mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7889 Commits
17 Branches
Tree: 171b359877
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '171b359877'
${ noResults }
gitea/modules/context/api.go

api.go 5.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 
  1. // Copyright 2016 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package context

  7. 

  8. import (

  9. 	"fmt"

  10. 	"net/url"

  11. 	"strings"

  12. 

  13. 	"code.gitea.io/gitea/models"

  14. 	"code.gitea.io/gitea/modules/git"

  15. 	"code.gitea.io/gitea/modules/log"

  16. 	"code.gitea.io/gitea/modules/setting"

  17. 

  18. 	"gitea.com/macaron/csrf"

  19. 	"gitea.com/macaron/macaron"

  20. )

  21. 

  22. // APIContext is a specific macaron context for API service

  23. type APIContext struct {

  24. 	*Context

  25. 	Org *APIOrganization

  26. }

  27. 

  28. // APIError is error format response

  29. // swagger:response error

  30. type APIError struct {

  31. 	Message string `json:"message"`

  32. 	URL     string `json:"url"`

  33. }

  34. 

  35. // APIValidationError is error format response related to input validation

  36. // swagger:response validationError

  37. type APIValidationError struct {

  38. 	Message string `json:"message"`

  39. 	URL     string `json:"url"`

  40. }

  41. 

  42. //APIEmpty is an empty response

  43. // swagger:response empty

  44. type APIEmpty struct{}

  45. 

  46. //APIForbiddenError is a forbidden error response

  47. // swagger:response forbidden

  48. type APIForbiddenError struct {

  49. 	APIError

  50. }

  51. 

  52. //APINotFound is a not found empty response

  53. // swagger:response notFound

  54. type APINotFound struct{}

  55. 

  56. //APIRedirect is a redirect response

  57. // swagger:response redirect

  58. type APIRedirect struct{}

  59. 

  60. // Error responses error message to client with given message.

  61. // If status is 500, also it prints error to log.

  62. func (ctx *APIContext) Error(status int, title string, obj interface{}) {

  63. 	var message string

  64. 	if err, ok := obj.(error); ok {

  65. 		message = err.Error()

  66. 	} else {

  67. 		message = obj.(string)

  68. 	}

  69. 

  70. 	if status == 500 {

  71. 		log.Error("%s: %s", title, message)

  72. 	}

  73. 

  74. 	ctx.JSON(status, APIError{

  75. 		Message: message,

  76. 		URL:     setting.API.SwaggerURL,

  77. 	})

  78. }

  79. 

  80. func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {

  81. 	page := NewPagination(total, pageSize, curPage, 0)

  82. 	paginater := page.Paginater

  83. 	links := make([]string, 0, 4)

  84. 

  85. 	if paginater.HasNext() {

  86. 		u := *curURL

  87. 		queries := u.Query()

  88. 		queries.Set("page", fmt.Sprintf("%d", paginater.Next()))

  89. 		u.RawQuery = queries.Encode()

  90. 

  91. 		links = append(links, fmt.Sprintf("<%s%s>; rel=\"next\"", setting.AppURL, u.RequestURI()[1:]))

  92. 	}

  93. 	if !paginater.IsLast() {

  94. 		u := *curURL

  95. 		queries := u.Query()

  96. 		queries.Set("page", fmt.Sprintf("%d", paginater.TotalPages()))

  97. 		u.RawQuery = queries.Encode()

  98. 

  99. 		links = append(links, fmt.Sprintf("<%s%s>; rel=\"last\"", setting.AppURL, u.RequestURI()[1:]))

  100. 	}

  101. 	if !paginater.IsFirst() {

  102. 		u := *curURL

  103. 		queries := u.Query()

  104. 		queries.Set("page", "1")

  105. 		u.RawQuery = queries.Encode()

  106. 

