gitea/modules/markup/html.go

// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package markup

import (
	"bytes"
	"fmt"
	"io"
	"net/url"
	"path"
	"path/filepath"
	"regexp"
	"strings"

	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"

	"github.com/Unknwon/com"
	"golang.org/x/net/html"
)

// Issue name styles
const (
	IssueNameStyleNumeric      = "numeric"
	IssueNameStyleAlphanumeric = "alphanumeric"
)

var (
	// NOTE: All below regex matching do not perform any extra validation.
	// Thus a link is produced even if the linked entity does not exist.
	// While fast, this is also incorrect and lead to false positives.
	// TODO: fix invalid linking issue

	// MentionPattern matches string that mentions someone, e.g. @Unknwon
	MentionPattern = regexp.MustCompile(`(\s|^|\W)@[0-9a-zA-Z-_\.]+`)

	// IssueNumericPattern matches string that references to a numeric issue, e.g. #1287
	IssueNumericPattern = regexp.MustCompile(`( |^|\()#[0-9]+\b`)
	// IssueAlphanumericPattern matches string that references to an alphanumeric issue, e.g. ABC-1234
	IssueAlphanumericPattern = regexp.MustCompile(`( |^|\()[A-Z]{1,10}-[1-9][0-9]*\b`)
	// CrossReferenceIssueNumericPattern matches string that references a numeric issue in a different repository
	// e.g. gogits/gogs#12345
	CrossReferenceIssueNumericPattern = regexp.MustCompile(`( |^)[0-9a-zA-Z]+/[0-9a-zA-Z]+#[0-9]+\b`)

	// Sha1CurrentPattern matches string that represents a commit SHA, e.g. d8a994ef243349f321568f9e36d5c3f444b99cae
	// Although SHA1 hashes are 40 chars long, the regex matches the hash from 7 to 40 chars in length
	// so that abbreviated hash links can be used as well. This matches git and github useability.
	Sha1CurrentPattern = regexp.MustCompile(`(?:^|\s|\()([0-9a-f]{7,40})\b`)

	// ShortLinkPattern matches short but difficult to parse [[name|link|arg=test]] syntax
	ShortLinkPattern = regexp.MustCompile(`(\[\[.*?\]\]\w*)`)

	// AnySHA1Pattern allows to split url containing SHA into parts
	AnySHA1Pattern = regexp.MustCompile(`(http\S*)://(\S+)/(\S+)/(\S+)/(\S+)/([0-9a-f]{40})(?:/?([^#\s]+)?(?:#(\S+))?)?`)

	validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
)

// regexp for full links to issues/pulls
var issueFullPattern *regexp.Regexp

// IsLink reports whether link fits valid format.
func IsLink(link []byte) bool {
	return isLink(link)
}

// isLink reports whether link fits valid format.
func isLink(link []byte) bool {
	return validLinksPattern.Match(link)
}

func getIssueFullPattern() *regexp.Regexp {
	if issueFullPattern == nil {
		appURL := setting.AppURL
		if len(appURL) > 0 && appURL[len(appURL)-1] != '/' {
			appURL += "/"
		}
		issueFullPattern = regexp.MustCompile(appURL +
			`\w+/\w+/(?:issues|pulls)/((?:\w{1,10}-)?[1-9][0-9]*)([\?|#]\S+.(\S+)?)?\b`)
	}
	return issueFullPattern
}

// FindAllMentions matches mention patterns in given content
// and returns a list of found user names without @ prefix.
func FindAllMentions(content string) []string {
	mentions := MentionPattern.FindAllString(content, -1)
	for i := range mentions {
		mentions[i] = mentions[i][strings.Index(mentions[i], "@")+1:] // Strip @ character
	}
	return mentions
}

// cutoutVerbosePrefix cutouts URL prefix including sub-path to
// return a clean unified string of request URL path.
func cutoutVerbosePrefix(prefix string) string {
	if len(prefix) == 0 || prefix[0] != '/' {
		return prefix
	}
	count := 0
	for i := 0; i < len(prefix); i++ {
		if prefix[i] == '/' {
			count++
		}
		if count >= 3+setting.AppSubURLDepth {
			return prefix[:i]
		}
	}
	return prefix
}

