2020-11-13 15:51:07 +03:00
// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2021-06-09 02:33:54 +03:00
package web
2020-11-13 15:51:07 +03:00
import (
"errors"
"fmt"
"io"
"net/http"
"os"
"path"
2021-03-23 20:20:24 +03:00
"path/filepath"
2020-11-13 15:51:07 +03:00
"strings"
2021-01-20 04:47:43 +03:00
"code.gitea.io/gitea/modules/context"
2020-11-18 01:44:52 +03:00
"code.gitea.io/gitea/modules/httpcache"
2020-11-13 15:51:07 +03:00
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/storage"
2021-01-26 18:36:53 +03:00
"code.gitea.io/gitea/modules/templates"
2021-01-30 11:55:53 +03:00
"code.gitea.io/gitea/modules/web/middleware"
2021-06-09 20:53:16 +03:00
"code.gitea.io/gitea/services/auth"
2020-11-13 15:51:07 +03:00
2021-01-05 16:05:40 +03:00
"gitea.com/go-chi/session"
2020-11-13 15:51:07 +03:00
)
func storageHandler ( storageSetting setting . Storage , prefix string , objStore storage . ObjectStorage ) func ( next http . Handler ) http . Handler {
return func ( next http . Handler ) http . Handler {
if storageSetting . ServeDirect {
return http . HandlerFunc ( func ( w http . ResponseWriter , req * http . Request ) {
if req . Method != "GET" && req . Method != "HEAD" {
next . ServeHTTP ( w , req )
return
}
2021-01-13 23:30:46 +03:00
if ! strings . HasPrefix ( req . URL . RequestURI ( ) , "/" + prefix ) {
2020-11-13 15:51:07 +03:00
next . ServeHTTP ( w , req )
return
}
2021-01-13 23:30:46 +03:00
rPath := strings . TrimPrefix ( req . URL . RequestURI ( ) , "/" + prefix )
2020-11-13 15:51:07 +03:00
u , err := objStore . URL ( rPath , path . Base ( rPath ) )
if err != nil {
if os . IsNotExist ( err ) || errors . Is ( err , os . ErrNotExist ) {
log . Warn ( "Unable to find %s %s" , prefix , rPath )
http . Error ( w , "file not found" , 404 )
return
}
log . Error ( "Error whilst getting URL for %s %s. Error: %v" , prefix , rPath , err )
http . Error ( w , fmt . Sprintf ( "Error whilst getting URL for %s %s" , prefix , rPath ) , 500 )
return
}
http . Redirect (
w ,
req ,
u . String ( ) ,
301 ,
)
} )
}
return http . HandlerFunc ( func ( w http . ResponseWriter , req * http . Request ) {
if req . Method != "GET" && req . Method != "HEAD" {
next . ServeHTTP ( w , req )
return
}
2021-03-23 20:20:24 +03:00
prefix := strings . Trim ( prefix , "/" )
if ! strings . HasPrefix ( req . URL . EscapedPath ( ) , "/" + prefix + "/" ) {
2020-11-13 15:51:07 +03:00
next . ServeHTTP ( w , req )
return
}
2021-03-23 20:20:24 +03:00
rPath := strings . TrimPrefix ( req . URL . EscapedPath ( ) , "/" + prefix + "/" )
2020-11-13 15:51:07 +03:00
rPath = strings . TrimPrefix ( rPath , "/" )
2021-03-23 20:20:24 +03:00
if rPath == "" {
http . Error ( w , "file not found" , 404 )
return
}
rPath = path . Clean ( "/" + filepath . ToSlash ( rPath ) )
rPath = rPath [ 1 : ]
2020-11-18 01:44:52 +03:00
fi , err := objStore . Stat ( rPath )
if err == nil && httpcache . HandleTimeCache ( req , w , fi ) {
return
}
2020-11-13 15:51:07 +03:00
//If we have matched and access to release or issue
fr , err := objStore . Open ( rPath )
if err != nil {
if os . IsNotExist ( err ) || errors . Is ( err , os . ErrNotExist ) {
log . Warn ( "Unable to find %s %s" , prefix , rPath )
http . Error ( w , "file not found" , 404 )
return
}
log . Error ( "Error whilst opening %s %s. Error: %v" , prefix , rPath , err )
http . Error ( w , fmt . Sprintf ( "Error whilst opening %s %s" , prefix , rPath ) , 500 )
return
}
defer fr . Close ( )
_ , err = io . Copy ( w , fr )
if err != nil {
log . Error ( "Error whilst rendering %s %s. Error: %v" , prefix , rPath , err )
http . Error ( w , fmt . Sprintf ( "Error whilst rendering %s %s" , prefix , rPath ) , 500 )
return
}
} )
}
}
2021-06-09 02:33:54 +03:00
type dataStore map [ string ] interface { }
2020-11-13 15:51:07 +03:00
2021-01-26 18:36:53 +03:00
func ( d * dataStore ) GetData ( ) map [ string ] interface { } {
2021-06-09 02:33:54 +03:00
return * d
2020-11-13 15:51:07 +03:00
}
2021-01-26 18:36:53 +03:00
// Recovery returns a middleware that recovers from any panics and writes a 500 and a log if so.
