gitea/modules/middleware/context.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package middleware

import (
	"crypto/hmac"
	"crypto/sha1"
	"encoding/base64"
	"fmt"
	"html/template"
	"net/http"
	"strconv"
	"strings"
	"time"

	"github.com/go-martini/martini"

	"github.com/gogits/cache"
	"github.com/gogits/git"
	"github.com/gogits/session"

	"github.com/gogits/gogs/models"
	"github.com/gogits/gogs/modules/auth"
	"github.com/gogits/gogs/modules/base"
	"github.com/gogits/gogs/modules/log"
)

// Context represents context of a request.
type Context struct {
	*Render
	c        martini.Context
	p        martini.Params
	Req      *http.Request
	Res      http.ResponseWriter
	Session  session.SessionStore
	Cache    cache.Cache
	User     *models.User
	IsSigned bool

	csrfToken string

	Repo struct {
		IsOwner    bool
		IsWatching bool
		IsBranch   bool
		IsTag      bool
		IsCommit   bool
		Repository *models.Repository
		Owner      *models.User
		Commit     *git.Commit
		GitRepo    *git.Repository
		BranchName string
		CommitId   string
		RepoLink   string
		CloneLink  struct {
			SSH   string
			HTTPS string
			Git   string
		}
	}
}

// Query querys form parameter.
func (ctx *Context) Query(name string) string {
	ctx.Req.ParseForm()
	return ctx.Req.Form.Get(name)
}

// func (ctx *Context) Param(name string) string {
// 	return ctx.p[name]
// }

// HasError returns true if error occurs in form validation.
func (ctx *Context) HasError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	return hasErr.(bool)
}

// HTML calls render.HTML underlying but reduce one argument.
func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) {
	ctx.Render.HTML(status, name, ctx.Data, htmlOpt...)
}

// RenderWithErr used for page has form validation but need to prompt error to users.
func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) {
	ctx.Data["HasError"] = true
	ctx.Data["ErrorMsg"] = msg
	if form != nil {
		auth.AssignForm(form, ctx.Data)
	}
	ctx.HTML(200, tpl)
}

// Handle handles and logs error by given status.
func (ctx *Context) Handle(status int, title string, err error) {
	log.Error("%s: %v", title, err)
	if martini.Dev == martini.Prod {
		ctx.HTML(500, "status/500")
		return
	}

	ctx.Data["ErrorMsg"] = err
	ctx.HTML(status, fmt.Sprintf("status/%d", status))
}

func (ctx *Context) Debug(msg string, args ...interface{}) {
	log.Debug(msg, args...)
}

func (ctx *Context) GetCookie(name string) string {
	cookie, err := ctx.Req.Cookie(name)
	if err != nil {
		return ""
	}
	return cookie.Value
}

func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
	cookie := http.Cookie{}
	cookie.Name = name
	cookie.Value = value

	if len(others) > 0 {
		switch v := others[0].(type) {
		case int:
			cookie.MaxAge = v
		case int64:
			cookie.MaxAge = int(v)
		case int32:
			cookie.MaxAge = int(v)
		}
	}

	// default "/"
	if len(others) > 1 {
		if v, ok := others[1].(string); ok && len(v) > 0 {
			cookie.Path = v
		}
	} else {
		cookie.Path = "/"
	}

	// default empty
	if len(others) > 2 {
		if v, ok := others[2].(string); ok && len(v) > 0 {
			cookie.Domain = v
		}
	}

	// default empty
	if len(others) > 3 {
		switch v := others[3].(type) {
		case bool:
			cookie.Secure = v
		default:
			if others[3] != nil {
				cookie.Secure = true
			}
		}
	}

	// default false. for session cookie default true
	if len(others) > 4 {
		if v, ok := others[4].(bool); ok && v {
			cookie.HttpOnly = true
		}
	}

	ctx.Res.Header().Add("Set-Cookie", cookie.String())
}

// Get secure cookie from request by a given key.
func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
	val := ctx.GetCookie(key)
	if val == "" {
		return "", false
	}

	parts := strings.SplitN(val, "|", 3)

	if len(parts) != 3 {
		return "", false
	}

	vs := parts[0]
	timestamp := parts[1]
	sig := parts[2]

	h := hmac.New(sha1.New, []byte(Secret))
	fmt.Fprintf(h, "%s%s", vs, timestamp)

	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
		return "", false
	}
	res, _ := base64.URLEncoding.DecodeString(vs)
	return string(res), true
}