// URLJoin joins url components, like path.Join, but preserving contents
func URLJoin(base string, elems ...string) string {
	u, err := url.Parse(base)
	if err != nil {
		log.Error(4, "URLJoin: Invalid base URL %s", base)
		return ""
	}
	joinArgs := make([]string, 0, len(elems)+1)
	joinArgs = append(joinArgs, u.Path)
	joinArgs = append(joinArgs, elems...)
	u.Path = path.Join(joinArgs...)
	return u.String()
}

// RenderIssueIndexPatternOptions options for RenderIssueIndexPattern function
type RenderIssueIndexPatternOptions struct {
	// url to which non-special formatting should be linked. If empty,
	// no such links will be added
	DefaultURL string
	URLPrefix  string
	Metas      map[string]string
}

// addText add text to the given buffer, adding a link to the default url
// if appropriate
func (opts RenderIssueIndexPatternOptions) addText(text []byte, buf *bytes.Buffer) {
	if len(text) == 0 {
		return
	} else if len(opts.DefaultURL) == 0 {
		buf.Write(text)
		return
	}
	buf.WriteString(`<a rel="nofollow" href="`)
	buf.WriteString(opts.DefaultURL)
	buf.WriteString(`">`)
	buf.Write(text)
	buf.WriteString(`</a>`)
}

// RenderIssueIndexPattern renders issue indexes to corresponding links.
func RenderIssueIndexPattern(rawBytes []byte, opts RenderIssueIndexPatternOptions) []byte {
	opts.URLPrefix = cutoutVerbosePrefix(opts.URLPrefix)

	pattern := IssueNumericPattern
	if opts.Metas["style"] == IssueNameStyleAlphanumeric {
		pattern = IssueAlphanumericPattern
	}

	var buf bytes.Buffer
	remainder := rawBytes
	for {
		indices := pattern.FindIndex(remainder)
		if indices == nil || len(indices) < 2 {
			opts.addText(remainder, &buf)
			return buf.Bytes()
		}
		startIndex := indices[0]
		endIndex := indices[1]
		opts.addText(remainder[:startIndex], &buf)
		if remainder[startIndex] == '(' || remainder[startIndex] == ' ' {
			buf.WriteByte(remainder[startIndex])
			startIndex++
		}
		if opts.Metas == nil {
			buf.WriteString(`<a href="`)
			buf.WriteString(URLJoin(
				opts.URLPrefix, "issues", string(remainder[startIndex+1:endIndex])))
			buf.WriteString(`">`)
			buf.Write(remainder[startIndex:endIndex])
			buf.WriteString(`</a>`)
		} else {
			// Support for external issue tracker
			buf.WriteString(`<a href="`)
			if opts.Metas["style"] == IssueNameStyleAlphanumeric {
				opts.Metas["index"] = string(remainder[startIndex:endIndex])
			} else {
				opts.Metas["index"] = string(remainder[startIndex+1 : endIndex])
			}
			buf.WriteString(com.Expand(opts.Metas["format"], opts.Metas))
			buf.WriteString(`">`)
			buf.Write(remainder[startIndex:endIndex])
			buf.WriteString(`</a>`)
		}
		if endIndex < len(remainder) &&
			(remainder[endIndex] == ')' || remainder[endIndex] == ' ') {
			buf.WriteByte(remainder[endIndex])
			endIndex++
		}
		remainder = remainder[endIndex:]
	}
}

// IsSameDomain checks if given url string has the same hostname as current Gitea instance
func IsSameDomain(s string) bool {
	if strings.HasPrefix(s, "/") {
		return true
	}
	if uapp, err := url.Parse(setting.AppURL); err == nil {
		if u, err := url.Parse(s); err == nil {
			return u.Host == uapp.Host
		}
		return false
	}
	return false
}

