }
  142. 

  143. func (ctx *Context) GetCookie(name string) string {
  144. 	cookie, err := ctx.Req.Cookie(name)
  145. 	if err != nil {
  146. 		return ""
  147. 	}
  148. 	return cookie.Value
  149. }
  150. 

  151. func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
  152. 	cookie := http.Cookie{}
  153. 	cookie.Name = name
  154. 	cookie.Value = value
  155. 

  156. 	if len(others) > 0 {
  157. 		switch v := others[0].(type) {
  158. 		case int:
  159. 			cookie.MaxAge = v
  160. 		case int64:
  161. 			cookie.MaxAge = int(v)
  162. 		case int32:
  163. 			cookie.MaxAge = int(v)
  164. 		}
  165. 	}
  166. 

  167. 	// default "/"

  168. 	if len(others) > 1 {
  169. 		if v, ok := others[1].(string); ok && len(v) > 0 {
  170. 			cookie.Path = v
  171. 		}
  172. 	} else {
  173. 		cookie.Path = "/"
  174. 	}
  175. 

  176. 	// default empty

  177. 	if len(others) > 2 {
  178. 		if v, ok := others[2].(string); ok && len(v) > 0 {
  179. 			cookie.Domain = v
  180. 		}
  181. 	}
  182. 

  183. 	// default empty

  184. 	if len(others) > 3 {
  185. 		switch v := others[3].(type) {
  186. 		case bool:
  187. 			cookie.Secure = v
  188. 		default:
  189. 			if others[3] != nil {
  190. 				cookie.Secure = true
  191. 			}
  192. 		}
  193. 	}
  194. 

  195. 	// default false. for session cookie default true

  196. 	if len(others) > 4 {
  197. 		if v, ok := others[4].(bool); ok && v {
  198. 			cookie.HttpOnly = true
  199. 		}
  200. 	}
  201. 

  202. 	ctx.Res.Header().Add("Set-Cookie", cookie.String())
  203. }
  204. 

  205. // Get secure cookie from request by a given key.

  206. func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
  207. 	val := ctx.GetCookie(key)
  208. 	if val == "" {
  209. 		return "", false
  210. 	}
  211. 

  212. 	parts := strings.SplitN(val, "|", 3)
  213. 

  214. 	if len(parts) != 3 {
  215. 		return "", false
  216. 	}
  217. 

  218. 	vs := parts[0]
  219. 	timestamp := parts[1]
  220. 	sig := parts[2]
  221. 

  222. 	h := hmac.New(sha1.New, []byte(Secret))
  223. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  224. 

  225. 	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
  226. 		return "", false
  227. 	}
  228. 	res, _ := base64.URLEncoding.DecodeString(vs)
  229. 	return string(res), true
  230. }
  231. 

  232. // Set Secure cookie for response.

  233. func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
  234. 	vs := base64.URLEncoding.EncodeToString([]byte(value))
  235. 	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
  236. 	h := hmac.New(sha1.New, []byte(Secret))
  237. 	fmt.Fprintf(h, "%s%s", vs, timestamp)
  238. 	sig := fmt.Sprintf("%02x", h.Sum(nil))
  239. 	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
  240. 	ctx.SetCookie(name, cookie, others...)
  241. }
  242. 

  243. func (ctx *Context) CsrfToken() string {
  244. 	if len(ctx.csrfToken) > 0 {
  245. 		return ctx.csrfToken
  246. 	}
  247. 

  248. 	token := ctx.GetCookie("_csrf")
  249. 	if len(token) == 0 {
  250. 		token = base.GetRandomString(30)
  251. 		ctx.SetCookie("_csrf", token)
  252. 	}
  253. 	ctx.csrfToken = token
  254. 	return token
  255. }
  256. 

  257. func (ctx *Context) CsrfTokenValid() bool {
  258. 	token := ctx.Query("_csrf")
  259. 	if token == "" {
  260. 		token = ctx.Req.Header.Get("X-Csrf-Token")
  261. 	}
  262. 	if token == "" {
  263. 		return false
  264. 	} else if ctx.csrfToken != token {
  265. 		return false
  266. 	}
  267. 	return true
  268. }
  269. 

