mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10912 Commits
17 Branches
Tree: bc05ddc0eb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bc05ddc0eb'
${ noResults }
gitea/modules/context/context.go

context.go 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package context

  7. 

  8. import (

  9. 	"html"

  10. 	"html/template"

  11. 	"io"

  12. 	"net/http"

  13. 	"net/url"

  14. 	"path"

  15. 	"strings"

  16. 	"time"

  17. 

  18. 	"code.gitea.io/gitea/models"

  19. 	"code.gitea.io/gitea/modules/auth"

  20. 	"code.gitea.io/gitea/modules/auth/sso"

  21. 	"code.gitea.io/gitea/modules/base"

  22. 	"code.gitea.io/gitea/modules/log"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	"code.gitea.io/gitea/modules/util"

  25. 

  26. 	"gitea.com/macaron/cache"

  27. 	"gitea.com/macaron/csrf"

  28. 	"gitea.com/macaron/i18n"

  29. 	"gitea.com/macaron/macaron"

  30. 	"gitea.com/macaron/session"

  31. 	"github.com/unknwon/com"

  32. )

  33. 

  34. // Context represents context of a request.

  35. type Context struct {

  36. 	*macaron.Context

  37. 	Cache   cache.Cache

  38. 	csrf    csrf.CSRF

  39. 	Flash   *session.Flash

  40. 	Session session.Store

  41. 

  42. 	Link        string // current request URL

  43. 	EscapedLink string

  44. 	User        *models.User

  45. 	IsSigned    bool

  46. 	IsBasicAuth bool

  47. 

  48. 	Repo *Repository

  49. 	Org  *Organization

  50. }

  51. 

  52. // GetData returns the data

  53. func (ctx *Context) GetData() map[string]interface{} {

  54. 	return ctx.Data

  55. }

  56. 

  57. // IsUserSiteAdmin returns true if current user is a site admin

  58. func (ctx *Context) IsUserSiteAdmin() bool {

  59. 	return ctx.IsSigned && ctx.User.IsAdmin

  60. }

  61. 

  62. // IsUserRepoOwner returns true if current user owns current repo

  63. func (ctx *Context) IsUserRepoOwner() bool {

  64. 	return ctx.Repo.IsOwner()

  65. }

  66. 

  67. // IsUserRepoAdmin returns true if current user is admin in current repo

  68. func (ctx *Context) IsUserRepoAdmin() bool {

  69. 	return ctx.Repo.IsAdmin()

  70. }

  71. 

  72. // IsUserRepoWriter returns true if current user has write privilege in current repo

  73. func (ctx *Context) IsUserRepoWriter(unitTypes []models.UnitType) bool {

  74. 	for _, unitType := range unitTypes {

  75. 		if ctx.Repo.CanWrite(unitType) {

  76. 			return true

  77. 		}

  78. 	}

  79. 

  80. 	return false

  81. }

  82. 

  83. // IsUserRepoReaderSpecific returns true if current user can read current repo's specific part

  84. func (ctx *Context) IsUserRepoReaderSpecific(unitType models.UnitType) bool {

  85. 	return ctx.Repo.CanRead(unitType)

  86. }

  87. 

  88. // IsUserRepoReaderAny returns true if current user can read any part of current repo

  89. func (ctx *Context) IsUserRepoReaderAny() bool {

  90. 	return ctx.Repo.HasAccess()

  91. }

  92. 

  93. // RedirectToUser redirect to a differently-named user

  94. func RedirectToUser(ctx *Context, userName string, redirectUserID int64) {

  95. 	user, err := models.GetUserByID(redirectUserID)

  96. 	if err != nil {

  97. 		ctx.ServerError("GetUserByID", err)

  98. 		return

  99. 	}

  100. 

  101. 	redirectPath := strings.Replace(

  102. 		ctx.Req.URL.Path,

  103. 		userName,

  104. 		user.Name,

  105. 		1,

  106. 	)

  107. 	if ctx.Req.URL.RawQuery != "" {

  108. 		redirectPath += "?" + ctx.Req.URL.RawQuery

  109. 	}

  110. 	ctx.Redirect(path.Join(setting.AppSubURL, redirectPath))

  111. }

  112. 

  113. // HasAPIError returns true if error occurs in form validation.

  114. func (ctx *Context) HasAPIError() bool {

  115. 	hasErr, ok := ctx.Data["HasError"]

  116. 	if !ok {

  117. 		return false

  118. 	}

  119. 	return hasErr.(bool)

  120. }

  121. 

  122. // GetErrMsg returns error message

  123. func (ctx *Context) GetErrMsg() string {

  124. 	return ctx.Data["ErrorMsg"].(string)

  125. }

  126. 

  127. // HasError returns true if error occurs in form validation.

  128. func (ctx *Context) HasError() bool {

  129. 	hasErr, ok := ctx.Data["HasError"]

  130. 	if !ok {

  131. 		return false

  132. 	}

  133. 	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)

  134. 	ctx.Data["Flash"] = ctx.Flash

  135. 	return hasErr.(bool)

  136. }

  137. 

