mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17827 Commits
17 Branches
Tree: 4b1063f3db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b1063f3db'
${ noResults }
gitea/services/context/context.go

context.go 8.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package context

  6. 

  7. import (

  8. 	"context"

  9. 	"encoding/hex"

  10. 	"fmt"

  11. 	"html/template"

  12. 	"io"

  13. 	"net/http"

  14. 	"net/url"

  15. 	"strings"

  16. 	"time"

  17. 

  18. 	"code.gitea.io/gitea/models/unit"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/cache"

  21. 	"code.gitea.io/gitea/modules/gitrepo"

  22. 	"code.gitea.io/gitea/modules/httpcache"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	"code.gitea.io/gitea/modules/templates"

  25. 	"code.gitea.io/gitea/modules/translation"

  26. 	"code.gitea.io/gitea/modules/web"

  27. 	"code.gitea.io/gitea/modules/web/middleware"

  28. 	web_types "code.gitea.io/gitea/modules/web/types"

  29. 

  30. 	"gitea.com/go-chi/session"

  31. )

  32. 

  33. // Render represents a template render

  34. type Render interface {

  35. 	TemplateLookup(tmpl string, templateCtx context.Context) (templates.TemplateExecutor, error)

  36. 	HTML(w io.Writer, status int, name string, data any, templateCtx context.Context) error

  37. }

  38. 

  39. // Context represents context of a request.

  40. type Context struct {

  41. 	*Base

  42. 

  43. 	TemplateContext TemplateContext

  44. 

  45. 	Render   Render

  46. 	PageData map[string]any // data used by JavaScript modules in one page, it's `window.config.pageData`

  47. 

  48. 	Cache   cache.StringCache

  49. 	Csrf    CSRFProtector

  50. 	Flash   *middleware.Flash

  51. 	Session session.Store

  52. 

  53. 	Link string // current request URL (without query string)

  54. 

  55. 	Doer        *user_model.User // current signed-in user

  56. 	IsSigned    bool

  57. 	IsBasicAuth bool

  58. 

  59. 	ContextUser *user_model.User // the user which is being visited, in most cases it differs from Doer

  60. 

  61. 	Repo    *Repository

  62. 	Org     *Organization

  63. 	Package *Package

  64. }

  65. 

  66. type TemplateContext map[string]any

  67. 

  68. func init() {

  69. 	web.RegisterResponseStatusProvider[*Context](func(req *http.Request) web_types.ResponseStatusProvider {

  70. 		return req.Context().Value(WebContextKey).(*Context)

  71. 	})

  72. }

  73. 

  74. type webContextKeyType struct{}

  75. 

  76. var WebContextKey = webContextKeyType{}

  77. 

  78. func GetWebContext(req *http.Request) *Context {

  79. 	ctx, _ := req.Context().Value(WebContextKey).(*Context)

  80. 	return ctx

  81. }

  82. 

  83. // ValidateContext is a special context for form validation middleware. It may be different from other contexts.

  84. type ValidateContext struct {

  85. 	*Base

  86. }

  87. 

  88. // GetValidateContext gets a context for middleware form validation

  89. func GetValidateContext(req *http.Request) (ctx *ValidateContext) {

  90. 	if ctxAPI, ok := req.Context().Value(apiContextKey).(*APIContext); ok {

  91. 		ctx = &ValidateContext{Base: ctxAPI.Base}

  92. 	} else if ctxWeb, ok := req.Context().Value(WebContextKey).(*Context); ok {

  93. 		ctx = &ValidateContext{Base: ctxWeb.Base}

  94. 	} else {

  95. 		panic("invalid context, expect either APIContext or Context")

  96. 	}

  97. 	return ctx

  98. }

  99. 

  100. func NewTemplateContextForWeb(ctx *Context) TemplateContext {

  101. 	tmplCtx := NewTemplateContext(ctx)

  102. 	tmplCtx["Locale"] = ctx.Base.Locale

  103. 	tmplCtx["AvatarUtils"] = templates.NewAvatarUtils(ctx)

  104. 	tmplCtx["RootData"] = ctx.Data

  105. 	return tmplCtx

  106. }

  107. 

