2014-03-15 15:01:50 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2020-01-10 00:34:25 +03:00
// Copyright 2020 The Gitea Authors. All rights reserved.
2014-03-15 15:01:50 +04:00
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2016-03-11 19:56:52 +03:00
package context
2014-03-15 15:01:50 +04:00
import (
2016-11-30 00:49:06 +03:00
"html"
2014-03-22 21:44:02 +04:00
"html/template"
2014-04-15 20:27:29 +04:00
"io"
2014-03-15 15:01:50 +04:00
"net/http"
2018-03-16 00:13:34 +03:00
"net/url"
2017-06-26 04:06:40 +03:00
"path"
2014-03-23 00:40:09 +04:00
"strings"
2014-03-19 17:57:55 +04:00
"time"
2014-03-15 15:01:50 +04:00
2016-11-10 19:24:48 +03:00
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2019-03-18 17:00:23 +03:00
"code.gitea.io/gitea/modules/util"
2019-08-23 19:40:30 +03:00
"gitea.com/macaron/cache"
"gitea.com/macaron/csrf"
"gitea.com/macaron/i18n"
"gitea.com/macaron/macaron"
"gitea.com/macaron/session"
"github.com/unknwon/com"
2014-03-15 15:01:50 +04:00
)
2014-03-15 17:17:16 +04:00
// Context represents context of a request.
2014-03-15 15:01:50 +04:00
type Context struct {
2014-07-26 08:24:27 +04:00
* macaron . Context
2014-08-01 01:25:34 +04:00
Cache cache . Cache
csrf csrf . CSRF
2014-07-26 08:24:27 +04:00
Flash * session . Flash
Session session . Store
2017-06-26 04:06:40 +03:00
Link string // current request URL
2017-11-28 12:43:51 +03:00
EscapedLink string
2014-11-18 19:07:16 +03:00
User * models . User
IsSigned bool
IsBasicAuth bool
2014-03-15 20:03:23 +04:00
2016-03-11 19:56:52 +03:00
Repo * Repository
2016-03-14 00:37:44 +03:00
Org * Organization
2014-03-15 15:01:50 +04:00
}
2019-04-08 01:49:34 +03:00
// IsUserSiteAdmin returns true if current user is a site admin
func ( ctx * Context ) IsUserSiteAdmin ( ) bool {
return ctx . IsSigned && ctx . User . IsAdmin
}
// IsUserRepoOwner returns true if current user owns current repo
func ( ctx * Context ) IsUserRepoOwner ( ) bool {
return ctx . Repo . IsOwner ( )
}
// IsUserRepoAdmin returns true if current user is admin in current repo
func ( ctx * Context ) IsUserRepoAdmin ( ) bool {
return ctx . Repo . IsAdmin ( )
}
// IsUserRepoWriter returns true if current user has write privilege in current repo
func ( ctx * Context ) IsUserRepoWriter ( unitTypes [ ] models . UnitType ) bool {
for _ , unitType := range unitTypes {
if ctx . Repo . CanWrite ( unitType ) {
return true
}
}
return false
}
// IsUserRepoReaderSpecific returns true if current user can read current repo's specific part
func ( ctx * Context ) IsUserRepoReaderSpecific ( unitType models . UnitType ) bool {
return ctx . Repo . CanRead ( unitType )
}
// IsUserRepoReaderAny returns true if current user can read any part of current repo
func ( ctx * Context ) IsUserRepoReaderAny ( ) bool {
return ctx . Repo . HasAccess ( )
}
2016-11-25 09:51:01 +03:00
// HasAPIError returns true if error occurs in form validation.
func ( ctx * Context ) HasAPIError ( ) bool {
2014-05-05 21:08:01 +04:00
hasErr , ok := ctx . Data [ "HasError" ]
if ! ok {
return false
}
return hasErr . ( bool )
}
2016-11-25 09:51:01 +03:00
// GetErrMsg returns error message
2014-05-05 21:08:01 +04:00
func ( ctx * Context ) GetErrMsg ( ) string {
return ctx . Data [ "ErrorMsg" ] . ( string )
}
2014-03-15 18:52:14 +04:00
// HasError returns true if error occurs in form validation.