  138. // HasValue returns true if value of given name exists.

  139. func (ctx *Context) HasValue(name string) bool {

  140. 	_, ok := ctx.Data[name]

  141. 	return ok

  142. }

  143. 

  144. // RedirectToFirst redirects to first not empty URL

  145. func (ctx *Context) RedirectToFirst(location ...string) {

  146. 	for _, loc := range location {

  147. 		if len(loc) == 0 {

  148. 			continue

  149. 		}

  150. 

  151. 		u, err := url.Parse(loc)

  152. 		if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {

  153. 			continue

  154. 		}

  155. 

  156. 		ctx.Redirect(loc)

  157. 		return

  158. 	}

  159. 

  160. 	ctx.Redirect(setting.AppSubURL + "/")

  161. }

  162. 

  163. // HTML calls Context.HTML and converts template name to string.

  164. func (ctx *Context) HTML(status int, name base.TplName) {

  165. 	log.Debug("Template: %s", name)

  166. 	ctx.Context.HTML(status, string(name))

  167. }

  168. 

  169. // RenderWithErr used for page has form validation but need to prompt error to users.

  170. func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {

  171. 	if form != nil {

  172. 		auth.AssignForm(form, ctx.Data)

  173. 	}

  174. 	ctx.Flash.ErrorMsg = msg

  175. 	ctx.Data["Flash"] = ctx.Flash

  176. 	ctx.HTML(200, tpl)

  177. }

  178. 

  179. // NotFound displays a 404 (Not Found) page and prints the given error, if any.

  180. func (ctx *Context) NotFound(title string, err error) {

  181. 	ctx.notFoundInternal(title, err)

  182. }

  183. 

  184. func (ctx *Context) notFoundInternal(title string, err error) {

  185. 	if err != nil {

  186. 		log.ErrorWithSkip(2, "%s: %v", title, err)

  187. 		if macaron.Env != macaron.PROD {

  188. 			ctx.Data["ErrorMsg"] = err

  189. 		}

  190. 	}

  191. 

  192. 	ctx.Data["IsRepo"] = ctx.Repo.Repository != nil

  193. 	ctx.Data["Title"] = "Page Not Found"

  194. 	ctx.HTML(http.StatusNotFound, base.TplName("status/404"))

  195. }

  196. 

  197. // ServerError displays a 500 (Internal Server Error) page and prints the given

  198. // error, if any.

  199. func (ctx *Context) ServerError(title string, err error) {

  200. 	ctx.serverErrorInternal(title, err)

  201. }

  202. 

  203. func (ctx *Context) serverErrorInternal(title string, err error) {

  204. 	if err != nil {

  205. 		log.ErrorWithSkip(2, "%s: %v", title, err)

  206. 		if macaron.Env != macaron.PROD {

  207. 			ctx.Data["ErrorMsg"] = err

  208. 		}

  209. 	}

  210. 

  211. 	ctx.Data["Title"] = "Internal Server Error"

  212. 	ctx.HTML(http.StatusInternalServerError, base.TplName("status/500"))

  213. }

  214. 

  215. // NotFoundOrServerError use error check function to determine if the error

  216. // is about not found. It responses with 404 status code for not found error,

  217. // or error context description for logging purpose of 500 server error.

  218. func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool, err error) {

  219. 	if errck(err) {

  220. 		ctx.notFoundInternal(title, err)

  221. 		return

  222. 	}

  223. 

  224. 	ctx.serverErrorInternal(title, err)

  225. }

  226. 

  227. // HandleText handles HTTP status code

  228. func (ctx *Context) HandleText(status int, title string) {

  229. 	if (status/100 == 4) || (status/100 == 5) {

  230. 		log.Error("%s", title)

  231. 	}

  232. 	ctx.PlainText(status, []byte(title))

  233. }

  234. 

  235. // ServeContent serves content to http request

  236. func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {

  237. 	modtime := time.Now()

  238. 	for _, p := range params {

  239. 		switch v := p.(type) {

  240. 		case time.Time:

  241. 			modtime = v

  242. 		}

  243. 	}

  244. 	ctx.Resp.Header().Set("Content-Description", "File Transfer")

  245. 	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")

  246. 	ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)

  247. 	ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")

  248. 	ctx.Resp.Header().Set("Expires", "0")

  249. 	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")

  250. 	ctx.Resp.Header().Set("Pragma", "public")

  251. 	ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")

  252. 	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)

  253. }

  254. 

  255. // Contexter initializes a classic context for a request.