  108. func NewWebContext(base *Base, render Render, session session.Store) *Context {

  109. 	ctx := &Context{

  110. 		Base:    base,

  111. 		Render:  render,

  112. 		Session: session,

  113. 

  114. 		Cache: cache.GetCache(),

  115. 		Link:  setting.AppSubURL + strings.TrimSuffix(base.Req.URL.EscapedPath(), "/"),

  116. 		Repo:  &Repository{PullRequest: &PullRequest{}},

  117. 		Org:   &Organization{},

  118. 	}

  119. 	ctx.TemplateContext = NewTemplateContextForWeb(ctx)

  120. 	ctx.Flash = &middleware.Flash{DataStore: ctx, Values: url.Values{}}

  121. 	return ctx

  122. }

  123. 

  124. // Contexter initializes a classic context for a request.

  125. func Contexter() func(next http.Handler) http.Handler {

  126. 	rnd := templates.HTMLRenderer()

  127. 	csrfOpts := CsrfOptions{

  128. 		Secret:         hex.EncodeToString(setting.GetGeneralTokenSigningSecret()),

  129. 		Cookie:         setting.CSRFCookieName,

  130. 		SetCookie:      true,

  131. 		Secure:         setting.SessionConfig.Secure,

  132. 		CookieHTTPOnly: setting.CSRFCookieHTTPOnly,

  133. 		Header:         "X-Csrf-Token",

  134. 		CookieDomain:   setting.SessionConfig.Domain,

  135. 		CookiePath:     setting.SessionConfig.CookiePath,

  136. 		SameSite:       setting.SessionConfig.SameSite,

  137. 	}

  138. 	if !setting.IsProd {

  139. 		CsrfTokenRegenerationInterval = 5 * time.Second // in dev, re-generate the tokens more aggressively for debug purpose

  140. 	}

  141. 	return func(next http.Handler) http.Handler {

  142. 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {

  143. 			base, baseCleanUp := NewBaseContext(resp, req)

  144. 			defer baseCleanUp()

  145. 			ctx := NewWebContext(base, rnd, session.GetSession(req))

  146. 

  147. 			ctx.Data.MergeFrom(middleware.CommonTemplateContextData())

  148. 			ctx.Data["Context"] = ctx // TODO: use "ctx" in template and remove this

  149. 			ctx.Data["CurrentURL"] = setting.AppSubURL + req.URL.RequestURI()

  150. 			ctx.Data["Link"] = ctx.Link

  151. 

  152. 			// PageData is passed by reference, and it will be rendered to `window.config.pageData` in `head.tmpl` for JavaScript modules

  153. 			ctx.PageData = map[string]any{}

  154. 			ctx.Data["PageData"] = ctx.PageData

  155. 

  156. 			ctx.Base.AppendContextValue(WebContextKey, ctx)

  157. 			ctx.Base.AppendContextValueFunc(gitrepo.RepositoryContextKey, func() any { return ctx.Repo.GitRepo })

  158. 

  159. 			ctx.Csrf = PrepareCSRFProtector(csrfOpts, ctx)

  160. 

  161. 			// Get the last flash message from cookie

  162. 			lastFlashCookie := middleware.GetSiteCookie(ctx.Req, CookieNameFlash)

  163. 			if vals, _ := url.ParseQuery(lastFlashCookie); len(vals) > 0 {

  164. 				// store last Flash message into the template data, to render it

  165. 				ctx.Data["Flash"] = &middleware.Flash{

  166. 					DataStore:  ctx,

  167. 					Values:     vals,

  168. 					ErrorMsg:   vals.Get("error"),

  169. 					SuccessMsg: vals.Get("success"),

  170. 					InfoMsg:    vals.Get("info"),

  171. 					WarningMsg: vals.Get("warning"),

  172. 				}

  173. 			}

  174. 