// Set Secure cookie for response.
func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
	vs := base64.URLEncoding.EncodeToString([]byte(value))
	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
	h := hmac.New(sha1.New, []byte(Secret))
	fmt.Fprintf(h, "%s%s", vs, timestamp)
	sig := fmt.Sprintf("%02x", h.Sum(nil))
	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
	ctx.SetCookie(name, cookie, others...)
}

func (ctx *Context) CsrfToken() string {
	if len(ctx.csrfToken) > 0 {
		return ctx.csrfToken
	}

	token := ctx.GetCookie("_csrf")
	if len(token) == 0 {
		token = base.GetRandomString(30)
		ctx.SetCookie("_csrf", token)
	}
	ctx.csrfToken = token
	return token
}

func (ctx *Context) CsrfTokenValid() bool {
	token := ctx.Query("_csrf")
	if token == "" {
		token = ctx.Req.Header.Get("X-Csrf-Token")
	}
	if token == "" {
		return false
	} else if ctx.csrfToken != token {
		return false
	}
	return true
}

// InitContext initializes a classic context for a request.
func InitContext() martini.Handler {
	return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {

		ctx := &Context{
			c: c,
			// p:      p,
			Req:    r,
			Res:    res,
			Cache:  base.Cache,
			Render: rd,
		}

		ctx.Data["PageStartTime"] = time.Now()

		// start session
		ctx.Session = base.SessionManager.SessionStart(res, r)
		rw := res.(martini.ResponseWriter)
		rw.Before(func(martini.ResponseWriter) {
			ctx.Session.SessionRelease(res)
		})

		// Get user from session if logined.
		user := auth.SignedInUser(ctx.Session)
		ctx.User = user
		ctx.IsSigned = user != nil

		ctx.Data["IsSigned"] = ctx.IsSigned

		if user != nil {
			ctx.Data["SignedUser"] = user
			ctx.Data["SignedUserId"] = user.Id
			ctx.Data["SignedUserName"] = user.Name
			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
		}

		// get or create csrf token
		ctx.Data["CsrfToken"] = ctx.CsrfToken()
		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)

		c.Map(ctx)

		c.Next()
	}
}
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package middleware`

			`import (`
Add auto-login 2014-03-23 00:40:09 +04:00			`"crypto/hmac"`
			`"crypto/sha1"`
			`"encoding/base64"`
Clean code 2014-03-15 17:17:16 +04:00			`"fmt"`
add csrf check 2014-03-22 21:44:02 +04:00			`"html/template"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"net/http"`
Add auto-login 2014-03-23 00:40:09 +04:00			`"strconv"`
			`"strings"`
fork render 2014-03-19 17:57:55 +04:00			`"time"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
Change new martini impot path 2014-03-30 20:11:28 +04:00			`"github.com/go-martini/martini"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
add cache 2014-03-21 17:06:47 +04:00			`"github.com/gogits/cache"`
remove Context.IsValid & verify repo in middleware repo.go 2014-03-30 06:09:59 +04:00			`"github.com/gogits/git"`
update session 2014-03-22 16:49:53 +04:00			`"github.com/gogits/session"`
add cache 2014-03-21 17:06:47 +04:00
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"github.com/gogits/gogs/models"`
			`"github.com/gogits/gogs/modules/auth"`
fix 2014-03-21 17:31:47 +04:00			`"github.com/gogits/gogs/modules/base"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"github.com/gogits/gogs/modules/log"`
			`)`

Clean code 2014-03-15 17:17:16 +04:00			`// Context represents context of a request.`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`type Context struct {`
fork render 2014-03-19 17:57:55 +04:00			`*Render`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`c martini.Context`
			`p martini.Params`
			`Req *http.Request`
			`Res http.ResponseWriter`
update session 2014-03-22 16:49:53 +04:00			`Session session.SessionStore`
add cache 2014-03-21 17:06:47 +04:00			`Cache cache.Cache`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`User *models.User`
			`IsSigned bool`
modify RepoAssignment 2014-03-15 20:03:23 +04:00
add csrf check 2014-03-22 21:44:02 +04:00			`csrfToken string`

modify RepoAssignment 2014-03-15 20:03:23 +04:00			`Repo struct {`
			`IsOwner bool`
Finish watch backend 2014-03-20 07:48:30 +04:00			`IsWatching bool`
remove Context.IsValid & verify repo in middleware repo.go 2014-03-30 06:09:59 +04:00			`IsBranch bool`
			`IsTag bool`
			`IsCommit bool`
modify RepoAssignment 2014-03-15 20:03:23 +04:00			`Repository *models.Repository`
add Owner to Context.Repo 2014-03-15 20:14:26 +04:00			`Owner *models.User`
remove Context.IsValid & verify repo in middleware repo.go 2014-03-30 06:09:59 +04:00			`Commit *git.Commit`
			`GitRepo *git.Repository`
			`BranchName string`
			`CommitId string`
			`RepoLink string`
Mirror fix 2014-03-20 08:12:33 +04:00			`CloneLink struct {`
			`SSH string`
			`HTTPS string`
			`Git string`
			`}`
modify RepoAssignment 2014-03-15 20:03:23 +04:00			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`