// This error will be created with the gitea 500 page.
func Recovery ( ) func ( next http . Handler ) http . Handler {
var rnd = templates . HTMLRenderer ( )
return func ( next http . Handler ) http . Handler {
return http . HandlerFunc ( func ( w http . ResponseWriter , req * http . Request ) {
defer func ( ) {
if err := recover ( ) ; err != nil {
combinedErr := fmt . Sprintf ( "PANIC: %v\n%s" , err , string ( log . Stack ( 2 ) ) )
log . Error ( "%v" , combinedErr )
sessionStore := session . GetSession ( req )
if sessionStore == nil {
2021-10-20 17:37:19 +03:00
if setting . IsProd {
2021-01-26 18:36:53 +03:00
http . Error ( w , http . StatusText ( 500 ) , 500 )
} else {
http . Error ( w , combinedErr , 500 )
}
return
}
2020-11-16 10:33:41 +03:00
2021-01-30 11:55:53 +03:00
var lc = middleware . Locale ( w , req )
2021-01-26 18:36:53 +03:00
var store = dataStore {
2021-06-09 02:33:54 +03:00
"Language" : lc . Language ( ) ,
"CurrentURL" : setting . AppSubURL + req . URL . RequestURI ( ) ,
"i18n" : lc ,
2021-01-26 18:36:53 +03:00
}
2020-11-13 15:51:07 +03:00
2021-09-28 16:13:04 +03:00
var user = context . GetContextUser ( req )
2021-05-15 18:32:09 +03:00
if user == nil {
// Get user from session if logged in - do not attempt to sign-in
2021-06-09 20:53:16 +03:00
user = auth . SessionUser ( sessionStore )
2021-05-15 18:32:09 +03:00
}
2021-01-26 18:36:53 +03:00
if user != nil {
2021-06-09 02:33:54 +03:00
store [ "IsSigned" ] = true
store [ "SignedUser" ] = user
store [ "SignedUserID" ] = user . ID
store [ "SignedUserName" ] = user . Name
store [ "IsAdmin" ] = user . IsAdmin
2021-01-26 18:36:53 +03:00
} else {
2021-06-09 02:33:54 +03:00
store [ "SignedUserID" ] = int64 ( 0 )
store [ "SignedUserName" ] = ""
2021-01-26 18:36:53 +03:00
}
2020-11-13 15:51:07 +03:00
2021-08-06 23:47:10 +03:00
w . Header ( ) . Set ( ` X-Frame-Options ` , setting . CORSConfig . XFrameOptions )
2020-11-17 23:50:06 +03:00
2021-10-20 17:37:19 +03:00
if ! setting . IsProd {
2021-06-09 02:33:54 +03:00
store [ "ErrorMsg" ] = combinedErr
2021-01-26 18:36:53 +03:00
}
2021-06-09 02:33:54 +03:00
err = rnd . HTML ( w , 500 , "status/500" , templates . BaseVars ( ) . Merge ( store ) )
2021-01-26 18:36:53 +03:00
if err != nil {
log . Error ( "%v" , err )
}
}
} ( )
2020-11-17 23:50:06 +03:00
2021-01-26 18:36:53 +03:00
next . ServeHTTP ( w , req )
} )
2020-11-17 23:50:06 +03:00
}
2020-11-13 15:51:07 +03:00
}