// renderFullSha1Pattern renders SHA containing URLs
func renderFullSha1Pattern(rawBytes []byte, urlPrefix string) []byte {
	ms := AnySHA1Pattern.FindAllSubmatch(rawBytes, -1)
	for _, m := range ms {
		all := m[0]
		protocol := string(m[1])
		paths := string(m[2])
		path := protocol + "://" + paths
		author := string(m[3])
		repoName := string(m[4])
		path = URLJoin(path, author, repoName)
		ltype := "src"
		itemType := m[5]
		if IsSameDomain(paths) {
			ltype = string(itemType)
		} else if string(itemType) == "commit" {
			ltype = "commit"
		}
		sha := m[6]
		var subtree string
		if len(m) > 7 && len(m[7]) > 0 {
			subtree = string(m[7])
		}
		var line []byte
		if len(m) > 8 && len(m[8]) > 0 {
			line = m[8]
		}
		urlSuffix := ""
		text := base.ShortSha(string(sha))
		if subtree != "" {
			urlSuffix = "/" + subtree
			text += urlSuffix
		}
		if line != nil {
			value := string(line)
			urlSuffix += "#"
			urlSuffix += value
			text += " ("
			text += value
			text += ")"
		}
		rawBytes = bytes.Replace(rawBytes, all, []byte(fmt.Sprintf(
			`<a href="%s">%s</a>`, URLJoin(path, ltype, string(sha))+urlSuffix, text)), -1)
	}
	return rawBytes
}

// RenderFullIssuePattern renders issues-like URLs
func RenderFullIssuePattern(rawBytes []byte) []byte {
	ms := getIssueFullPattern().FindAllSubmatch(rawBytes, -1)
	for _, m := range ms {
		all := m[0]
		id := string(m[1])
		text := "#" + id
		// TODO if m[2] is not nil, then link is to a comment,
		// and we should indicate that in the text somehow
		rawBytes = bytes.Replace(rawBytes, all, []byte(fmt.Sprintf(
			`<a href="%s">%s</a>`, string(all), text)), -1)
	}
	return rawBytes
}

func firstIndexOfByte(sl []byte, target byte) int {
	for i := 0; i < len(sl); i++ {
		if sl[i] == target {
			return i
		}
	}
	return -1
}

func lastIndexOfByte(sl []byte, target byte) int {
	for i := len(sl) - 1; i >= 0; i-- {
		if sl[i] == target {
			return i
		}
	}
	return -1
}

// RenderShortLinks processes [[syntax]]
//
// noLink flag disables making link tags when set to true
// so this function just replaces the whole [[...]] with the content text
//
// isWikiMarkdown is a flag to choose linking url prefix
func RenderShortLinks(rawBytes []byte, urlPrefix string, noLink bool, isWikiMarkdown bool) []byte {
	ms := ShortLinkPattern.FindAll(rawBytes, -1)
	for _, m := range ms {
		orig := bytes.TrimSpace(m)
		m = orig[2:]
		tailPos := lastIndexOfByte(m, ']') + 1
		tail := []byte{}
		if tailPos < len(m) {
			tail = m[tailPos:]
			m = m[:tailPos-1]
		}
		m = m[:len(m)-2]
		props := map[string]string{}

		// MediaWiki uses [[link|text]], while GitHub uses [[text|link]]
		// It makes page handling terrible, but we prefer GitHub syntax
		// And fall back to MediaWiki only when it is obvious from the look
		// Of text and link contents
		sl := bytes.Split(m, []byte("|"))
		for _, v := range sl {
			switch bytes.Count(v, []byte("=")) {

			// Piped args without = sign, these are mandatory arguments
			case 0:
				{
					sv := string(v)
					if props["name"] == "" {
						if isLink(v) {
							// If we clearly see it is a link, we save it so

							// But first we need to ensure, that if both mandatory args provided
							// look like links, we stick to GitHub syntax
							if props["link"] != "" {
								props["name"] = props["link"]
							}

							props["link"] = strings.TrimSpace(sv)
						} else {
							props["name"] = sv
						}
					} else {
						props["link"] = strings.TrimSpace(sv)
					}
				}