Clean code 2014-03-15 17:17:16 +04:00			`// Query querys form parameter.`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`func (ctx *Context) Query(name string) string {`
			`ctx.Req.ParseForm()`
			`return ctx.Req.Form.Get(name)`
			`}`

			`// func (ctx *Context) Param(name string) string {`
			`// return ctx.p[name]`
			`// }`

Clean code 2014-03-15 18:52:14 +04:00			`// HasError returns true if error occurs in form validation.`
			`func (ctx *Context) HasError() bool {`
			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
			`return hasErr.(bool)`
			`}`

Work on admin 2014-03-20 15:50:26 +04:00			`// HTML calls render.HTML underlying but reduce one argument.`
			`func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) {`
			`ctx.Render.HTML(status, name, ctx.Data, htmlOpt...)`
			`}`

Clean code 2014-03-15 18:52:14 +04:00			`// RenderWithErr used for page has form validation but need to prompt error to users.`
			`func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) {`
			`ctx.Data["HasError"] = true`
			`ctx.Data["ErrorMsg"] = msg`
Add: rename repository 2014-04-03 23:50:55 +04:00			`if form != nil {`
			`auth.AssignForm(form, ctx.Data)`
			`}`
Work on admin 2014-03-20 15:50:26 +04:00			`ctx.HTML(200, tpl)`
Clean code 2014-03-15 18:52:14 +04:00			`}`

Clean code 2014-03-15 17:17:16 +04:00			`// Handle handles and logs error by given status.`
			`func (ctx *Context) Handle(status int, title string, err error) {`
			`log.Error("%s: %v", title, err)`
Add some log 2014-03-19 12:48:45 +04:00			`if martini.Dev == martini.Prod {`
Work on admin 2014-03-20 15:50:26 +04:00			`ctx.HTML(500, "status/500")`
Add some log 2014-03-19 12:48:45 +04:00			`return`
			`}`

			`ctx.Data["ErrorMsg"] = err`
Work on admin 2014-03-20 15:50:26 +04:00			`ctx.HTML(status, fmt.Sprintf("status/%d", status))`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`

remove Context.IsValid & verify repo in middleware repo.go 2014-03-30 06:09:59 +04:00			`func (ctx *Context) Debug(msg string, args ...interface{}) {`
			`log.Debug(msg, args...)`
			`}`

add csrf check 2014-03-22 21:44:02 +04:00			`func (ctx *Context) GetCookie(name string) string {`
			`cookie, err := ctx.Req.Cookie(name)`
			`if err != nil {`
			`return ""`
			`}`
			`return cookie.Value`
			`}`

			`func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {`
			`cookie := http.Cookie{}`
			`cookie.Name = name`
			`cookie.Value = value`

			`if len(others) > 0 {`
			`switch v := others[0].(type) {`
			`case int:`
			`cookie.MaxAge = v`
			`case int64:`
			`cookie.MaxAge = int(v)`
			`case int32:`
			`cookie.MaxAge = int(v)`
			`}`
			`}`

			`// default "/"`
			`if len(others) > 1 {`
			`if v, ok := others[1].(string); ok && len(v) > 0 {`
			`cookie.Path = v`
			`}`
			`} else {`
			`cookie.Path = "/"`
			`}`

			`// default empty`
			`if len(others) > 2 {`
			`if v, ok := others[2].(string); ok && len(v) > 0 {`
			`cookie.Domain = v`
			`}`
			`}`

			`// default empty`
			`if len(others) > 3 {`
			`switch v := others[3].(type) {`
			`case bool:`
			`cookie.Secure = v`
			`default:`
			`if others[3] != nil {`
			`cookie.Secure = true`
			`}`
			`}`
			`}`

			`// default false. for session cookie default true`
			`if len(others) > 4 {`
			`if v, ok := others[4].(bool); ok && v {`
			`cookie.HttpOnly = true`
			`}`
			`}`

