diff options
| author | Unknwon <u@gogs.io> | 2016-03-11 11:56:52 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2016-03-11 11:56:52 -0500 |
| commit | 514382e2ebfe6869268aeb919c1fa4d224687e13 (patch) | |
| tree | 1aa8c4b3b1e771a5dc6f0bdd74567961570efcaa /modules/context/auth.go | |
| parent | cb1eadc2768ea5ffb2967eb4262e96730c3f9ba5 (diff) | |
| download | gitea-514382e2ebfe6869268aeb919c1fa4d224687e13.tar.gz gitea-514382e2ebfe6869268aeb919c1fa4d224687e13.zip | |
Rename module: middleware -> context
Diffstat (limited to 'modules/context/auth.go')
| -rw-r--r-- | modules/context/auth.go | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go new file mode 100644 index 0000000000..41c8b9eb01 --- /dev/null +++ b/modules/context/auth.go @@ -0,0 +1,85 @@ +// Copyright 2014 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package context + +import ( + "net/url" + + "github.com/go-macaron/csrf" + "gopkg.in/macaron.v1" + + "github.com/gogits/gogs/modules/auth" + "github.com/gogits/gogs/modules/setting" +) + +type ToggleOptions struct { + SignInRequired bool + SignOutRequired bool + AdminRequired bool + DisableCSRF bool +} + +func Toggle(options *ToggleOptions) macaron.Handler { + return func(ctx *Context) { + // Cannot view any page before installation. + if !setting.InstallLock { + ctx.Redirect(setting.AppSubUrl + "/install") + return + } + + // Checking non-logged users landing page. + if !ctx.IsSigned && ctx.Req.RequestURI == "/" && setting.LandingPageUrl != setting.LANDING_PAGE_HOME { + ctx.Redirect(setting.AppSubUrl + string(setting.LandingPageUrl)) + return + } + + // Redirect to dashboard if user tries to visit any non-login page. + if options.SignOutRequired && ctx.IsSigned && ctx.Req.RequestURI != "/" { + ctx.Redirect(setting.AppSubUrl + "/") + return + } + + if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) { + csrf.Validate(ctx.Context, ctx.csrf) + if ctx.Written() { + return + } + } + + if options.SignInRequired { + if !ctx.IsSigned { + // Restrict API calls with error message. + if auth.IsAPIPath(ctx.Req.URL.Path) { + ctx.APIError(403, "", "Only signed in user is allowed to call APIs.") + return + } + + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) + ctx.Redirect(setting.AppSubUrl + "/user/login") + return + } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm { + ctx.Data["Title"] = ctx.Tr("auth.active_your_account") + ctx.HTML(200, "user/auth/activate") + return + } + } + + // Redirect to log in page if auto-signin info is provided and has not signed in. + if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) && + len(ctx.GetCookie(setting.CookieUserName)) > 0 { + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) + ctx.Redirect(setting.AppSubUrl + "/user/login") + return + } + + if options.AdminRequired { + if !ctx.User.IsAdmin { + ctx.Error(403) + return + } + ctx.Data["PageIsAdmin"] = true + } + } +} |