1 files changed, 272 insertions, 0 deletions
diff --git a/modules/middleware/context.go b/modules/middleware/context.go
new file mode 100644
index 0000000000..d81ab999bf
--- /dev/null
+++ b/modules/middleware/context.go
@@ -0,0 +1,272 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package middleware
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"fmt"
+	"html/template"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/codegangsta/martini"
+
+	"github.com/gogits/cache"
+	"github.com/gogits/session"
+
+	"github.com/gogits/gogs/models"
+	"github.com/gogits/gogs/modules/auth"
+	"github.com/gogits/gogs/modules/base"
+	"github.com/gogits/gogs/modules/log"
+)
+
+// Context represents context of a request.
+type Context struct {
+	*Render
+	c        martini.Context
+	p        martini.Params
+	Req      *http.Request
+	Res      http.ResponseWriter
+	Session  session.SessionStore
+	Cache    cache.Cache
+	User     *models.User
+	IsSigned bool
+
+	csrfToken string
+
+	Repo struct {
+		IsValid    bool
+		IsOwner    bool
+		IsWatching bool
+		Repository *models.Repository
+		Owner      *models.User
+		CloneLink  struct {
+			SSH   string
+			HTTPS string
+			Git   string
+		}
+	}
+}
+
+// Query querys form parameter.
+func (ctx *Context) Query(name string) string {
+	ctx.Req.ParseForm()
+	return ctx.Req.Form.Get(name)
+}
+
+// func (ctx *Context) Param(name string) string {
+// 	return ctx.p[name]
+// }
+
+// HasError returns true if error occurs in form validation.
+func (ctx *Context) HasError() bool {
+	hasErr, ok := ctx.Data["HasError"]
+	if !ok {
+		return false
+	}
+	return hasErr.(bool)
+}
+
+// HTML calls render.HTML underlying but reduce one argument.
+func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) {
+	ctx.Render.HTML(status, name, ctx.Data, htmlOpt...)
+}
+
+// RenderWithErr used for page has form validation but need to prompt error to users.
+func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) {
+	ctx.Data["HasError"] = true
+	ctx.Data["ErrorMsg"] = msg
+	auth.AssignForm(form, ctx.Data)
+	ctx.HTML(200, tpl)
+}
+
+// Handle handles and logs error by given status.
+func (ctx *Context) Handle(status int, title string, err error) {
+	log.Error("%s: %v", title, err)
+	if martini.Dev == martini.Prod {
+		ctx.HTML(500, "status/500")
+		return
+	}
+
+	ctx.Data["ErrorMsg"] = err
+	ctx.HTML(status, fmt.Sprintf("status/%d", status))
+}
+
+func (ctx *Context) GetCookie(name string) string {
+	cookie, err := ctx.Req.Cookie(name)
+	if err != nil {
+		return ""
+	}
+	return cookie.Value
+}
+
+func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
+	cookie := http.Cookie{}
+	cookie.Name = name
+	cookie.Value = value
+
+	if len(others) > 0 {
+		switch v := others[0].(type) {
+		case int:
+			cookie.MaxAge = v
+		case int64:
+			cookie.MaxAge = int(v)
+		case int32:
+			cookie.MaxAge = int(v)
+		}
+	}
+
+	// default "/"
+	if len(others) > 1 {
+		if v, ok := others[1].(string); ok && len(v) > 0 {
+			cookie.Path = v
+		}
+	} else {
+		cookie.Path = "/"
+	}
+
+	// default empty
+	if len(others) > 2 {
+		if v, ok := others[2].(string); ok && len(v) > 0 {
+			cookie.Domain = v
+		}
+	}
+
+	// default empty
+	if len(others) > 3 {
+		switch v := others[3].(type) {
+		case bool:
+			cookie.Secure = v
+		default:
+			if others[3] != nil {
+				cookie.Secure = true
+			}
+		}
+	}
+
+	// default false. for session cookie default true
+	if len(others) > 4 {
+		if v, ok := others[4].(bool); ok && v {
+			cookie.HttpOnly = true
+		}
+	}
+
+	ctx.Res.Header().Add("Set-Cookie", cookie.String())
+}
+
+// Get secure cookie from request by a given key.
+func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
+	val := ctx.GetCookie(key)
+	if val == "" {
+		return "", false
+	}
+
+	parts := strings.SplitN(val, "|", 3)
+
+	if len(parts) != 3 {
+		return "", false
+	}
+
+	vs := parts[0]
+	timestamp := parts[1]
+	sig := parts[2]
+
+	h := hmac.New(sha1.New, []byte(Secret))
+	fmt.Fprintf(h, "%s%s", vs, timestamp)
+
+	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
+		return "", false
+	}
+	res, _ := base64.URLEncoding.DecodeString(vs)
+	return string(res), true
+}
+
+// Set Secure cookie for response.
+func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
+	vs := base64.URLEncoding.EncodeToString([]byte(value))
+	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
+	h := hmac.New(sha1.New, []byte(Secret))
+	fmt.Fprintf(h, "%s%s", vs, timestamp)
+	sig := fmt.Sprintf("%02x", h.Sum(nil))
+	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
+	ctx.SetCookie(name, cookie, others...)
+}
+
+func (ctx *Context) CsrfToken() string {
+	if len(ctx.csrfToken) > 0 {
+		return ctx.csrfToken
+	}
+
+	token := ctx.GetCookie("_csrf")
+	if len(token) == 0 {
+		token = base.GetRandomString(30)
+		ctx.SetCookie("_csrf", token)
+	}
+	ctx.csrfToken = token
+	return token
+}
+
+func (ctx *Context) CsrfTokenValid() bool {
+	token := ctx.Query("_csrf")
+	if token == "" {
+		token = ctx.Req.Header.Get("X-Csrf-Token")
+	}
+	if token == "" {
+		return false
+	} else if ctx.csrfToken != token {
+		return false
+	}
+	return true
+}
+
+// InitContext initializes a classic context for a request.
+func InitContext() martini.Handler {
+	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
+
+		ctx := &Context{
+			c: c,
+			// p:      p,
+			Req:    r,
+			Res:    res,
+			Cache:  base.Cache,
+			Render: rd,
+		}
+
+		ctx.Data["PageStartTime"] = time.Now()
+
+		// start session
+		ctx.Session = base.SessionManager.SessionStart(res, r)
+		rw := res.(martini.ResponseWriter)
+		rw.Before(func(martini.ResponseWriter) {
+			ctx.Session.SessionRelease(res)
+		})
+
+		// Get user from session if logined.
+		user := auth.SignedInUser(ctx.Session)
+		ctx.User = user
+		ctx.IsSigned = user != nil
+
+		ctx.Data["IsSigned"] = ctx.IsSigned
+
+		if user != nil {
+			ctx.Data["SignedUser"] = user
+			ctx.Data["SignedUserId"] = user.Id
+			ctx.Data["SignedUserName"] = user.LowerName
+			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
+		}
+
+		// get or create csrf token
+		ctx.Data["CsrfToken"] = ctx.CsrfToken()
+		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
+
+		c.Map(ctx)
+
+		c.Next()
+	}
+}