  256. func Contexter() macaron.Handler {

  257. 	return func(c *macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f *session.Flash, x csrf.CSRF) {

  258. 		ctx := &Context{

  259. 			Context: c,

  260. 			Cache:   cache,

  261. 			csrf:    x,

  262. 			Flash:   f,

  263. 			Session: sess,

  264. 			Link:    setting.AppSubURL + strings.TrimSuffix(c.Req.URL.EscapedPath(), "/"),

  265. 			Repo: &Repository{

  266. 				PullRequest: &PullRequest{},

  267. 			},

  268. 			Org: &Organization{},

  269. 		}

  270. 		ctx.Data["Language"] = ctx.Locale.Language()

  271. 		c.Data["Link"] = ctx.Link

  272. 		ctx.Data["CurrentURL"] = setting.AppSubURL + c.Req.URL.RequestURI()

  273. 		ctx.Data["PageStartTime"] = time.Now()

  274. 		// Quick responses appropriate go-get meta with status 200

  275. 		// regardless of if user have access to the repository,

  276. 		// or the repository does not exist at all.

  277. 		// This is particular a workaround for "go get" command which does not respect

  278. 		// .netrc file.

  279. 		if ctx.Query("go-get") == "1" {

  280. 			ownerName := c.Params(":username")

  281. 			repoName := c.Params(":reponame")

  282. 			trimmedRepoName := strings.TrimSuffix(repoName, ".git")

  283. 

  284. 			if ownerName == "" || trimmedRepoName == "" {

  285. 				_, _ = c.Write([]byte(`<!doctype html>

  286. <html>

  287. 	<body>

  288. 		invalid import path

  289. 	</body>

  290. </html>

  291. `))

  292. 				c.WriteHeader(400)

  293. 				return

  294. 			}

  295. 			branchName := "master"

  296. 

  297. 			repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)

  298. 			if err == nil && len(repo.DefaultBranch) > 0 {

  299. 				branchName = repo.DefaultBranch

  300. 			}

  301. 			prefix := setting.AppURL + path.Join(url.PathEscape(ownerName), url.PathEscape(repoName), "src", "branch", util.PathEscapeSegments(branchName))

  302. 

  303. 			appURL, _ := url.Parse(setting.AppURL)

  304. 

  305. 			insecure := ""

  306. 			if appURL.Scheme == string(setting.HTTP) {

  307. 				insecure = "--insecure "

  308. 			}

  309. 			c.Header().Set("Content-Type", "text/html")

  310. 			c.WriteHeader(http.StatusOK)

  311. 			_, _ = c.Write([]byte(com.Expand(`<!doctype html>

  312. <html>

  313. 	<head>

  314. 		<meta name="go-import" content="{GoGetImport} git {CloneLink}">

  315. 		<meta name="go-source" content="{GoGetImport} _ {GoDocDirectory} {GoDocFile}">

  316. 	</head>

  317. 	<body>

  318. 		go get {Insecure}{GoGetImport}

  319. 	</body>

  320. </html>

  321. `, map[string]string{

  322. 				"GoGetImport":    ComposeGoGetImport(ownerName, trimmedRepoName),

  323. 				"CloneLink":      models.ComposeHTTPSCloneURL(ownerName, repoName),

  324. 				"GoDocDirectory": prefix + "{/dir}",

  325. 				"GoDocFile":      prefix + "{/dir}/{file}#L{line}",

  326. 				"Insecure":       insecure,

  327. 			})))

  328. 			return

  329. 		}

  330. 

  331. 		// Get user from session if logged in.

  332. 		ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req.Request, c.Resp, ctx, ctx.Session)

  333. 

  334. 		if ctx.User != nil {

  335. 			ctx.IsSigned = true

  336. 			ctx.Data["IsSigned"] = ctx.IsSigned

  337. 			ctx.Data["SignedUser"] = ctx.User

  338. 			ctx.Data["SignedUserID"] = ctx.User.ID

  339. 			ctx.Data["SignedUserName"] = ctx.User.Name

  340. 			ctx.Data["IsAdmin"] = ctx.User.IsAdmin

  341. 		} else {

  342. 			ctx.Data["SignedUserID"] = int64(0)

  343. 			ctx.Data["SignedUserName"] = ""

  344. 		}

  345. 

  346. 		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.

  347. 		if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {

  348. 			if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size

  349. 				ctx.ServerError("ParseMultipartForm", err)

  350. 				return

  351. 			}

  352. 		}

  353. 

  354. 		ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

  355. 

  356. 		ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken())

  357. 		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)

  358. 		log.Debug("Session ID: %s", sess.ID())

  359. 		log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"])

  360. 

  361. 		ctx.Data["IsLandingPageHome"] = setting.LandingPageURL == setting.LandingPageHome

  362. 		ctx.Data["IsLandingPageExplore"] = setting.LandingPageURL == setting.LandingPageExplore

  363. 		ctx.Data["IsLandingPageOrganizations"] = setting.LandingPageURL == setting.LandingPageOrganizations

  364. 

  365. 		ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton

  366. 		ctx.Data["ShowMilestonesDashboardPage"] = setting.Service.ShowMilestonesDashboardPage

  367. 		ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding

  368. 		ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion

  369. 

  370. 		ctx.Data["EnableSwagger"] = setting.API.EnableSwagger

  371. 		ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn

  372. 		ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  373. 

  374. 		ctx.Data["ManifestData"] = setting.ManifestData

  375. 

  376. 		c.Map(ctx)

  377. 	}

  378. }