mirrors
/
gitea
огледало од https://github.com/go-gitea/gitea.git
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Издања 211 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16860 Комити
17 Гране
Дрво: e20023af58
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'e20023af58'
${ noResults }
gitea/modules/context/context.go

context.go 8.6KB
Датотека Blame Историја

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package context

  6. 

  7. import (

  8. 	"context"

  9. 	"encoding/hex"

  10. 	"html"

  11. 	"html/template"

  12. 	"io"

  13. 	"net/http"

  14. 	"net/url"

  15. 	"strings"

  16. 	"time"

  17. 

  18. 	"code.gitea.io/gitea/models/unit"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	mc "code.gitea.io/gitea/modules/cache"

  21. 	"code.gitea.io/gitea/modules/git"

  22. 	"code.gitea.io/gitea/modules/httpcache"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	"code.gitea.io/gitea/modules/templates"

  25. 	"code.gitea.io/gitea/modules/translation"

  26. 	"code.gitea.io/gitea/modules/web"

  27. 	"code.gitea.io/gitea/modules/web/middleware"

  28. 	web_types "code.gitea.io/gitea/modules/web/types"

  29. 

  30. 	"gitea.com/go-chi/cache"

  31. 	"gitea.com/go-chi/session"

  32. )

  33. 

  34. // Render represents a template render

  35. type Render interface {

  36. 	TemplateLookup(tmpl string, templateCtx context.Context) (templates.TemplateExecutor, error)

  37. 	HTML(w io.Writer, status int, name string, data any, templateCtx context.Context) error

  38. }

  39. 

  40. // Context represents context of a request.

  41. type Context struct {

  42. 	*Base

  43. 

  44. 	TemplateContext TemplateContext

  45. 

  46. 	Render   Render

  47. 	PageData map[string]any // data used by JavaScript modules in one page, it's `window.config.pageData`

  48. 

  49. 	Cache   cache.Cache

  50. 	Csrf    CSRFProtector

  51. 	Flash   *middleware.Flash

  52. 	Session session.Store

  53. 

  54. 	Link string // current request URL (without query string)

  55. 

  56. 	Doer        *user_model.User // current signed-in user

  57. 	IsSigned    bool

  58. 	IsBasicAuth bool

  59. 

  60. 	ContextUser *user_model.User // the user which is being visited, in most cases it differs from Doer

  61. 

  62. 	Repo    *Repository

  63. 	Org     *Organization

  64. 	Package *Package

  65. }

  66. 

  67. type TemplateContext map[string]any

  68. 

  69. func init() {

  70. 	web.RegisterResponseStatusProvider[*Context](func(req *http.Request) web_types.ResponseStatusProvider {

  71. 		return req.Context().Value(WebContextKey).(*Context)

  72. 	})

  73. }

  74. 

  75. // TrHTMLEscapeArgs runs ".Locale.Tr()" but pre-escapes all arguments with html.EscapeString.

  76. // This is useful if the locale message is intended to only produce HTML content.

  77. func (ctx *Context) TrHTMLEscapeArgs(msg string, args ...string) string {

  78. 	trArgs := make([]any, len(args))

  79. 	for i, arg := range args {

  80. 		trArgs[i] = html.EscapeString(arg)

  81. 	}

  82. 	return ctx.Locale.Tr(msg, trArgs...)

  83. }

  84. 

  85. type webContextKeyType struct{}

  86. 

  87. var WebContextKey = webContextKeyType{}

  88. 

  89. func GetWebContext(req *http.Request) *Context {

  90. 	ctx, _ := req.Context().Value(WebContextKey).(*Context)

  91. 	return ctx

  92. }

  93. 

  94. // ValidateContext is a special context for form validation middleware. It may be different from other contexts.

  95. type ValidateContext struct {

  96. 	*Base

  97. }

  98. 

