gitea/modules/middleware/context.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package middleware

import (
	"fmt"
	"html/template"
	"io"
	"net/http"
	"strings"
	"time"

	"github.com/Unknwon/macaron"
	"github.com/macaron-contrib/cache"
	"github.com/macaron-contrib/csrf"
	"github.com/macaron-contrib/i18n"
	"github.com/macaron-contrib/session"

	"github.com/gogits/gogs/models"
	"github.com/gogits/gogs/modules/auth"
	"github.com/gogits/gogs/modules/base"
	"github.com/gogits/gogs/modules/git"
	"github.com/gogits/gogs/modules/log"
	"github.com/gogits/gogs/modules/setting"
)

type RepoContext struct {
	AccessMode   models.AccessMode
	IsWatching   bool
	IsBranch     bool
	IsTag        bool
	IsCommit     bool
	Repository   *models.Repository
	Owner        *models.User
	Commit       *git.Commit
	Tag          *git.Tag
	GitRepo      *git.Repository
	BranchName   string
	TagName      string
	TreeName     string
	CommitID     string
	RepoLink     string
	CloneLink    models.CloneLink
	CommitsCount int
	Mirror       *models.Mirror
}

// Context represents context of a request.
type Context struct {
	*macaron.Context
	Cache   cache.Cache
	csrf    csrf.CSRF
	Flash   *session.Flash
	Session session.Store

	User        *models.User
	IsSigned    bool
	IsBasicAuth bool

	Repo RepoContext

	Org struct {
		IsOwner      bool
		IsMember     bool
		IsAdminTeam  bool // In owner team or team that has admin permission level.
		Organization *models.User
		OrgLink      string

		Team *models.Team
	}
}

// IsOwner returns true if current user is the owner of repository.
func (r RepoContext) IsOwner() bool {
	return r.AccessMode >= models.ACCESS_MODE_OWNER
}

// IsAdmin returns true if current user has admin or higher access of repository.
func (r RepoContext) IsAdmin() bool {
	return r.AccessMode >= models.ACCESS_MODE_ADMIN
}

// Return if the current user has read access for this repository
func (r RepoContext) HasAccess() bool {
	return r.AccessMode >= models.ACCESS_MODE_READ
}

// HasError returns true if error occurs in form validation.
func (ctx *Context) HasApiError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	return hasErr.(bool)
}

func (ctx *Context) GetErrMsg() string {
	return ctx.Data["ErrorMsg"].(string)
}

// HasError returns true if error occurs in form validation.
func (ctx *Context) HasError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
	ctx.Data["Flash"] = ctx.Flash
	return hasErr.(bool)
}

// HasValue returns true if value of given name exists.
func (ctx *Context) HasValue(name string) bool {
	_, ok := ctx.Data[name]
	return ok
}

// HTML calls Context.HTML and converts template name to string.
func (ctx *Context) HTML(status int, name base.TplName) {
	ctx.Context.HTML(status, string(name))
}

// RenderWithErr used for page has form validation but need to prompt error to users.
func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {
	if form != nil {
		auth.AssignForm(form, ctx.Data)
	}
	ctx.Flash.ErrorMsg = msg
	ctx.Data["Flash"] = ctx.Flash
	ctx.HTML(200, tpl)
}

// Handle handles and logs error by given status.
func (ctx *Context) Handle(status int, title string, err error) {
	if err != nil {
		log.Error(4, "%s: %v", title, err)
		if macaron.Env != macaron.PROD {
			ctx.Data["ErrorMsg"] = err
		}
	}

	switch status {
	case 404:
		ctx.Data["Title"] = "Page Not Found"
	case 500:
		ctx.Data["Title"] = "Internal Server Error"
	}
	ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
}

func (ctx *Context) HandleText(status int, title string) {
	if (status/100 == 4) || (status/100 == 5) {
		log.Error(4, "%s", title)
	}
	ctx.RenderData(status, []byte(title))
}

func (ctx *Context) HandleAPI(status int, obj interface{}) {
	var message string
	if err, ok := obj.(error); ok {
		message = err.Error()
	} else {
		message = obj.(string)
	}
	ctx.JSON(status, map[string]string{
		"message": message,
	})
}

func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
	modtime := time.Now()
	for _, p := range params {
		switch v := p.(type) {
		case time.Time:
			modtime = v
		}
	}
	ctx.Resp.Header().Set("Content-Description", "File Transfer")
	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
	ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)
	ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")
	ctx.Resp.Header().Set("Expires", "0")
	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
	ctx.Resp.Header().Set("Pragma", "public")
	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
}

// Contexter initializes a classic context for a request.
func Contexter() macaron.Handler {
	return func(c *macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f *session.Flash, x csrf.CSRF) {
		ctx := &Context{
			Context: c,
			Cache:   cache,
			csrf:    x,
			Flash:   f,
			Session: sess,
		}
		// Compute current URL for real-time change language.
		ctx.Data["Link"] = setting.AppSubUrl + ctx.Req.URL.Path

		ctx.Data["PageStartTime"] = time.Now()

