mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2333 Commits
17 Branches
Tree: ff051e2106
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ff051e2106'
${ noResults }
gitea/modules/middleware/auth.go

auth.go 2.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package middleware

  6. 

  7. import (

  8. 	"net/url"

  9. 

  10. 	"github.com/Unknwon/macaron"

  11. 	"github.com/macaron-contrib/csrf"

  12. 

  13. 	"github.com/gogits/gogs/modules/auth"

  14. 	"github.com/gogits/gogs/modules/setting"

  15. )

  16. 

  17. type ToggleOptions struct {

  18. 	SignInRequire  bool

  19. 	SignOutRequire bool

  20. 	AdminRequire   bool

  21. 	DisableCsrf    bool

  22. }

  23. 

  24. func Toggle(options *ToggleOptions) macaron.Handler {

  25. 	return func(ctx *Context) {

  26. 		// Cannot view any page before installation.

  27. 		if !setting.InstallLock {

  28. 			ctx.Redirect(setting.AppSubUrl + "/install")

  29. 			return

  30. 		}

  31. 

  32. 		// Checking non-logged users landing page.

  33. 		if !ctx.IsSigned && ctx.Req.RequestURI == "/" && setting.LandingPageUrl != setting.LANDING_PAGE_HOME {

  34. 			ctx.Redirect(setting.AppSubUrl + string(setting.LandingPageUrl))

  35. 			return

  36. 		}

  37. 

  38. 		// Redirect to dashboard if user tries to visit any non-login page.

  39. 		if options.SignOutRequire && ctx.IsSigned && ctx.Req.RequestURI != "/" {

  40. 			ctx.Redirect(setting.AppSubUrl + "/")

  41. 			return

  42. 		}

  43. 

  44. 		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {

  45. 			csrf.Validate(ctx.Context, ctx.csrf)

  46. 			if ctx.Written() {

  47. 				return

  48. 			}

  49. 		}

  50. 

  51. 		if options.SignInRequire {

  52. 			if !ctx.IsSigned {

  53. 				// Restrict API calls with error message.

  54. 				if auth.IsAPIPath(ctx.Req.URL.Path) {

  55. 					ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.")

  56. 					return

  57. 				}

  58. 

  59. 				ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)

  60. 				ctx.Redirect(setting.AppSubUrl + "/user/login")

  61. 				return

  62. 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {

  63. 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")

  64. 				ctx.HTML(200, "user/auth/activate")

  65. 				return

  66. 			}

  67. 		}

  68. 

  69. 		if options.AdminRequire {

  70. 			if !ctx.User.IsAdmin {

  71. 				ctx.Error(403)

  72. 				return

  73. 			}

  74. 			ctx.Data["PageIsAdmin"] = true

  75. 		}

  76. 	}

  77. }

  78. 

  79. // Contexter middleware already checks token for user sign in process.

  80. func ApiReqToken() macaron.Handler {

  81. 	return func(ctx *Context) {

  82. 		if !ctx.IsSigned {

  83. 			ctx.Error(403)

  84. 			return

  85. 		}

  86. 	}

  87. }

  88. 

  89. func ApiReqBasicAuth() macaron.Handler {

  90. 	return func(ctx *Context) {

  91. 		if !ctx.IsBasicAuth {

  92. 			ctx.Error(403)

  93. 			return

  94. 		}

  95. 	}

  96. }