  99. // GetValidateContext gets a context for middleware form validation

  100. func GetValidateContext(req *http.Request) (ctx *ValidateContext) {

  101. 	if ctxAPI, ok := req.Context().Value(apiContextKey).(*APIContext); ok {

  102. 		ctx = &ValidateContext{Base: ctxAPI.Base}

  103. 	} else if ctxWeb, ok := req.Context().Value(WebContextKey).(*Context); ok {

  104. 		ctx = &ValidateContext{Base: ctxWeb.Base}

  105. 	} else {

  106. 		panic("invalid context, expect either APIContext or Context")

  107. 	}

  108. 	return ctx

  109. }

  110. 

  111. func NewTemplateContextForWeb(ctx *Context) TemplateContext {

  112. 	tmplCtx := NewTemplateContext(ctx)

  113. 	tmplCtx["Locale"] = ctx.Base.Locale

  114. 	tmplCtx["AvatarUtils"] = templates.NewAvatarUtils(ctx)

  115. 	return tmplCtx

  116. }

  117. 

  118. func NewWebContext(base *Base, render Render, session session.Store) *Context {

  119. 	ctx := &Context{

  120. 		Base:    base,

  121. 		Render:  render,

  122. 		Session: session,

  123. 

  124. 		Cache: mc.GetCache(),

  125. 		Link:  setting.AppSubURL + strings.TrimSuffix(base.Req.URL.EscapedPath(), "/"),

  126. 		Repo:  &Repository{PullRequest: &PullRequest{}},

  127. 		Org:   &Organization{},

  128. 	}

  129. 	ctx.TemplateContext = NewTemplateContextForWeb(ctx)

  130. 	ctx.Flash = &middleware.Flash{DataStore: ctx, Values: url.Values{}}

  131. 	return ctx

  132. }

  133. 

  134. // Contexter initializes a classic context for a request.

  135. func Contexter() func(next http.Handler) http.Handler {

  136. 	rnd := templates.HTMLRenderer()

  137. 	csrfOpts := CsrfOptions{

  138. 		Secret:         hex.EncodeToString(setting.GetGeneralTokenSigningSecret()),

  139. 		Cookie:         setting.CSRFCookieName,

  140. 		SetCookie:      true,

  141. 		Secure:         setting.SessionConfig.Secure,

  142. 		CookieHTTPOnly: setting.CSRFCookieHTTPOnly,

  143. 		Header:         "X-Csrf-Token",

  144. 		CookieDomain:   setting.SessionConfig.Domain,

  145. 		CookiePath:     setting.SessionConfig.CookiePath,

  146. 		SameSite:       setting.SessionConfig.SameSite,

  147. 	}

  148. 	if !setting.IsProd {

  149. 		CsrfTokenRegenerationInterval = 5 * time.Second // in dev, re-generate the tokens more aggressively for debug purpose

  150. 	}

  151. 	return func(next http.Handler) http.Handler {

  152. 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {

  153. 			base, baseCleanUp := NewBaseContext(resp, req)

  154. 			defer baseCleanUp()

  155. 			ctx := NewWebContext(base, rnd, session.GetSession(req))

  156. 

  157. 			ctx.Data.MergeFrom(middleware.CommonTemplateContextData())

  158. 			ctx.Data["Context"] = ctx // TODO: use "ctx" in template and remove this

  159. 			ctx.Data["CurrentURL"] = setting.AppSubURL + req.URL.RequestURI()

  160. 			ctx.Data["Link"] = ctx.Link

  161. 

  162. 			// PageData is passed by reference, and it will be rendered to `window.config.pageData` in `head.tmpl` for JavaScript modules

  163. 			ctx.PageData = map[string]any{}

  164. 			ctx.Data["PageData"] = ctx.PageData

  165. 

  166. 			ctx.Base.AppendContextValue(WebContextKey, ctx)

  167. 			ctx.Base.AppendContextValueFunc(git.RepositoryContextKey, func() any { return ctx.Repo.GitRepo })

  168. 

  169. 			ctx.Csrf = PrepareCSRFProtector(csrfOpts, ctx)

  170. 