		// Check auto-signin.
		if sess.Get("uid") == nil {
			if _, err := AutoSignIn(ctx); err != nil {
				ctx.Handle(500, "AutoSignIn", err)
				return
			}
		}

		// Get user from session if logined.
		ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session)

		if ctx.User != nil {
			ctx.IsSigned = true
			ctx.Data["IsSigned"] = ctx.IsSigned
			ctx.Data["SignedUser"] = ctx.User
			ctx.Data["SignedUserID"] = ctx.User.Id
			ctx.Data["SignedUserName"] = ctx.User.Name
			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
		} else {
			ctx.Data["SignedUserID"] = 0
			ctx.Data["SignedUserName"] = ""
		}

		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
		if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
			if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
				ctx.Handle(500, "ParseMultipartForm", err)
				return
			}
		}

		ctx.Data["CsrfToken"] = x.GetToken()
		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + x.GetToken() + `">`)

		ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
		ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding

		c.Map(ctx)
	}
}
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package middleware`

			`import (`
Clean code 2014-03-15 17:17:16 +04:00			`"fmt"`
add csrf check 2014-03-22 21:44:02 +04:00			`"html/template"`
zip archive download 2014-04-15 20:27:29 +04:00			`"io"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"net/http"`
Add auto-login 2014-03-23 00:40:09 +04:00			`"strings"`
fork render 2014-03-19 17:57:55 +04:00			`"time"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
New UI merge in progress 2014-07-26 08:24:27 +04:00			`"github.com/Unknwon/macaron"`
Convert captcha, cache, csrf as middlewares 2014-08-01 01:25:34 +04:00			`"github.com/macaron-contrib/cache"`
			`"github.com/macaron-contrib/csrf"`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`"github.com/macaron-contrib/i18n"`
			`"github.com/macaron-contrib/session"`
add cache 2014-03-21 17:06:47 +04:00
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"github.com/gogits/gogs/models"`
			`"github.com/gogits/gogs/modules/auth"`
fix 2014-03-21 17:31:47 +04:00			`"github.com/gogits/gogs/modules/base"`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`"github.com/gogits/gogs/modules/git"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`"github.com/gogits/gogs/modules/log"`
Fixed #209 2014-05-26 04:11:25 +04:00			`"github.com/gogits/gogs/modules/setting"`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`)`

new create webhook UI 2015-08-26 19:30:06 +03:00			`type RepoContext struct {`
			`AccessMode models.AccessMode`
			`IsWatching bool`
			`IsBranch bool`
			`IsTag bool`
			`IsCommit bool`
			`Repository *models.Repository`
			`Owner *models.User`
			`Commit *git.Commit`
			`Tag *git.Tag`
			`GitRepo *git.Repository`
			`BranchName string`
			`TagName string`
			`TreeName string`
rename fields 2015-08-31 10:24:28 +03:00			`CommitID string`
new create webhook UI 2015-08-26 19:30:06 +03:00			`RepoLink string`
			`CloneLink models.CloneLink`
			`CommitsCount int`
			`Mirror *models.Mirror`
			`}`

Clean code 2014-03-15 17:17:16 +04:00			`// Context represents context of a request.`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`type Context struct {`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`*macaron.Context`
Convert captcha, cache, csrf as middlewares 2014-08-01 01:25:34 +04:00			`Cache cache.Cache`
			`csrf csrf.CSRF`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`Flash *session.Flash`
			`Session session.Store`

more APIs on #12 2014-11-18 19:07:16 +03:00			`User *models.User`
			`IsSigned bool`
			`IsBasicAuth bool`
modify RepoAssignment 2014-03-15 20:03:23 +04:00
Updating context and fixing permission issues The boolean flags in the repo context have been replaced with mode and two methods Also, the permissions have been brought more in line with https://help.github.com/articles/permission-levels-for-an-organization-repository/ , Admin Team members are able to change settings of their repositories. 2015-02-16 13:51:56 +03:00			`Repo RepoContext`
Page: `/org/:orgname/settings` 2014-08-14 10:12:21 +04:00
			`Org struct {`
			`IsOwner bool`
			`IsMember bool`
Finish new organization members and invitation page 2014-08-15 14:29:41 +04:00			`IsAdminTeam bool // In owner team or team that has admin permission level.`
Page: `/org/:orgname/settings` 2014-08-14 10:12:21 +04:00			`Organization *models.User`
Finish new organization members and invitation page 2014-08-15 14:29:41 +04:00			`OrgLink string`
Finish team list, create new team, join/leave team page 2014-08-16 12:21:17 +04:00
			`Team *models.Team`
Page: `/org/:orgname/settings` 2014-08-14 10:12:21 +04:00			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`

