forgejo/modules/middleware/context.go

388 lines
9.2 KiB
Go
Raw Normal View History

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package middleware
import (
2014-03-22 21:40:09 +01:00
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
2014-03-15 14:17:16 +01:00
"fmt"
2014-03-22 18:44:02 +01:00
"html/template"
2014-04-15 18:27:29 +02:00
"io"
"net/http"
2014-04-10 20:37:43 +02:00
"net/url"
2014-04-15 18:27:29 +02:00
"path/filepath"
2014-03-22 21:40:09 +01:00
"strconv"
"strings"
2014-03-19 14:57:55 +01:00
"time"
2014-03-30 18:11:28 +02:00
"github.com/go-martini/martini"
2014-03-21 14:06:47 +01:00
"github.com/gogits/cache"
"github.com/gogits/git"
2014-03-22 13:49:53 +01:00
"github.com/gogits/session"
2014-03-21 14:06:47 +01:00
"github.com/gogits/gogs/models"
"github.com/gogits/gogs/modules/auth"
2014-03-21 14:31:47 +01:00
"github.com/gogits/gogs/modules/base"
"github.com/gogits/gogs/modules/log"
2014-05-26 02:11:25 +02:00
"github.com/gogits/gogs/modules/setting"
)
2014-03-15 14:17:16 +01:00
// Context represents context of a request.
type Context struct {
2014-03-19 14:57:55 +01:00
*Render
c martini.Context
p martini.Params
Req *http.Request
Res http.ResponseWriter
2014-04-10 20:37:43 +02:00
Flash *Flash
2014-03-22 13:49:53 +01:00
Session session.SessionStore
2014-03-21 14:06:47 +01:00
Cache cache.Cache
User *models.User
IsSigned bool
2014-03-15 17:03:23 +01:00
2014-03-22 18:44:02 +01:00
csrfToken string
2014-03-15 17:03:23 +01:00
Repo struct {
IsOwner bool
IsTrueOwner bool
IsWatching bool
IsBranch bool
IsTag bool
IsCommit bool
HasAccess bool
Repository *models.Repository
Owner *models.User
Commit *git.Commit
Tag *git.Tag
GitRepo *git.Repository
BranchName string
TagName string
CommitId string
RepoLink string
CloneLink struct {
2014-03-20 05:12:33 +01:00
SSH string
HTTPS string
Git string
}
2014-04-15 18:27:29 +02:00
Mirror *models.Mirror
2014-03-15 17:03:23 +01:00
}
}
2014-03-15 14:17:16 +01:00
// Query querys form parameter.
func (ctx *Context) Query(name string) string {
ctx.Req.ParseForm()
return ctx.Req.Form.Get(name)
}
// func (ctx *Context) Param(name string) string {
// return ctx.p[name]
// }
2014-05-05 19:08:01 +02:00
// HasError returns true if error occurs in form validation.
func (ctx *Context) HasApiError() bool {
hasErr, ok := ctx.Data["HasError"]
if !ok {
return false
}
return hasErr.(bool)
}
func (ctx *Context) GetErrMsg() string {
return ctx.Data["ErrorMsg"].(string)
}
2014-03-15 15:52:14 +01:00
// HasError returns true if error occurs in form validation.
func (ctx *Context) HasError() bool {
hasErr, ok := ctx.Data["HasError"]
if !ok {
return false
}
2014-04-14 00:12:07 +02:00
ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
ctx.Data["Flash"] = ctx.Flash
2014-03-15 15:52:14 +01:00
return hasErr.(bool)
}
2014-03-20 12:50:26 +01:00
// HTML calls render.HTML underlying but reduce one argument.
func (ctx *Context) HTML(status int, name base.TplName, htmlOpt ...HTMLOptions) {
ctx.Render.HTML(status, string(name), ctx.Data, htmlOpt...)
