You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

110 lines
3.2 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
9 years ago
10 years ago
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package context
  5. import (
  6. "net/url"
  7. "code.gitea.io/gitea/modules/auth"
  8. "code.gitea.io/gitea/modules/setting"
  9. "github.com/go-macaron/csrf"
  10. macaron "gopkg.in/macaron.v1"
  11. )
  12. // ToggleOptions contains required or check options
  13. type ToggleOptions struct {
  14. SignInRequired bool
  15. SignOutRequired bool
  16. AdminRequired bool
  17. DisableCSRF bool
  18. }
  19. // Toggle returns toggle options as middleware
  20. func Toggle(options *ToggleOptions) macaron.Handler {
  21. return func(ctx *Context) {
  22. // Cannot view any page before installation.
  23. if !setting.InstallLock {
  24. ctx.Redirect(setting.AppSubURL + "/install")
  25. return
  26. }
  27. // Check prohibit login users.
  28. if ctx.IsSigned {
  29. if ctx.User.ProhibitLogin {
  30. ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
  31. ctx.HTML(200, "user/auth/prohibit_login")
  32. return
  33. }
  34. // prevent infinite redirection
  35. // also make sure that the form cannot be accessed by
  36. // users who don't need this
  37. if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" {
  38. if !ctx.User.MustChangePassword {
  39. ctx.Redirect(setting.AppSubURL + "/")
  40. }
  41. return
  42. }
  43. if ctx.User.MustChangePassword {
  44. ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
  45. ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
  46. ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
  47. ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
  48. return
  49. }
  50. }
  51. // Redirect to dashboard if user tries to visit any non-login page.
  52. if options.SignOutRequired && ctx.IsSigned && ctx.Req.RequestURI != "/" {
  53. ctx.Redirect(setting.AppSubURL + "/")
  54. return
  55. }
  56. if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
  57. csrf.Validate(ctx.Context, ctx.csrf)
  58. if ctx.Written() {
  59. return
  60. }
  61. }
  62. if options.SignInRequired {
  63. if !ctx.IsSigned {
  64. // Restrict API calls with error message.
  65. if auth.IsAPIPath(ctx.Req.URL.Path) {
  66. ctx.JSON(403, map[string]string{
  67. "message": "Only signed in user is allowed to call APIs.",
  68. })
  69. return
  70. }
  71. ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
  72. ctx.Redirect(setting.AppSubURL + "/user/login")
  73. return
  74. } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
  75. ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
  76. ctx.HTML(200, "user/auth/activate")
  77. return
  78. }
  79. }
  80. // Redirect to log in page if auto-signin info is provided and has not signed in.
  81. if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&
  82. len(ctx.GetCookie(setting.CookieUserName)) > 0 {
  83. ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
  84. ctx.Redirect(setting.AppSubURL + "/user/login")
  85. return
  86. }
  87. if options.AdminRequired {
  88. if !ctx.User.IsAdmin {
  89. ctx.Error(403)
  90. return
  91. }
  92. ctx.Data["PageIsAdmin"] = true
  93. }
  94. }
  95. }