able edit issue labels/milestone/assignee 2015-08-14 19:42:43 +03:00			`// IsOwner returns true if current user is the owner of repository.`
Updating context and fixing permission issues The boolean flags in the repo context have been replaced with mode and two methods Also, the permissions have been brought more in line with https://help.github.com/articles/permission-levels-for-an-organization-repository/ , Admin Team members are able to change settings of their repositories. 2015-02-16 13:51:56 +03:00			`func (r RepoContext) IsOwner() bool {`
able edit issue labels/milestone/assignee 2015-08-14 19:42:43 +03:00			`return r.AccessMode >= models.ACCESS_MODE_OWNER`
			`}`

			`// IsAdmin returns true if current user has admin or higher access of repository.`
			`func (r RepoContext) IsAdmin() bool {`
			`return r.AccessMode >= models.ACCESS_MODE_ADMIN`
Updating context and fixing permission issues The boolean flags in the repo context have been replaced with mode and two methods Also, the permissions have been brought more in line with https://help.github.com/articles/permission-levels-for-an-organization-repository/ , Admin Team members are able to change settings of their repositories. 2015-02-16 13:51:56 +03:00			`}`

			`// Return if the current user has read access for this repository`
			`func (r RepoContext) HasAccess() bool {`
			`return r.AccessMode >= models.ACCESS_MODE_READ`
			`}`

Clean api code 2014-05-05 21:08:01 +04:00			`// HasError returns true if error occurs in form validation.`
			`func (ctx *Context) HasApiError() bool {`
			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
			`return hasErr.(bool)`
			`}`

			`func (ctx *Context) GetErrMsg() string {`
			`return ctx.Data["ErrorMsg"].(string)`
			`}`

Clean code 2014-03-15 18:52:14 +04:00			`// HasError returns true if error occurs in form validation.`
			`func (ctx *Context) HasError() bool {`
			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
Clean oauth code 2014-04-14 02:12:07 +04:00			`ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)`
			`ctx.Data["Flash"] = ctx.Flash`
Clean code 2014-03-15 18:52:14 +04:00			`return hasErr.(bool)`
			`}`

UI: install - new version 2015-07-08 14:47:56 +03:00			`// HasValue returns true if value of given name exists.`
			`func (ctx *Context) HasValue(name string) bool {`
			`_, ok := ctx.Data[name]`
			`return ok`
			`}`

Finish new repo settings page 2014-08-02 21:47:33 +04:00			`// HTML calls Context.HTML and converts template name to string.`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`func (ctx *Context) HTML(status int, name base.TplName) {`
Finish new repo settings page 2014-08-02 21:47:33 +04:00			`ctx.Context.HTML(status, string(name))`
Work on admin 2014-03-20 15:50:26 +04:00			`}`

Clean code 2014-03-15 18:52:14 +04:00			`// RenderWithErr used for page has form validation but need to prompt error to users.`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {`
Add: rename repository 2014-04-03 23:50:55 +04:00			`if form != nil {`
			`auth.AssignForm(form, ctx.Data)`
			`}`
Add flash 2014-04-11 00:36:50 +04:00			`ctx.Flash.ErrorMsg = msg`
			`ctx.Data["Flash"] = ctx.Flash`
Work on admin 2014-03-20 15:50:26 +04:00			`ctx.HTML(200, tpl)`
Clean code 2014-03-15 18:52:14 +04:00			`}`

Clean code 2014-03-15 17:17:16 +04:00			`// Handle handles and logs error by given status.`
			`func (ctx *Context) Handle(status int, title string, err error) {`
Add router log config option 2014-05-02 02:53:41 +04:00			`if err != nil {`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`log.Error(4, "%s: %v", title, err)`
			`if macaron.Env != macaron.PROD {`
Add router log config option 2014-05-02 02:53:41 +04:00			`ctx.Data["ErrorMsg"] = err`
			`}`
Add some log 2014-03-19 12:48:45 +04:00			`}`

Add router log config option 2014-05-02 02:53:41 +04:00			`switch status {`
			`case 404:`
			`ctx.Data["Title"] = "Page Not Found"`
			`case 500:`
			`ctx.Data["Title"] = "Internal Server Error"`
			`}`
In progress of name template name constant 2014-06-22 21:14:03 +04:00			`ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`

Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 17:30:05 +03:00			`func (ctx *Context) HandleText(status int, title string) {`
UI: install - new version 2015-07-08 14:47:56 +03:00			`if (status/100 == 4) \|\| (status/100 == 5) {`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 17:30:05 +03:00			`log.Error(4, "%s", title)`
			`}`
			`ctx.RenderData(status, []byte(title))`
			`}`

routers: able to migrate repo from local path - modules/middleware/context.go: add HandleAPI method 2015-02-22 17:49:25 +03:00			`func (ctx *Context) HandleAPI(status int, obj interface{}) {`
			`var message string`
			`if err, ok := obj.(error); ok {`
			`message = err.Error()`
			`} else {`
			`message = obj.(string)`
			`}`
			`ctx.JSON(status, map[string]string{`
			`"message": message,`
			`})`
			`}`

zip archive download 2014-04-15 20:27:29 +04:00			`func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {`
			`modtime := time.Now()`
			`for _, p := range params {`
			`switch v := p.(type) {`
			`case time.Time:`
			`modtime = v`
			`}`
			`}`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`ctx.Resp.Header().Set("Content-Description", "File Transfer")`
			`ctx.Resp.Header().Set("Content-Type", "application/octet-stream")`
			`ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)`
			`ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")`
			`ctx.Resp.Header().Set("Expires", "0")`
			`ctx.Resp.Header().Set("Cache-Control", "must-revalidate")`
			`ctx.Resp.Header().Set("Pragma", "public")`
Fix API broken 2014-10-19 07:26:55 +04:00			`http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)`
Work on form resubmit 2014-04-10 22:37:43 +04:00			`}`

New UI merge in progress 2014-07-26 08:24:27 +04:00			`// Contexter initializes a classic context for a request.`
			`func Contexter() macaron.Handler {`
Convert captcha, cache, csrf as middlewares 2014-08-01 01:25:34 +04:00			`return func(c macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f session.Flash, x csrf.CSRF) {`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`ctx := &Context{`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`Context: c,`
Convert captcha, cache, csrf as middlewares 2014-08-01 01:25:34 +04:00			`Cache: cache,`
			`csrf: x,`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`Flash: f,`
			`Session: sess,`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`}`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`// Compute current URL for real-time change language.`
UI compatibility 2015-03-21 16:24:59 +03:00			`ctx.Data["Link"] = setting.AppSubUrl + ctx.Req.URL.Path`
Work on form resubmit 2014-04-10 22:37:43 +04:00
New UI merge in progress 2014-07-26 08:24:27 +04:00			`ctx.Data["PageStartTime"] = time.Now()`
update session 2014-03-22 16:49:53 +04:00
Show owner/poster tags of comments and fix #1312 2015-08-13 21:43:40 +03:00			`// Check auto-signin.`
			`if sess.Get("uid") == nil {`
			`if _, err := AutoSignIn(ctx); err != nil {`
			`ctx.Handle(500, "AutoSignIn", err)`
			`return`
			`}`
			`}`

move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`// Get user from session if logined.`
more APIs on #12 2014-11-18 19:07:16 +03:00			`ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Req.Request, ctx.Session)`
work on #609 2014-11-07 22:46:13 +03:00
New UI merge in progress 2014-07-26 08:24:27 +04:00			`if ctx.User != nil {`
			`ctx.IsSigned = true`
			`ctx.Data["IsSigned"] = ctx.IsSigned`
			`ctx.Data["SignedUser"] = ctx.User`
able edit issue title 2015-08-19 18:14:57 +03:00			`ctx.Data["SignedUserID"] = ctx.User.Id`
Fix #605, fix #255, fix #101 2014-11-07 06:06:41 +03:00			`ctx.Data["SignedUserName"] = ctx.User.Name`
Work on admin 2014-03-20 16:02:14 +04:00			`ctx.Data["IsAdmin"] = ctx.User.IsAdmin`
Fix #605, fix #255, fix #101 2014-11-07 06:06:41 +03:00			`} else {`
able edit issue title 2015-08-19 18:14:57 +03:00			`ctx.Data["SignedUserID"] = 0`
Fix #605, fix #255, fix #101 2014-11-07 06:06:41 +03:00			`ctx.Data["SignedUserName"] = ""`
fix context 2014-03-15 16:50:17 +04:00			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00
Add file upload for attachments 2014-07-24 17:19:59 +04:00			`// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {`
			`if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size`
			`ctx.Handle(500, "ParseMultipartForm", err)`
Add file upload for attachments 2014-07-24 17:19:59 +04:00			`return`
			`}`
			`}`

Convert captcha, cache, csrf as middlewares 2014-08-01 01:25:34 +04:00			`ctx.Data["CsrfToken"] = x.GetToken()`
			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + x.GetToken() + `">`)
fork render 2014-03-19 17:57:55 +04:00
code fix for #908, and work for #884 2015-02-07 05:16:23 +03:00			`ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton`
#1080: Remove footer ads/branding from default template 2015-03-23 17:19:19 +03:00			`ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding`
code fix for #908, and work for #884 2015-02-07 05:16:23 +03:00
move templateFuncs to one file, add middleware context. 2014-03-15 15:01:50 +04:00			`c.Map(ctx)`
			`}`
			`}`