  270. func (ctx *Context) ServeFile(file string, names ...string) {
  271. 	var name string
  272. 	if len(names) > 0 {
  273. 		name = names[0]
  274. 	} else {
  275. 		name = filepath.Base(file)
  276. 	}
  277. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  278. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  279. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  280. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  281. 	ctx.Res.Header().Set("Expires", "0")
  282. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  283. 	ctx.Res.Header().Set("Pragma", "public")
  284. 	http.ServeFile(ctx.Res, ctx.Req, file)
  285. }
  286. 

  287. func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
  288. 	modtime := time.Now()
  289. 	for _, p := range params {
  290. 		switch v := p.(type) {
  291. 		case time.Time:
  292. 			modtime = v
  293. 		}
  294. 	}
  295. 	ctx.Res.Header().Set("Content-Description", "File Transfer")
  296. 	ctx.Res.Header().Set("Content-Type", "application/octet-stream")
  297. 	ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
  298. 	ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
  299. 	ctx.Res.Header().Set("Expires", "0")
  300. 	ctx.Res.Header().Set("Cache-Control", "must-revalidate")
  301. 	ctx.Res.Header().Set("Pragma", "public")
  302. 	http.ServeContent(ctx.Res, ctx.Req, name, modtime, r)
  303. }
  304. 

  305. type Flash struct {
  306. 	url.Values
  307. 	ErrorMsg, SuccessMsg string
  308. }
  309. 

  310. func (f *Flash) Error(msg string) {
  311. 	f.Set("error", msg)
  312. 	f.ErrorMsg = msg
  313. }
  314. 

  315. func (f *Flash) Success(msg string) {
  316. 	f.Set("success", msg)
  317. 	f.SuccessMsg = msg
  318. }
  319. 

  320. // InitContext initializes a classic context for a request.

  321. func InitContext() martini.Handler {
  322. 	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
  323. 

  324. 		ctx := &Context{
  325. 			c: c,
  326. 			// p:      p,

  327. 			Req:    r,
  328. 			Res:    res,
  329. 			Cache:  setting.Cache,
  330. 			Render: rd,
  331. 		}
  332. 

  333. 		ctx.Data["PageStartTime"] = time.Now()
  334. 

  335. 		// start session

  336. 		ctx.Session = setting.SessionManager.SessionStart(res, r)
  337. 

  338. 		// Get flash.

  339. 		values, err := url.ParseQuery(ctx.GetCookie("gogs_flash"))
  340. 		if err != nil {
  341. 			log.Error("InitContext.ParseQuery(flash): %v", err)
  342. 		} else if len(values) > 0 {
  343. 			ctx.Flash = &Flash{Values: values}
  344. 			ctx.Flash.ErrorMsg = ctx.Flash.Get("error")
  345. 			ctx.Flash.SuccessMsg = ctx.Flash.Get("success")
  346. 			ctx.Data["Flash"] = ctx.Flash
  347. 			ctx.SetCookie("gogs_flash", "", -1)
  348. 		}
  349. 		ctx.Flash = &Flash{Values: url.Values{}}
  350. 

  351. 		rw := res.(martini.ResponseWriter)
  352. 		rw.Before(func(martini.ResponseWriter) {
  353. 			ctx.Session.SessionRelease(res)
  354. 

  355. 			if flash := ctx.Flash.Encode(); len(flash) > 0 {
  356. 				ctx.SetCookie("gogs_flash", ctx.Flash.Encode(), 0)
  357. 			}
  358. 		})
  359. 

  360. 		// Get user from session if logined.

  361. 		user := auth.SignedInUser(ctx.req.Header, ctx.Session)
  362. 		ctx.User = user
  363. 		ctx.IsSigned = user != nil
  364. 

  365. 		ctx.Data["IsSigned"] = ctx.IsSigned
  366. 

  367. 		if user != nil {
  368. 			ctx.Data["SignedUser"] = user
  369. 			ctx.Data["SignedUserId"] = user.Id
  370. 			ctx.Data["SignedUserName"] = user.Name
  371. 			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
  372. 		}
  373. 

  374. 		// get or create csrf token

  375. 		ctx.Data["CsrfToken"] = ctx.CsrfToken()
  376. 		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
  377. 

  378. 		c.Map(ctx)
  379. 

  380. 		c.Next()
  381. 	}
  382. }