func ( ctx * Context ) HasError ( ) bool {
hasErr , ok := ctx . Data [ "HasError" ]
if ! ok {
return false
}
2014-04-14 02:12:07 +04:00
ctx . Flash . ErrorMsg = ctx . Data [ "ErrorMsg" ] . ( string )
ctx . Data [ "Flash" ] = ctx . Flash
2014-03-15 18:52:14 +04:00
return hasErr . ( bool )
}
2015-07-08 14:47:56 +03:00
// HasValue returns true if value of given name exists.
func ( ctx * Context ) HasValue ( name string ) bool {
_ , ok := ctx . Data [ name ]
return ok
}
2018-03-16 00:13:34 +03:00
// RedirectToFirst redirects to first not empty URL
func ( ctx * Context ) RedirectToFirst ( location ... string ) {
for _ , loc := range location {
if len ( loc ) == 0 {
continue
}
u , err := url . Parse ( loc )
2020-01-10 00:34:25 +03:00
if err != nil || ( ( u . Scheme != "" || u . Host != "" ) && ! strings . HasPrefix ( strings . ToLower ( loc ) , strings . ToLower ( setting . AppURL ) ) ) {
2018-03-16 00:13:34 +03:00
continue
}
ctx . Redirect ( loc )
return
}
ctx . Redirect ( setting . AppSubURL + "/" )
}
2014-08-02 21:47:33 +04:00
// HTML calls Context.HTML and converts template name to string.
2014-07-26 08:24:27 +04:00
func ( ctx * Context ) HTML ( status int , name base . TplName ) {
2015-12-20 09:06:54 +03:00
log . Debug ( "Template: %s" , name )
2014-08-02 21:47:33 +04:00
ctx . Context . HTML ( status , string ( name ) )
2014-03-20 15:50:26 +04:00
}
2014-03-15 18:52:14 +04:00
// RenderWithErr used for page has form validation but need to prompt error to users.
2014-07-26 08:24:27 +04:00
func ( ctx * Context ) RenderWithErr ( msg string , tpl base . TplName , form interface { } ) {
2014-04-03 23:50:55 +04:00
if form != nil {
auth . AssignForm ( form , ctx . Data )
}
2014-04-11 00:36:50 +04:00
ctx . Flash . ErrorMsg = msg
ctx . Data [ "Flash" ] = ctx . Flash
2014-03-20 15:50:26 +04:00
ctx . HTML ( 200 , tpl )
2014-03-15 18:52:14 +04:00
}
2018-01-11 00:34:17 +03:00
// NotFound displays a 404 (Not Found) page and prints the given error, if any.
func ( ctx * Context ) NotFound ( title string , err error ) {
2019-04-09 21:10:42 +03:00
ctx . notFoundInternal ( title , err )
}
func ( ctx * Context ) notFoundInternal ( title string , err error ) {
2014-05-02 02:53:41 +04:00
if err != nil {
2019-04-09 21:10:42 +03:00
log . ErrorWithSkip ( 2 , "%s: %v" , title , err )
2014-07-26 08:24:27 +04:00
if macaron . Env != macaron . PROD {
2014-05-02 02:53:41 +04:00
ctx . Data [ "ErrorMsg" ] = err
}
2014-03-19 12:48:45 +04:00
}
2019-02-20 02:09:47 +03:00
ctx . Data [ "IsRepo" ] = ctx . Repo . Repository != nil
2018-01-11 00:34:17 +03:00
ctx . Data [ "Title" ] = "Page Not Found"
ctx . HTML ( http . StatusNotFound , base . TplName ( "status/404" ) )
}
// ServerError displays a 500 (Internal Server Error) page and prints the given
// error, if any.
