forgejo/modules/context/context.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package context

import (
	"fmt"
	"html"
	"html/template"
	"io"
	"net/http"
	"strings"
	"time"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/auth"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"
	"github.com/go-macaron/cache"
	"github.com/go-macaron/csrf"
	"github.com/go-macaron/i18n"
	"github.com/go-macaron/session"
	macaron "gopkg.in/macaron.v1"
)

// Context represents context of a request.
type Context struct {
	*macaron.Context
	Cache   cache.Cache
	csrf    csrf.CSRF
	Flash   *session.Flash
	Session session.Store

	User        *models.User
	IsSigned    bool
	IsBasicAuth bool

	Repo *Repository
	Org  *Organization
}

// HasAPIError returns true if error occurs in form validation.
func (ctx *Context) HasAPIError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	return hasErr.(bool)
}

// GetErrMsg returns error message
func (ctx *Context) GetErrMsg() string {
	return ctx.Data["ErrorMsg"].(string)
}

// HasError returns true if error occurs in form validation.
func (ctx *Context) HasError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
	ctx.Data["Flash"] = ctx.Flash
	return hasErr.(bool)
}

// HasValue returns true if value of given name exists.
func (ctx *Context) HasValue(name string) bool {
	_, ok := ctx.Data[name]
	return ok
}

// HTML calls Context.HTML and converts template name to string.
func (ctx *Context) HTML(status int, name base.TplName) {
	log.Debug("Template: %s", name)
	ctx.Context.HTML(status, string(name))
}

// RenderWithErr used for page has form validation but need to prompt error to users.
func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {
	if form != nil {
		auth.AssignForm(form, ctx.Data)
	}
	ctx.Flash.ErrorMsg = msg
	ctx.Data["Flash"] = ctx.Flash
	ctx.HTML(200, tpl)
}

// Handle handles and logs error by given status.
func (ctx *Context) Handle(status int, title string, err error) {
	if err != nil {
		log.Error(4, "%s: %v", title, err)
		if macaron.Env != macaron.PROD {
			ctx.Data["ErrorMsg"] = err
		}
	}

	switch status {
	case 404:
		ctx.Data["Title"] = "Page Not Found"
	case 500:
		ctx.Data["Title"] = "Internal Server Error"
	}
	ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
}

// NotFoundOrServerError use error check function to determine if the error
// is about not found. It responses with 404 status code for not found error,
// or error context description for logging purpose of 500 server error.
func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool, err error) {
	if errck(err) {
		ctx.Handle(404, title, err)
		return
	}

	ctx.Handle(500, title, err)
}

// HandleText handles HTTP status code
func (ctx *Context) HandleText(status int, title string) {
	if (status/100 == 4) || (status/100 == 5) {
		log.Error(4, "%s", title)
	}
	ctx.PlainText(status, []byte(title))
}

// ServeContent serves content to http request
func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
	modtime := time.Now()
	for _, p := range params {
		switch v := p.(type) {
		case time.Time:
			modtime = v
		}
	}
	ctx.Resp.Header().Set("Content-Description", "File Transfer")
	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
	ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)
	ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")
	ctx.Resp.Header().Set("Expires", "0")
	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
	ctx.Resp.Header().Set("Pragma", "public")
	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
}

// Contexter initializes a classic context for a request.
func Contexter() macaron.Handler {
	return func(c *macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f *session.Flash, x csrf.CSRF) {
		ctx := &Context{
			Context: c,
			Cache:   cache,
			csrf:    x,
			Flash:   f,
			Session: sess,
			Repo: &Repository{
				PullRequest: &PullRequest{},
			},
			Org: &Organization{},
		}
		// Compute current URL for real-time change language.
		ctx.Data["Link"] = setting.AppSubURL + strings.TrimSuffix(ctx.Req.URL.Path, "/")

		ctx.Data["PageStartTime"] = time.Now()