			// Piped args with = sign, these are optional arguments
			case 1:
				{
					sep := firstIndexOfByte(v, '=')
					key, val := string(v[:sep]), html.UnescapeString(string(v[sep+1:]))
					lastCharIndex := len(val) - 1
					if (val[0] == '"' || val[0] == '\'') && (val[lastCharIndex] == '"' || val[lastCharIndex] == '\'') {
						val = val[1:lastCharIndex]
					}
					props[key] = val
				}
			}
		}

		var name string
		var link string
		if props["link"] != "" {
			link = props["link"]
		} else if props["name"] != "" {
			link = props["name"]
		}
		if props["title"] != "" {
			name = props["title"]
		} else if props["name"] != "" {
			name = props["name"]
		} else {
			name = link
		}

		name += string(tail)
		image := false
		ext := filepath.Ext(string(link))
		if ext != "" {
			switch ext {
			case ".jpg", ".jpeg", ".png", ".tif", ".tiff", ".webp", ".gif", ".bmp", ".ico", ".svg":
				{
					image = true
				}
			}
		}
		absoluteLink := isLink([]byte(link))
		if !absoluteLink {
			link = strings.Replace(link, " ", "+", -1)
		}
		if image {
			if !absoluteLink {
				if IsSameDomain(urlPrefix) {
					urlPrefix = strings.Replace(urlPrefix, "/src/", "/raw/", 1)
				}
				if isWikiMarkdown {
					link = URLJoin("wiki", "raw", link)
				}
				link = URLJoin(urlPrefix, link)
			}
			title := props["title"]
			if title == "" {
				title = props["alt"]
			}
			if title == "" {
				title = path.Base(string(name))
			}
			alt := props["alt"]
			if alt == "" {
				alt = name
			}
			if alt != "" {
				alt = `alt="` + alt + `"`
			}
			name = fmt.Sprintf(`<img src="%s" %s title="%s" />`, link, alt, title)
		} else if !absoluteLink {
			if isWikiMarkdown {
				link = URLJoin("wiki", link)
			}
			link = URLJoin(urlPrefix, link)
		}
		if noLink {
			rawBytes = bytes.Replace(rawBytes, orig, []byte(name), -1)
		} else {
			rawBytes = bytes.Replace(rawBytes, orig,
				[]byte(fmt.Sprintf(`<a href="%s">%s</a>`, link, name)), -1)
		}
	}
	return rawBytes
}

// RenderCrossReferenceIssueIndexPattern renders issue indexes from other repositories to corresponding links.
func RenderCrossReferenceIssueIndexPattern(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
	ms := CrossReferenceIssueNumericPattern.FindAll(rawBytes, -1)
	for _, m := range ms {
		if m[0] == ' ' || m[0] == '(' {
			m = m[1:] // ignore leading space or opening parentheses
		}

		repo := string(bytes.Split(m, []byte("#"))[0])
		issue := string(bytes.Split(m, []byte("#"))[1])

		link := fmt.Sprintf(`<a href="%s">%s</a>`, URLJoin(setting.AppURL, repo, "issues", issue), m)
		rawBytes = bytes.Replace(rawBytes, m, []byte(link), 1)
	}
	return rawBytes
}

// renderSha1CurrentPattern renders SHA1 strings to corresponding links that assumes in the same repository.
func renderSha1CurrentPattern(rawBytes []byte, urlPrefix string) []byte {
	ms := Sha1CurrentPattern.FindAllSubmatch(rawBytes, -1)
	for _, m := range ms {
		hash := m[1]
		// The regex does not lie, it matches the hash pattern.
		// However, a regex cannot know if a hash actually exists or not.
		// We could assume that a SHA1 hash should probably contain alphas AND numerics
		// but that is not always the case.
		// Although unlikely, deadbeef and 1234567 are valid short forms of SHA1 hash
		// as used by git and github for linking and thus we have to do similar.
		rawBytes = bytes.Replace(rawBytes, hash, []byte(fmt.Sprintf(
			`<a href="%s">%s</a>`, URLJoin(urlPrefix, "commit", string(hash)), base.ShortSha(string(hash)))), -1)
	}
	return rawBytes
}