func ( ctx * Context ) ServerError ( title string , err error ) {
2019-04-09 21:10:42 +03:00
ctx . serverErrorInternal ( title , err )
}
func ( ctx * Context ) serverErrorInternal ( title string , err error ) {
2018-01-11 00:34:17 +03:00
if err != nil {
2019-04-09 21:10:42 +03:00
log . ErrorWithSkip ( 2 , "%s: %v" , title , err )
2018-01-11 00:34:17 +03:00
if macaron . Env != macaron . PROD {
ctx . Data [ "ErrorMsg" ] = err
}
2014-05-02 02:53:41 +04:00
}
2018-01-11 00:34:17 +03:00
ctx . Data [ "Title" ] = "Internal Server Error"
2019-01-31 01:00:00 +03:00
ctx . HTML ( http . StatusInternalServerError , base . TplName ( "status/500" ) )
2014-03-15 15:01:50 +04:00
}
2016-08-30 12:08:38 +03:00
// NotFoundOrServerError use error check function to determine if the error
// is about not found. It responses with 404 status code for not found error,
// or error context description for logging purpose of 500 server error.
func ( ctx * Context ) NotFoundOrServerError ( title string , errck func ( error ) bool , err error ) {
2016-07-25 21:48:17 +03:00
if errck ( err ) {
2019-04-09 21:10:42 +03:00
ctx . notFoundInternal ( title , err )
2016-07-25 21:48:17 +03:00
return
}
2019-04-09 21:10:42 +03:00
ctx . serverErrorInternal ( title , err )
2016-07-25 21:48:17 +03:00
}
2016-11-25 09:51:01 +03:00
// HandleText handles HTTP status code
2015-03-28 17:30:05 +03:00
func ( ctx * Context ) HandleText ( status int , title string ) {
2015-07-08 14:47:56 +03:00
if ( status / 100 == 4 ) || ( status / 100 == 5 ) {
2019-04-02 10:48:31 +03:00
log . Error ( "%s" , title )
2015-03-28 17:30:05 +03:00
}
2015-10-16 04:28:12 +03:00
ctx . PlainText ( status , [ ] byte ( title ) )
2015-03-28 17:30:05 +03:00
}
2016-11-25 09:51:01 +03:00
// ServeContent serves content to http request
2014-04-15 20:27:29 +04:00
func ( ctx * Context ) ServeContent ( name string , r io . ReadSeeker , params ... interface { } ) {
modtime := time . Now ( )
for _ , p := range params {
switch v := p . ( type ) {
case time . Time :
modtime = v
}
}
2014-07-26 08:24:27 +04:00
ctx . Resp . Header ( ) . Set ( "Content-Description" , "File Transfer" )
ctx . Resp . Header ( ) . Set ( "Content-Type" , "application/octet-stream" )
ctx . Resp . Header ( ) . Set ( "Content-Disposition" , "attachment; filename=" + name )
ctx . Resp . Header ( ) . Set ( "Content-Transfer-Encoding" , "binary" )
ctx . Resp . Header ( ) . Set ( "Expires" , "0" )
ctx . Resp . Header ( ) . Set ( "Cache-Control" , "must-revalidate" )
ctx . Resp . Header ( ) . Set ( "Pragma" , "public" )
2020-08-13 20:18:18 +03:00
ctx . Resp . Header ( ) . Set ( "Access-Control-Expose-Headers" , "Content-Disposition" )
2014-10-19 07:26:55 +04:00
http . ServeContent ( ctx . Resp , ctx . Req . Request , name , modtime , r )
2014-04-10 22:37:43 +04:00
}
2014-07-26 08:24:27 +04:00
// Contexter initializes a classic context for a request.