		// Get user from session if logged in.
		ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)

		if ctx.User != nil {
			ctx.IsSigned = true
			ctx.Data["IsSigned"] = ctx.IsSigned
			ctx.Data["SignedUser"] = ctx.User
			ctx.Data["SignedUserID"] = ctx.User.ID
			ctx.Data["SignedUserName"] = ctx.User.Name
			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
		} else {
			ctx.Data["SignedUserID"] = 0
			ctx.Data["SignedUserName"] = ""
		}

		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
		if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
			if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
				ctx.Handle(500, "ParseMultipartForm", err)
				return
			}
		}

		ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

		ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken())
		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
		log.Debug("Session ID: %s", sess.ID())
		log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"])

		ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
		ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
		ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion
		ctx.Data["EnableOpenIDSignIn"] = setting.EnableOpenIDSignIn

		c.Map(ctx)
	}
}
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

Rename module: middleware -> context 2016-03-11 11:56:52 -05:00			`package context`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00
			`import (`
Clean code 2014-03-15 09:17:16 -04:00			`"fmt"`
Fixes xss, clickjacking & password autocompletion 2016-11-29 22:49:06 +01:00			`"html"`
add csrf check 2014-03-23 01:44:02 +08:00			`"html/template"`
zip archive download 2014-04-16 00:27:29 +08:00			`"io"`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`"net/http"`
Add auto-login 2014-03-22 16:40:09 -04:00			`"strings"`
fork render 2014-03-19 21:57:55 +08:00			`"time"`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path 2016-11-10 17:24:48 +01:00			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/auth"`
			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/setting"`
Fix imports found by goimports. 2016-11-05 17:56:35 +01:00			`"github.com/go-macaron/cache"`
			`"github.com/go-macaron/csrf"`
			`"github.com/go-macaron/i18n"`
			`"github.com/go-macaron/session"`
			`macaron "gopkg.in/macaron.v1"`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`)`

Clean code 2014-03-15 09:17:16 -04:00			`// Context represents context of a request.`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`type Context struct {`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`*macaron.Context`
Convert captcha, cache, csrf as middlewares 2014-07-31 17:25:34 -04:00			`Cache cache.Cache`
			`csrf csrf.CSRF`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`Flash *session.Flash`
			`Session session.Store`

more APIs on #12 2014-11-18 11:07:16 -05:00			`User *models.User`
			`IsSigned bool`
			`IsBasicAuth bool`
modify RepoAssignment 2014-03-16 00:03:23 +08:00
Rename module: middleware -> context 2016-03-11 11:56:52 -05:00			`Repo *Repository`
Add APIContext 2016-03-13 17:37:44 -04:00			`Org *Organization`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`}`

Golint fixed for modules/context 2016-11-25 14:51:01 +08:00			`// HasAPIError returns true if error occurs in form validation.`
			`func (ctx *Context) HasAPIError() bool {`
Clean api code 2014-05-05 13:08:01 -04:00			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
			`return hasErr.(bool)`
			`}`

Golint fixed for modules/context 2016-11-25 14:51:01 +08:00			`// GetErrMsg returns error message`
Clean api code 2014-05-05 13:08:01 -04:00			`func (ctx *Context) GetErrMsg() string {`
			`return ctx.Data["ErrorMsg"].(string)`
			`}`

Clean code 2014-03-15 10:52:14 -04:00			`// HasError returns true if error occurs in form validation.`
			`func (ctx *Context) HasError() bool {`
			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
Clean oauth code 2014-04-13 18:12:07 -04:00			`ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)`
			`ctx.Data["Flash"] = ctx.Flash`
Clean code 2014-03-15 10:52:14 -04:00			`return hasErr.(bool)`
			`}`

UI: install - new version 2015-07-08 19:47:56 +08:00			`// HasValue returns true if value of given name exists.`
			`func (ctx *Context) HasValue(name string) bool {`
			`_, ok := ctx.Data[name]`
			`return ok`
			`}`

Finish new repo settings page 2014-08-02 13:47:33 -04:00			`// HTML calls Context.HTML and converts template name to string.`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`func (ctx *Context) HTML(status int, name base.TplName) {`
#2014 allow switch branches between two orgs in compose PR 2015-12-20 01:06:54 -05:00			`log.Debug("Template: %s", name)`
Finish new repo settings page 2014-08-02 13:47:33 -04:00			`ctx.Context.HTML(status, string(name))`
Work on admin 2014-03-20 07:50:26 -04:00			`}`