// RenderSpecialLink renders mentions, indexes and SHA1 strings to corresponding links.
func RenderSpecialLink(rawBytes []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) []byte {
	ms := MentionPattern.FindAll(rawBytes, -1)
	for _, m := range ms {
		m = m[bytes.Index(m, []byte("@")):]
		rawBytes = bytes.Replace(rawBytes, m,
			[]byte(fmt.Sprintf(`<a href="%s">%s</a>`, URLJoin(setting.AppURL, string(m[1:])), m)), -1)
	}

	rawBytes = RenderFullIssuePattern(rawBytes)
	rawBytes = RenderShortLinks(rawBytes, urlPrefix, false, isWikiMarkdown)
	rawBytes = RenderIssueIndexPattern(rawBytes, RenderIssueIndexPatternOptions{
		URLPrefix: urlPrefix,
		Metas:     metas,
	})
	rawBytes = RenderCrossReferenceIssueIndexPattern(rawBytes, urlPrefix, metas)
	rawBytes = renderFullSha1Pattern(rawBytes, urlPrefix)
	rawBytes = renderSha1CurrentPattern(rawBytes, urlPrefix)
	return rawBytes
}

var (
	leftAngleBracket  = []byte("</")
	rightAngleBracket = []byte(">")
)

var noEndTags = []string{"img", "input", "br", "hr"}

// PostProcess treats different types of HTML differently,
// and only renders special links for plain text blocks.
func PostProcess(rawHTML []byte, urlPrefix string, metas map[string]string, isWikiMarkdown bool) []byte {
	startTags := make([]string, 0, 5)
	var buf bytes.Buffer
	tokenizer := html.NewTokenizer(bytes.NewReader(rawHTML))

OUTER_LOOP:
	for html.ErrorToken != tokenizer.Next() {
		token := tokenizer.Token()
		switch token.Type {
		case html.TextToken:
			buf.Write(RenderSpecialLink([]byte(token.String()), urlPrefix, metas, isWikiMarkdown))

		case html.StartTagToken:
			buf.WriteString(token.String())
			tagName := token.Data
			// If this is an excluded tag, we skip processing all output until a close tag is encountered.
			if strings.EqualFold("a", tagName) || strings.EqualFold("code", tagName) || strings.EqualFold("pre", tagName) {
				stackNum := 1
				for html.ErrorToken != tokenizer.Next() {
					token = tokenizer.Token()

					// Copy the token to the output verbatim
					buf.Write(RenderShortLinks([]byte(token.String()), urlPrefix, true, isWikiMarkdown))

					if token.Type == html.StartTagToken && !com.IsSliceContainsStr(noEndTags, token.Data) {
						stackNum++
					}

					// If this is the close tag to the outer-most, we are done
					if token.Type == html.EndTagToken {
						stackNum--

						if stackNum <= 0 && strings.EqualFold(tagName, token.Data) {
							break
						}
					}
				}
				continue OUTER_LOOP
			}

			if !com.IsSliceContainsStr(noEndTags, tagName) {
				startTags = append(startTags, tagName)
			}

		case html.EndTagToken:
			if len(startTags) == 0 {
				buf.WriteString(token.String())
				break
			}

			buf.Write(leftAngleBracket)
			buf.WriteString(startTags[len(startTags)-1])
			buf.Write(rightAngleBracket)
			startTags = startTags[:len(startTags)-1]
		default:
			buf.WriteString(token.String())
		}
	}

	if io.EOF == tokenizer.Err() {
		return buf.Bytes()
	}

	// If we are not at the end of the input, then some other parsing error has occurred,
	// so return the input verbatim.
	return rawHTML
}