func Contexter ( ) macaron . Handler {
2014-08-01 01:25:34 +04:00
return func ( c * macaron . Context , l i18n . Locale , cache cache . Cache , sess session . Store , f * session . Flash , x csrf . CSRF ) {
2014-03-15 15:01:50 +04:00
ctx := & Context {
2014-07-26 08:24:27 +04:00
Context : c ,
2014-08-01 01:25:34 +04:00
Cache : cache ,
csrf : x ,
2014-07-26 08:24:27 +04:00
Flash : f ,
Session : sess ,
2017-11-28 12:43:51 +03:00
Link : setting . AppSubURL + strings . TrimSuffix ( c . Req . URL . EscapedPath ( ) , "/" ) ,
2016-03-11 19:56:52 +03:00
Repo : & Repository {
PullRequest : & PullRequest { } ,
2016-03-07 07:57:46 +03:00
} ,
2016-03-14 00:37:44 +03:00
Org : & Organization { } ,
2014-03-15 15:01:50 +04:00
}
2019-03-18 15:49:01 +03:00
ctx . Data [ "Language" ] = ctx . Locale . Language ( )
2017-06-26 04:06:40 +03:00
c . Data [ "Link" ] = ctx . Link
2020-06-04 06:41:02 +03:00
ctx . Data [ "CurrentURL" ] = setting . AppSubURL + c . Req . URL . RequestURI ( )
2014-07-26 08:24:27 +04:00
ctx . Data [ "PageStartTime" ] = time . Now ( )
2017-06-26 04:06:40 +03:00
// Quick responses appropriate go-get meta with status 200
// regardless of if user have access to the repository,
// or the repository does not exist at all.
// This is particular a workaround for "go get" command which does not respect
// .netrc file.
if ctx . Query ( "go-get" ) == "1" {
ownerName := c . Params ( ":username" )
repoName := c . Params ( ":reponame" )
2019-09-06 16:44:59 +03:00
trimmedRepoName := strings . TrimSuffix ( repoName , ".git" )
if ownerName == "" || trimmedRepoName == "" {
_ , _ = c . Write ( [ ] byte ( ` < ! doctype html >
< html >
< body >
invalid import path
< / body >
< / html >
` ) )
c . WriteHeader ( 400 )
return
}
2017-06-26 04:06:40 +03:00
branchName := "master"
2017-12-02 10:34:39 +03:00
repo , err := models . GetRepositoryByOwnerAndName ( ownerName , repoName )
if err == nil && len ( repo . DefaultBranch ) > 0 {
branchName = repo . DefaultBranch
2017-06-26 04:06:40 +03:00
}
2019-03-18 17:00:23 +03:00
prefix := setting . AppURL + path . Join ( url . PathEscape ( ownerName ) , url . PathEscape ( repoName ) , "src" , "branch" , util . PathEscapeSegments ( branchName ) )
2019-05-28 00:08:38 +03:00
appURL , _ := url . Parse ( setting . AppURL )
insecure := ""
if appURL . Scheme == string ( setting . HTTP ) {
insecure = "--insecure "
}
2018-01-29 20:50:04 +03:00
c . Header ( ) . Set ( "Content-Type" , "text/html" )
c . WriteHeader ( http . StatusOK )
2019-06-12 22:41:28 +03:00
_ , _ = c . Write ( [ ] byte ( com . Expand ( ` < ! doctype html >
2017-06-26 04:06:40 +03:00
< html >
< head >
< meta name = "go-import" content = "{GoGetImport} git {CloneLink}" >
< meta name = "go-source" content = "{GoGetImport} _ {GoDocDirectory} {GoDocFile}" >
< / head >
< body >
2019-05-28 00:08:38 +03:00
go get { Insecure } { GoGetImport }
2017-06-26 04:06:40 +03:00
< / body >
< / html >
` , map [ string ] string {
2019-09-06 16:44:59 +03:00
"GoGetImport" : ComposeGoGetImport ( ownerName , trimmedRepoName ) ,
2017-06-26 04:06:40 +03:00
"CloneLink" : models . ComposeHTTPSCloneURL ( ownerName , repoName ) ,
"GoDocDirectory" : prefix + "{/dir}" ,
"GoDocFile" : prefix + "{/dir}/{file}#L{line}" ,
2019-05-28 00:08:38 +03:00
"Insecure" : insecure ,
2017-06-26 04:06:40 +03:00
} ) ) )
return
}
2014-03-22 16:49:53 +04:00
2017-03-15 03:52:01 +03:00
// Get user from session if logged in.
