mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-09 03:11:51 +01:00
01d957677f
* initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
88 lines
2.8 KiB
Go
88 lines
2.8 KiB
Go
// Copyright 2012 The Gorilla Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
/*
|
|
Package context stores values shared during a request lifetime.
|
|
|
|
Note: gorilla/context, having been born well before `context.Context` existed,
|
|
does not play well > with the shallow copying of the request that
|
|
[`http.Request.WithContext`](https://golang.org/pkg/net/http/#Request.WithContext)
|
|
(added to net/http Go 1.7 onwards) performs. You should either use *just*
|
|
gorilla/context, or moving forward, the new `http.Request.Context()`.
|
|
|
|
For example, a router can set variables extracted from the URL and later
|
|
application handlers can access those values, or it can be used to store
|
|
sessions values to be saved at the end of a request. There are several
|
|
others common uses.
|
|
|
|
The idea was posted by Brad Fitzpatrick to the go-nuts mailing list:
|
|
|
|
http://groups.google.com/group/golang-nuts/msg/e2d679d303aa5d53
|
|
|
|
Here's the basic usage: first define the keys that you will need. The key
|
|
type is interface{} so a key can be of any type that supports equality.
|
|
Here we define a key using a custom int type to avoid name collisions:
|
|
|
|
package foo
|
|
|
|
import (
|
|
"github.com/gorilla/context"
|
|
)
|
|
|
|
type key int
|
|
|
|
const MyKey key = 0
|
|
|
|
Then set a variable. Variables are bound to an http.Request object, so you
|
|
need a request instance to set a value:
|
|
|
|
context.Set(r, MyKey, "bar")
|
|
|
|
The application can later access the variable using the same key you provided:
|
|
|
|
func MyHandler(w http.ResponseWriter, r *http.Request) {
|
|
// val is "bar".
|
|
val := context.Get(r, foo.MyKey)
|
|
|
|
// returns ("bar", true)
|
|
val, ok := context.GetOk(r, foo.MyKey)
|
|
// ...
|
|
}
|
|
|
|
And that's all about the basic usage. We discuss some other ideas below.
|
|
|
|
Any type can be stored in the context. To enforce a given type, make the key
|
|
private and wrap Get() and Set() to accept and return values of a specific
|
|
type:
|
|
|
|
type key int
|
|
|
|
const mykey key = 0
|
|
|
|
// GetMyKey returns a value for this package from the request values.
|
|
func GetMyKey(r *http.Request) SomeType {
|
|
if rv := context.Get(r, mykey); rv != nil {
|
|
return rv.(SomeType)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetMyKey sets a value for this package in the request values.
|
|
func SetMyKey(r *http.Request, val SomeType) {
|
|
context.Set(r, mykey, val)
|
|
}
|
|
|
|
Variables must be cleared at the end of a request, to remove all values
|
|
that were stored. This can be done in an http.Handler, after a request was
|
|
served. Just call Clear() passing the request:
|
|
|
|
context.Clear(r)
|
|
|
|
...or use ClearHandler(), which conveniently wraps an http.Handler to clear
|
|
variables at the end of a request lifetime.
|
|
|
|
The Routers from the packages gorilla/mux and gorilla/pat call Clear()
|
|
so if you are using either of them you don't need to clear the context manually.
|
|
*/
|
|
package context
|