Clean code 2014-03-15 10:52:14 -04:00			`// RenderWithErr used for page has form validation but need to prompt error to users.`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {`
Add: rename repository 2014-04-03 15:50:55 -04:00			`if form != nil {`
			`auth.AssignForm(form, ctx.Data)`
			`}`
Add flash 2014-04-10 16:36:50 -04:00			`ctx.Flash.ErrorMsg = msg`
			`ctx.Data["Flash"] = ctx.Flash`
Work on admin 2014-03-20 07:50:26 -04:00			`ctx.HTML(200, tpl)`
Clean code 2014-03-15 10:52:14 -04:00			`}`

Clean code 2014-03-15 09:17:16 -04:00			`// Handle handles and logs error by given status.`
			`func (ctx *Context) Handle(status int, title string, err error) {`
Add router log config option 2014-05-01 18:53:41 -04:00			`if err != nil {`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`log.Error(4, "%s: %v", title, err)`
			`if macaron.Env != macaron.PROD {`
Add router log config option 2014-05-01 18:53:41 -04:00			`ctx.Data["ErrorMsg"] = err`
			`}`
Add some log 2014-03-19 04:48:45 -04:00			`}`

Add router log config option 2014-05-01 18:53:41 -04:00			`switch status {`
			`case 404:`
			`ctx.Data["Title"] = "Page Not Found"`
			`case 500:`
			`ctx.Data["Title"] = "Internal Server Error"`
			`}`
In progress of name template name constant 2014-06-22 13:14:03 -04:00			`ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`}`

router/repo: code refactoring 2016-08-30 02:08:38 -07:00			`// NotFoundOrServerError use error check function to determine if the error`
			`// is about not found. It responses with 404 status code for not found error,`
			`// or error context description for logging purpose of 500 server error.`
			`func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool, err error) {`
#1601 support delete issue comment 2016-07-26 02:48:17 +08:00			`if errck(err) {`
router/repo: code refactoring 2016-08-30 02:08:38 -07:00			`ctx.Handle(404, title, err)`
#1601 support delete issue comment 2016-07-26 02:48:17 +08:00			`return`
			`}`

			`ctx.Handle(500, title, err)`
			`}`

Golint fixed for modules/context 2016-11-25 14:51:01 +08:00			`// HandleText handles HTTP status code`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 22:30:05 +08:00			`func (ctx *Context) HandleText(status int, title string) {`
UI: install - new version 2015-07-08 19:47:56 +08:00			`if (status/100 == 4) \|\| (status/100 == 5) {`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 22:30:05 +08:00			`log.Error(4, "%s", title)`
			`}`
fix import path, fix #1782 2015-10-15 21:28:12 -04:00			`ctx.PlainText(status, []byte(title))`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 22:30:05 +08:00			`}`

Golint fixed for modules/context 2016-11-25 14:51:01 +08:00			`// ServeContent serves content to http request`
zip archive download 2014-04-16 00:27:29 +08:00			`func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {`
			`modtime := time.Now()`
			`for _, p := range params {`
			`switch v := p.(type) {`
			`case time.Time:`
			`modtime = v`
			`}`
			`}`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`ctx.Resp.Header().Set("Content-Description", "File Transfer")`
			`ctx.Resp.Header().Set("Content-Type", "application/octet-stream")`
			`ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)`
			`ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")`
			`ctx.Resp.Header().Set("Expires", "0")`
			`ctx.Resp.Header().Set("Cache-Control", "must-revalidate")`
			`ctx.Resp.Header().Set("Pragma", "public")`
Fix API broken 2014-10-18 23:26:55 -04:00			`http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)`
Work on form resubmit 2014-04-10 14:37:43 -04:00			`}`