2014-03-20 12:50:26 +01:00
}
2014-03-15 15:52:14 +01:00
// RenderWithErr used for page has form validation but need to prompt error to users.
func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form auth.Form) {
2014-04-03 21:50:55 +02:00
if form != nil {
auth.AssignForm(form, ctx.Data)
}
2014-04-10 22:36:50 +02:00
ctx.Flash.ErrorMsg = msg
ctx.Data["Flash"] = ctx.Flash
2014-03-20 12:50:26 +01:00
ctx.HTML(200, tpl)
2014-03-15 15:52:14 +01:00
}
2014-03-15 14:17:16 +01:00
// Handle handles and logs error by given status.
func (ctx *Context) Handle(status int, title string, err error) {
2014-05-02 00:53:41 +02:00
if err != nil {
log.Error("%s: %v", title, err)
if martini.Dev != martini.Prod {
ctx.Data["ErrorMsg"] = err
}
2014-03-19 09:48:45 +01:00
}
2014-05-02 00:53:41 +02:00
switch status {
case 404:
ctx.Data["Title"] = "Page Not Found"
case 500:
ctx.Data["Title"] = "Internal Server Error"
}
ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
}
2014-03-22 18:44:02 +01:00
func (ctx *Context) GetCookie(name string) string {
cookie, err := ctx.Req.Cookie(name)
if err != nil {
return ""
}
return cookie.Value
}
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
cookie := http.Cookie{}
cookie.Name = name
cookie.Value = value
if len(others) > 0 {
switch v := others[0].(type) {
case int:
cookie.MaxAge = v
case int64:
cookie.MaxAge = int(v)
case int32:
cookie.MaxAge = int(v)
}
}
// default "/"
if len(others) > 1 {
if v, ok := others[1].(string); ok && len(v) > 0 {
cookie.Path = v
}
} else {
cookie.Path = "/"
}
// default empty
if len(others) > 2 {
if v, ok := others[2].(string); ok && len(v) > 0 {
cookie.Domain = v
}
}
// default empty
if len(others) > 3 {
switch v := others[3].(type) {
case bool:
cookie.Secure = v
default:
if others[3] != nil {
cookie.Secure = true
}
}
}
// default false. for session cookie default true
if len(others) > 4 {
if v, ok := others[4].(bool); ok && v {
cookie.HttpOnly = true
}
}
ctx.Res.Header().Add("Set-Cookie", cookie.String())
}
2014-03-22 21:40:09 +01:00
// Get secure cookie from request by a given key.
func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
val := ctx.GetCookie(key)
if val == "" {
return "", false
}
parts := strings.SplitN(val, "|", 3)
if len(parts) != 3 {
return "", false
}
vs := parts[0]
timestamp := parts[1]
sig := parts[2]
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
return "", false
}
res, _ := base64.URLEncoding.DecodeString(vs)
return string(res), true
}
// Set Secure cookie for response.
func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
vs := base64.URLEncoding.EncodeToString([]byte(value))
timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
h := hmac.New(sha1.New, []byte(Secret))
fmt.Fprintf(h, "%s%s", vs, timestamp)
sig := fmt.Sprintf("%02x", h.Sum(nil))
cookie := strings.Join([]string{vs, timestamp, sig}, "|")
ctx.SetCookie(name, cookie, others...)
}
2014-03-22 18:44:02 +01:00
func (ctx *Context) CsrfToken() string {
if len(ctx.csrfToken) > 0 {
return ctx.csrfToken
}
token := ctx.GetCookie("_csrf")
if len(token) == 0 {
token = base.GetRandomString(30)
ctx.SetCookie("_csrf", token)
}
ctx.csrfToken = token
return token
}
func (ctx *Context) CsrfTokenValid() bool {
token := ctx.Query("_csrf")
if token == "" {
token = ctx.Req.Header.Get("X-Csrf-Token")
}
if token == "" {
return false
} else if ctx.csrfToken != token {
return false
}
return true
}
2014-04-15 18:27:29 +02:00
func (ctx *Context) ServeFile(file string, names ...string) {
var name string
if len(names) > 0 {
name = names[0]
} else {
name = filepath.Base(file)
}
ctx.Res.Header().Set("Content-Description", "File Transfer")
ctx.Res.Header().Set("Content-Type", "application/octet-stream")
ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
ctx.Res.Header().Set("Expires", "0")
ctx.Res.Header().Set("Cache-Control", "must-revalidate")
ctx.Res.Header().Set("Pragma", "public")
http.ServeFile(ctx.Res, ctx.Req, file)
}
func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
modtime := time.Now()
for _, p := range params {
switch v := p.(type) {
case time.Time:
modtime = v
}
}
ctx.Res.Header().Set("Content-Description", "File Transfer")
ctx.Res.Header().Set("Content-Type", "application/octet-stream")
ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name)
ctx.Res.Header().Set("Content-Transfer-Encoding", "binary")
ctx.Res.Header().Set("Expires", "0")
ctx.Res.Header().Set("Cache-Control", "must-revalidate")
ctx.Res.Header().Set("Pragma", "public")
http.ServeContent(ctx.Res, ctx.Req, name, modtime, r)
}
2014-04-10 20:37:43 +02:00
type Flash struct {
url.Values
ErrorMsg, SuccessMsg string
}
func (f *Flash) Error(msg string) {
f.Set("error", msg)
f.ErrorMsg = msg
}
func (f *Flash) Success(msg string) {
f.Set("success", msg)
f.SuccessMsg = msg
}
2014-03-15 14:17:16 +01:00
// InitContext initializes a classic context for a request.