2015-09-02 09:40:15 +03:00
ctx . User , ctx . IsBasicAuth = auth . SignedInUser ( ctx . Context , ctx . Session )
2014-11-07 22:46:13 +03:00
2014-07-26 08:24:27 +04:00
if ctx . User != nil {
ctx . IsSigned = true
ctx . Data [ "IsSigned" ] = ctx . IsSigned
ctx . Data [ "SignedUser" ] = ctx . User
2016-07-23 20:08:22 +03:00
ctx . Data [ "SignedUserID" ] = ctx . User . ID
2014-11-07 06:06:41 +03:00
ctx . Data [ "SignedUserName" ] = ctx . User . Name
2014-03-20 16:02:14 +04:00
ctx . Data [ "IsAdmin" ] = ctx . User . IsAdmin
2014-11-07 06:06:41 +03:00
} else {
2017-12-04 02:14:26 +03:00
ctx . Data [ "SignedUserID" ] = int64 ( 0 )
2014-11-07 06:06:41 +03:00
ctx . Data [ "SignedUserName" ] = ""
2014-03-15 16:50:17 +04:00
}
2014-03-15 15:01:50 +04:00
2014-07-24 17:19:59 +04:00
// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
2014-07-26 08:24:27 +04:00
if ctx . Req . Method == "POST" && strings . Contains ( ctx . Req . Header . Get ( "Content-Type" ) , "multipart/form-data" ) {
2020-08-18 07:23:45 +03:00
if err := ctx . Req . ParseMultipartForm ( setting . Attachment . MaxSize << 20 ) ; err != nil && ! strings . Contains ( err . Error ( ) , "EOF" ) { // 32MB max size
2018-01-11 00:34:17 +03:00
ctx . ServerError ( "ParseMultipartForm" , err )
2014-07-24 17:19:59 +04:00
return
}
}
2016-11-30 00:49:06 +03:00
ctx . Resp . Header ( ) . Set ( ` X-Frame-Options ` , ` SAMEORIGIN ` )
ctx . Data [ "CsrfToken" ] = html . EscapeString ( x . GetToken ( ) )
ctx . Data [ "CsrfTokenHtml" ] = template . HTML ( ` <input type="hidden" name="_csrf" value=" ` + ctx . Data [ "CsrfToken" ] . ( string ) + ` "> ` )
2015-12-21 15:24:11 +03:00
log . Debug ( "Session ID: %s" , sess . ID ( ) )
log . Debug ( "CSRF Token: %v" , ctx . Data [ "CsrfToken" ] )
2014-03-19 17:57:55 +04:00
2018-08-27 05:23:27 +03:00
ctx . Data [ "IsLandingPageHome" ] = setting . LandingPageURL == setting . LandingPageHome
ctx . Data [ "IsLandingPageExplore" ] = setting . LandingPageURL == setting . LandingPageExplore
ctx . Data [ "IsLandingPageOrganizations" ] = setting . LandingPageURL == setting . LandingPageOrganizations
2015-02-07 05:16:23 +03:00
ctx . Data [ "ShowRegistrationButton" ] = setting . Service . ShowRegistrationButton
2019-12-15 17:20:08 +03:00
ctx . Data [ "ShowMilestonesDashboardPage" ] = setting . Service . ShowMilestonesDashboardPage
2015-03-23 17:19:19 +03:00
ctx . Data [ "ShowFooterBranding" ] = setting . ShowFooterBranding
2015-11-19 00:32:31 +03:00
ctx . Data [ "ShowFooterVersion" ] = setting . ShowFooterVersion
2018-08-27 05:23:27 +03:00
2018-07-28 03:19:01 +03:00
ctx . Data [ "EnableSwagger" ] = setting . API . EnableSwagger
2017-03-29 13:57:43 +03:00
ctx . Data [ "EnableOpenIDSignIn" ] = setting . Service . EnableOpenIDSignIn
2015-02-07 05:16:23 +03:00
2014-03-15 15:01:50 +04:00
c . Map ( ctx )
}
}