New UI merge in progress 2014-07-26 00:24:27 -04:00			`// Contexter initializes a classic context for a request.`
			`func Contexter() macaron.Handler {`
Convert captcha, cache, csrf as middlewares 2014-07-31 17:25:34 -04:00			`return func(c macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f session.Flash, x csrf.CSRF) {`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`ctx := &Context{`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`Context: c,`
Convert captcha, cache, csrf as middlewares 2014-07-31 17:25:34 -04:00			`Cache: cache,`
			`csrf: x,`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`Flash: f,`
			`Session: sess,`
Rename module: middleware -> context 2016-03-11 11:56:52 -05:00			`Repo: &Repository{`
			`PullRequest: &PullRequest{},`
Fix pull request availability check 2016-03-06 23:57:46 -05:00			`},`
Add APIContext 2016-03-13 17:37:44 -04:00			`Org: &Organization{},`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`}`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`// Compute current URL for real-time change language.`
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket 2016-11-27 18:14:25 +08:00			`ctx.Data["Link"] = setting.AppSubURL + strings.TrimSuffix(ctx.Req.URL.Path, "/")`
Work on form resubmit 2014-04-10 14:37:43 -04:00
New UI merge in progress 2014-07-26 00:24:27 -04:00			`ctx.Data["PageStartTime"] = time.Now()`
update session 2014-03-22 20:49:53 +08:00
Fix typos in models/ and modules/ (#1248) 2017-03-14 20:52:01 -04:00			`// Get user from session if logged in.`
#842 able to use access token replace basic auth 2015-09-02 02:40:15 -04:00			`ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)`
work on #609 2014-11-07 14:46:13 -05:00
New UI merge in progress 2014-07-26 00:24:27 -04:00			`if ctx.User != nil {`
			`ctx.IsSigned = true`
			`ctx.Data["IsSigned"] = ctx.IsSigned`
			`ctx.Data["SignedUser"] = ctx.User`
Refactor User.Id to User.ID 2016-07-24 01:08:22 +08:00			`ctx.Data["SignedUserID"] = ctx.User.ID`
Fix #605, fix #255, fix #101 2014-11-06 22:06:41 -05:00			`ctx.Data["SignedUserName"] = ctx.User.Name`
Work on admin 2014-03-20 08:02:14 -04:00			`ctx.Data["IsAdmin"] = ctx.User.IsAdmin`
Fix #605, fix #255, fix #101 2014-11-06 22:06:41 -05:00			`} else {`
able edit issue title 2015-08-19 23:14:57 +08:00			`ctx.Data["SignedUserID"] = 0`
Fix #605, fix #255, fix #101 2014-11-06 22:06:41 -05:00			`ctx.Data["SignedUserName"] = ""`
fix context 2014-03-15 20:50:17 +08:00			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00
Add file upload for attachments 2014-07-24 15:19:59 +02:00			`// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.`
New UI merge in progress 2014-07-26 00:24:27 -04:00			`if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {`
			`if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size`
			`ctx.Handle(500, "ParseMultipartForm", err)`
Add file upload for attachments 2014-07-24 15:19:59 +02:00			`return`
			`}`
			`}`

Fixes xss, clickjacking & password autocompletion 2016-11-29 22:49:06 +01:00			ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

			`ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken())`
			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
#1692 APIs: Users Followers - User profile un/follow - List user's followers/following 2015-12-21 04:24:11 -08:00			`log.Debug("Session ID: %s", sess.ID())`
			`log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"])`
fork render 2014-03-19 21:57:55 +08:00
code fix for #908, and work for #884 2015-02-06 21:16:23 -05:00			`ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton`
#1080: Remove footer ads/branding from default template 2015-03-23 10:19:19 -04:00			`ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding`
fix #1957 - disable version display This allows the admin to disable the version information about gogs and go in use in the footer. 2015-11-18 22:32:31 +01:00			`ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion`
Login via OpenID-2.0 (#618) 2017-03-17 15:16:08 +01:00			`ctx.Data["EnableOpenIDSignIn"] = setting.EnableOpenIDSignIn`
code fix for #908, and work for #884 2015-02-06 21:16:23 -05:00
move templateFuncs to one file, add middleware context. 2014-03-15 19:01:50 +08:00			`c.Map(ctx)`
			`}`
			`}`