  107. 		links = append(links, fmt.Sprintf("<%s%s>; rel=\"first\"", setting.AppURL, u.RequestURI()[1:]))

  108. 	}

  109. 	if paginater.HasPrevious() {

  110. 		u := *curURL

  111. 		queries := u.Query()

  112. 		queries.Set("page", fmt.Sprintf("%d", paginater.Previous()))

  113. 		u.RawQuery = queries.Encode()

  114. 

  115. 		links = append(links, fmt.Sprintf("<%s%s>; rel=\"prev\"", setting.AppURL, u.RequestURI()[1:]))

  116. 	}

  117. 	return links

  118. }

  119. 

  120. // SetLinkHeader sets pagination link header by given total number and page size.

  121. func (ctx *APIContext) SetLinkHeader(total, pageSize int) {

  122. 	links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.QueryInt("page"))

  123. 

  124. 	if len(links) > 0 {

  125. 		ctx.Header().Set("Link", strings.Join(links, ","))

  126. 	}

  127. }

  128. 

  129. // RequireCSRF requires a validated a CSRF token

  130. func (ctx *APIContext) RequireCSRF() {

  131. 	headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())

  132. 	formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())

  133. 	if len(headerToken) > 0 || len(formValueToken) > 0 {

  134. 		csrf.Validate(ctx.Context.Context, ctx.csrf)

  135. 	} else {

  136. 		ctx.Context.Error(401)

  137. 	}

  138. }

  139. 

  140. // CheckForOTP validateds OTP

  141. func (ctx *APIContext) CheckForOTP() {

  142. 	otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")

  143. 	twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)

  144. 	if err != nil {

  145. 		if models.IsErrTwoFactorNotEnrolled(err) {

  146. 			return // No 2FA enrollment for this user

  147. 		}

  148. 		ctx.Context.Error(500)

  149. 		return

  150. 	}

  151. 	ok, err := twofa.ValidateTOTP(otpHeader)

  152. 	if err != nil {

  153. 		ctx.Context.Error(500)

  154. 		return

  155. 	}

  156. 	if !ok {

  157. 		ctx.Context.Error(401)

  158. 		return

  159. 	}

  160. }

  161. 

  162. // APIContexter returns apicontext as macaron middleware

  163. func APIContexter() macaron.Handler {

  164. 	return func(c *Context) {

  165. 		ctx := &APIContext{

  166. 			Context: c,

  167. 		}

  168. 		c.Map(ctx)

  169. 	}

  170. }

  171. 

  172. // ReferencesGitRepo injects the GitRepo into the Context

  173. func ReferencesGitRepo(allowEmpty bool) macaron.Handler {

  174. 	return func(ctx *APIContext) {

  175. 		// Empty repository does not have reference information.

  176. 		if !allowEmpty && ctx.Repo.Repository.IsEmpty {

  177. 			return

  178. 		}

  179. 

  180. 		// For API calls.

  181. 		if ctx.Repo.GitRepo == nil {

  182. 			repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)

  183. 			gitRepo, err := git.OpenRepository(repoPath)

  184. 			if err != nil {

  185. 				ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)

  186. 				return

  187. 			}

  188. 			ctx.Repo.GitRepo = gitRepo

  189. 		}

  190. 	}

  191. }

  192. 

  193. // NotFound handles 404s for APIContext

  194. // String will replace message, errors will be added to a slice

  195. func (ctx *APIContext) NotFound(objs ...interface{}) {

  196. 	var message = "Not Found"

  197. 	var errors []string

  198. 	for _, obj := range objs {

  199. 		if err, ok := obj.(error); ok {

  200. 			errors = append(errors, err.Error())

  201. 		} else {

  202. 			message = obj.(string)

  203. 		}

  204. 	}

  205. 

  206. 	ctx.JSON(404, map[string]interface{}{

  207. 		"message":           message,

  208. 		"documentation_url": setting.API.SwaggerURL,

  209. 		"errors":            errors,

  210. 	})

  211. }