  171. 			// Get the last flash message from cookie

  172. 			lastFlashCookie := middleware.GetSiteCookie(ctx.Req, CookieNameFlash)

  173. 			if vals, _ := url.ParseQuery(lastFlashCookie); len(vals) > 0 {

  174. 				// store last Flash message into the template data, to render it

  175. 				ctx.Data["Flash"] = &middleware.Flash{

  176. 					DataStore:  ctx,

  177. 					Values:     vals,

  178. 					ErrorMsg:   vals.Get("error"),

  179. 					SuccessMsg: vals.Get("success"),

  180. 					InfoMsg:    vals.Get("info"),

  181. 					WarningMsg: vals.Get("warning"),

  182. 				}

  183. 			}

  184. 

  185. 			// if there are new messages in the ctx.Flash, write them into cookie

  186. 			ctx.Resp.Before(func(resp ResponseWriter) {

  187. 				if val := ctx.Flash.Encode(); val != "" {

  188. 					middleware.SetSiteCookie(ctx.Resp, CookieNameFlash, val, 0)

  189. 				} else if lastFlashCookie != "" {

  190. 					middleware.SetSiteCookie(ctx.Resp, CookieNameFlash, "", -1)

  191. 				}

  192. 			})

  193. 

  194. 			// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.

  195. 			if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {

  196. 				if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size

  197. 					ctx.ServerError("ParseMultipartForm", err)

  198. 					return

  199. 				}

  200. 			}

  201. 

  202. 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")

  203. 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

  204. 

  205. 			ctx.Data["CsrfToken"] = ctx.Csrf.GetToken()

  206. 			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)

  207. 

  208. 			// FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these

  209. 			ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  210. 			ctx.Data["DisableStars"] = setting.Repository.DisableStars

  211. 			ctx.Data["EnableActions"] = setting.Actions.Enabled

  212. 

  213. 			ctx.Data["ManifestData"] = setting.ManifestData

  214. 

  215. 			ctx.Data["UnitWikiGlobalDisabled"] = unit.TypeWiki.UnitGlobalDisabled()

  216. 			ctx.Data["UnitIssuesGlobalDisabled"] = unit.TypeIssues.UnitGlobalDisabled()

  217. 			ctx.Data["UnitPullsGlobalDisabled"] = unit.TypePullRequests.UnitGlobalDisabled()

  218. 			ctx.Data["UnitProjectsGlobalDisabled"] = unit.TypeProjects.UnitGlobalDisabled()

  219. 			ctx.Data["UnitActionsGlobalDisabled"] = unit.TypeActions.UnitGlobalDisabled()

  220. 

  221. 			ctx.Data["AllLangs"] = translation.AllLangs()

  222. 

  223. 			next.ServeHTTP(ctx.Resp, ctx.Req)

  224. 		})

  225. 	}

  226. }

  227. 

  228. // HasError returns true if error occurs in form validation.

  229. // Attention: this function changes ctx.Data and ctx.Flash

  230. func (ctx *Context) HasError() bool {

  231. 	hasErr, ok := ctx.Data["HasError"]

  232. 	if !ok {

  233. 		return false

  234. 	}

  235. 	ctx.Flash.ErrorMsg = ctx.GetErrMsg()

  236. 	ctx.Data["Flash"] = ctx.Flash

  237. 	return hasErr.(bool)

  238. }

  239. 

  240. // GetErrMsg returns error message in form validation.

  241. func (ctx *Context) GetErrMsg() string {

  242. 	msg, _ := ctx.Data["ErrorMsg"].(string)

  243. 	if msg == "" {

  244. 		msg = "invalid form data"

  245. 	}

  246. 	return msg

  247. }

  248. 

  249. func (ctx *Context) JSONRedirect(redirect string) {

  250. 	ctx.JSON(http.StatusOK, map[string]any{"redirect": redirect})

  251. }

  252. 

  253. func (ctx *Context) JSONOK() {

  254. 	ctx.JSON(http.StatusOK, map[string]any{"ok": true}) // this is only a dummy response, frontend seldom uses it

  255. }

  256. 

  257. func (ctx *Context) JSONError(msg string) {

  258. 	ctx.JSON(http.StatusBadRequest, map[string]any{"errorMessage": msg})

  259. }