			`ctx.Res.Header().Add("Set-Cookie", cookie.String())`
			`}`

Add auto-login 2014-03-23 00:40:09 +04:00			`// Get secure cookie from request by a given key.`
			`func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {`
			`val := ctx.GetCookie(key)`
			`if val == "" {`
			`return "", false`
			`}`

			`parts := strings.SplitN(val, "\|", 3)`

			`if len(parts) != 3 {`
			`return "", false`
			`}`

			`vs := parts[0]`
			`timestamp := parts[1]`
			`sig := parts[2]`

			`h := hmac.New(sha1.New, []byte(Secret))`
			`fmt.Fprintf(h, "%s%s", vs, timestamp)`

			`if fmt.Sprintf("%02x", h.Sum(nil)) != sig {`
			`return "", false`
			`}`
			`res, _ := base64.URLEncoding.DecodeString(vs)`
			`return string(res), true`
			`}`

			`// Set Secure cookie for response.`
			`func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {`
			`vs := base64.URLEncoding.EncodeToString([]byte(value))`
			`timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)`
			`h := hmac.New(sha1.New, []byte(Secret))`
			`fmt.Fprintf(h, "%s%s", vs, timestamp)`
			`sig := fmt.Sprintf("%02x", h.Sum(nil))`
			`cookie := strings.Join([]string{vs, timestamp, sig}, "\|")`
			`ctx.SetCookie(name, cookie, others...)`
			`}`

add csrf check 2014-03-22 21:44:02 +04:00			`func (ctx *Context) CsrfToken() string {`
			`if len(ctx.csrfToken) > 0 {`
			`return ctx.csrfToken`
			`}`

			`token := ctx.GetCookie("_csrf")`
			`if len(token) == 0 {`
			`token = base.GetRandomString(30)`
			`ctx.SetCookie("_csrf", token)`
			`}`
			`ctx.csrfToken = token`
			`return token`
			`}`

			`func (ctx *Context) CsrfTokenValid() bool {`
			`token := ctx.Query("_csrf")`
			`if token == "" {`
			`token = ctx.Req.Header.Get("X-Csrf-Token")`
			`}`
			`if token == "" {`
			`return false`
			`} else if ctx.csrfToken != token {`
			`return false`
			`}`
			`return true`
			`}`

Clean code 2014-03-15 17:17:16 +04:00			`// InitContext initializes a classic context for a request.`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`func InitContext() martini.Handler {`
update session 2014-03-22 16:49:53 +04:00			`return func(res http.ResponseWriter, r http.Request, c martini.Context, rd Render) {`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
			`ctx := &Context{`
			`c: c,`
			`// p: p,`
update session 2014-03-22 16:49:53 +04:00			`Req: r,`
			`Res: res,`
			`Cache: base.Cache,`
			`Render: rd,`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`

add csrf check 2014-03-22 21:44:02 +04:00			`ctx.Data["PageStartTime"] = time.Now()`

update session 2014-03-22 16:49:53 +04:00			`// start session`
			`ctx.Session = base.SessionManager.SessionStart(res, r)`
add csrf check 2014-03-22 21:44:02 +04:00			`rw := res.(martini.ResponseWriter)`
			`rw.Before(func(martini.ResponseWriter) {`
update session 2014-03-22 16:49:53 +04:00			`ctx.Session.SessionRelease(res)`
add csrf check 2014-03-22 21:44:02 +04:00			`})`
update session 2014-03-22 16:49:53 +04:00
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`// Get user from session if logined.`
update session 2014-03-22 16:49:53 +04:00			`user := auth.SignedInUser(ctx.Session)`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`ctx.User = user`
fix context 2014-03-15 16:50:17 +04:00			`ctx.IsSigned = user != nil`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
fork render 2014-03-19 17:57:55 +04:00			`ctx.Data["IsSigned"] = ctx.IsSigned`
fix context 2014-03-15 16:50:17 +04:00
			`if user != nil {`
fork render 2014-03-19 17:57:55 +04:00			`ctx.Data["SignedUser"] = user`
			`ctx.Data["SignedUserId"] = user.Id`
fix some link 2014-03-30 13:03:00 +04:00			`ctx.Data["SignedUserName"] = user.Name`
Work on admin 2014-03-20 16:02:14 +04:00			`ctx.Data["IsAdmin"] = ctx.User.IsAdmin`
fix context 2014-03-15 16:50:17 +04:00			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
add csrf check 2014-03-22 21:44:02 +04:00			`// get or create csrf token`
			`ctx.Data["CsrfToken"] = ctx.CsrfToken()`
			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
fork render 2014-03-19 17:57:55 +04:00
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`c.Map(ctx)`

			`c.Next()`
			`}`
			`}`