  175. 			// if there are new messages in the ctx.Flash, write them into cookie

  176. 			ctx.Resp.Before(func(resp ResponseWriter) {

  177. 				if val := ctx.Flash.Encode(); val != "" {

  178. 					middleware.SetSiteCookie(ctx.Resp, CookieNameFlash, val, 0)

  179. 				} else if lastFlashCookie != "" {

  180. 					middleware.SetSiteCookie(ctx.Resp, CookieNameFlash, "", -1)

  181. 				}

  182. 			})

  183. 

  184. 			// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.

  185. 			if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {

  186. 				if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size

  187. 					ctx.ServerError("ParseMultipartForm", err)

  188. 					return

  189. 				}

  190. 			}

  191. 

  192. 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")

  193. 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

  194. 

  195. 			ctx.Data["SystemConfig"] = setting.Config()

  196. 			ctx.Data["CsrfToken"] = ctx.Csrf.GetToken()

  197. 			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)

  198. 

  199. 			// FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these

  200. 			ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  201. 			ctx.Data["DisableStars"] = setting.Repository.DisableStars

  202. 			ctx.Data["EnableActions"] = setting.Actions.Enabled

  203. 

  204. 			ctx.Data["ManifestData"] = setting.ManifestData

  205. 

  206. 			ctx.Data["UnitWikiGlobalDisabled"] = unit.TypeWiki.UnitGlobalDisabled()

  207. 			ctx.Data["UnitIssuesGlobalDisabled"] = unit.TypeIssues.UnitGlobalDisabled()

  208. 			ctx.Data["UnitPullsGlobalDisabled"] = unit.TypePullRequests.UnitGlobalDisabled()

  209. 			ctx.Data["UnitProjectsGlobalDisabled"] = unit.TypeProjects.UnitGlobalDisabled()

  210. 			ctx.Data["UnitActionsGlobalDisabled"] = unit.TypeActions.UnitGlobalDisabled()

  211. 

  212. 			ctx.Data["AllLangs"] = translation.AllLangs()

  213. 

  214. 			next.ServeHTTP(ctx.Resp, ctx.Req)

  215. 		})

  216. 	}

  217. }

  218. 

  219. // HasError returns true if error occurs in form validation.

  220. // Attention: this function changes ctx.Data and ctx.Flash

  221. func (ctx *Context) HasError() bool {

  222. 	hasErr, ok := ctx.Data["HasError"]

  223. 	if !ok {

  224. 		return false

  225. 	}

  226. 	ctx.Flash.ErrorMsg = ctx.GetErrMsg()

  227. 	ctx.Data["Flash"] = ctx.Flash

  228. 	return hasErr.(bool)

  229. }

  230. 

  231. // GetErrMsg returns error message in form validation.

  232. func (ctx *Context) GetErrMsg() string {

  233. 	msg, _ := ctx.Data["ErrorMsg"].(string)

  234. 	if msg == "" {

  235. 		msg = "invalid form data"

  236. 	}

  237. 	return msg

  238. }

  239. 

  240. func (ctx *Context) JSONRedirect(redirect string) {

  241. 	ctx.JSON(http.StatusOK, map[string]any{"redirect": redirect})

  242. }

  243. 

  244. func (ctx *Context) JSONOK() {

  245. 	ctx.JSON(http.StatusOK, map[string]any{"ok": true}) // this is only a dummy response, frontend seldom uses it

  246. }

  247. 

  248. func (ctx *Context) JSONError(msg any) {

  249. 	switch v := msg.(type) {

  250. 	case string:

  251. 		ctx.JSON(http.StatusBadRequest, map[string]any{"errorMessage": v, "renderFormat": "text"})

  252. 	case template.HTML:

  253. 		ctx.JSON(http.StatusBadRequest, map[string]any{"errorMessage": v, "renderFormat": "html"})

  254. 	default:

  255. 		panic(fmt.Sprintf("unsupported type: %T", msg))

  256. 	}

  257. }