func InitContext() martini.Handler {
2014-03-22 13:49:53 +01:00
return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
ctx := &Context{
c: c,
// p: p,
2014-03-22 13:49:53 +01:00
Req: r,
Res: res,
2014-05-26 02:11:25 +02:00
Cache: setting.Cache,
2014-03-22 13:49:53 +01:00
Render: rd,
}
2014-03-22 18:44:02 +01:00
ctx.Data["PageStartTime"] = time.Now()
2014-03-22 13:49:53 +01:00
// start session
2014-05-26 02:11:25 +02:00
ctx.Session = setting.SessionManager.SessionStart(res, r)
2014-04-10 20:37:43 +02:00
// Get flash.
values, err := url.ParseQuery(ctx.GetCookie("gogs_flash"))
if err != nil {
log.Error("InitContext.ParseQuery(flash): %v", err)
2014-04-10 22:36:50 +02:00
} else if len(values) > 0 {
ctx.Flash = &Flash{Values: values}
ctx.Flash.ErrorMsg = ctx.Flash.Get("error")
ctx.Flash.SuccessMsg = ctx.Flash.Get("success")
2014-04-10 20:37:43 +02:00
ctx.Data["Flash"] = ctx.Flash
2014-04-10 22:36:50 +02:00
ctx.SetCookie("gogs_flash", "", -1)
2014-04-10 20:37:43 +02:00
}
2014-04-10 22:36:50 +02:00
ctx.Flash = &Flash{Values: url.Values{}}
2014-04-10 20:37:43 +02:00
2014-03-22 18:44:02 +01:00
rw := res.(martini.ResponseWriter)
rw.Before(func(martini.ResponseWriter) {
2014-03-22 13:49:53 +01:00
ctx.Session.SessionRelease(res)
2014-04-10 20:37:43 +02:00
if flash := ctx.Flash.Encode(); len(flash) > 0 {
2014-07-24 18:49:40 +02:00
ctx.SetCookie("gogs_flash", flash, 0)
2014-04-10 20:37:43 +02:00
}
2014-03-22 18:44:02 +01:00
})
2014-03-22 13:49:53 +01:00
// Get user from session if logined.
2014-06-21 06:51:41 +02:00
user := auth.SignedInUser(ctx.req.Header, ctx.Session)
ctx.User = user
2014-03-15 13:50:17 +01:00
ctx.IsSigned = user != nil
2014-03-19 14:57:55 +01:00
ctx.Data["IsSigned"] = ctx.IsSigned
2014-03-15 13:50:17 +01:00
if user != nil {
2014-03-19 14:57:55 +01:00
ctx.Data["SignedUser"] = user
ctx.Data["SignedUserId"] = user.Id
2014-03-30 11:03:00 +02:00
ctx.Data["SignedUserName"] = user.Name
2014-03-20 13:02:14 +01:00
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
2014-03-15 13:50:17 +01:00
}
2014-07-24 15:19:59 +02:00
// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
2014-07-25 10:18:42 +02:00
if r.Method == "POST" && strings.Contains(r.Header.Get("Content-Type"), "multipart/form-data") {
if err = ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
2014-07-24 15:19:59 +02:00
ctx.Handle(500, "issue.Comment(ctx.Req.ParseMultipartForm)", err)
return
}
}
2014-03-22 18:44:02 +01:00
// get or create csrf token
ctx.Data["CsrfToken"] = ctx.CsrfToken()
ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
2014-03-19 14:57:55 +01:00
c.Map(ctx)
c.Next()
}
}