auth.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package middleware
  5. import (
  6. "fmt"
  7. "net/url"
  8. "github.com/Unknwon/macaron"
  9. "github.com/macaron-contrib/csrf"
  10. "github.com/gogits/gogs/models"
  11. "github.com/gogits/gogs/modules/auth"
  12. "github.com/gogits/gogs/modules/base"
  13. "github.com/gogits/gogs/modules/log"
  14. "github.com/gogits/gogs/modules/setting"
  15. )
  16. type ToggleOptions struct {
  17. SignInRequire bool
  18. SignOutRequire bool
  19. AdminRequire bool
  20. DisableCsrf bool
  21. }
  22. // AutoSignIn reads cookie and try to auto-login.
  23. func AutoSignIn(ctx *Context) (bool, error) {
  24. uname := ctx.GetCookie(setting.CookieUserName)
  25. if len(uname) == 0 {
  26. return false, nil
  27. }
  28. isSucceed := false
  29. defer func() {
  30. if !isSucceed {
  31. log.Trace("auto-login cookie cleared: %s", uname)
  32. ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
  33. ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
  34. }
  35. }()
  36. u, err := models.GetUserByName(uname)
  37. if err != nil {
  38. if !models.IsErrUserNotExist(err) {
  39. return false, fmt.Errorf("GetUserByName: %v", err)
  40. }
  41. return false, nil
  42. }
  43. if val, _ := ctx.GetSuperSecureCookie(
  44. base.EncodeMd5(u.Rands+u.Passwd), setting.CookieRememberName); val != u.Name {
  45. return false, nil
  46. }
  47. isSucceed = true
  48. ctx.Session.Set("uid", u.Id)
  49. ctx.Session.Set("uname", u.Name)
  50. return true, nil
  51. }
  52. func Toggle(options *ToggleOptions) macaron.Handler {
  53. return func(ctx *Context) {
  54. // Cannot view any page before installation.
  55. if !setting.InstallLock {
  56. ctx.Redirect(setting.AppSubUrl + "/install")
  57. return
  58. }
  59. // Checking non-logged users landing page.
  60. if !ctx.IsSigned && ctx.Req.RequestURI == "/" && setting.LandingPageUrl != setting.LANDING_PAGE_HOME {
  61. ctx.Redirect(setting.AppSubUrl + string(setting.LandingPageUrl))
  62. return
  63. }
  64. // Redirect to dashboard if user tries to visit any non-login page.
  65. if options.SignOutRequire && ctx.IsSigned && ctx.Req.RequestURI != "/" {
  66. ctx.Redirect(setting.AppSubUrl + "/")
  67. return
  68. }
  69. if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
  70. csrf.Validate(ctx.Context, ctx.csrf)
  71. if ctx.Written() {
  72. return
  73. }
  74. }
  75. if options.SignInRequire {
  76. if !ctx.IsSigned {
  77. // Restrict API calls with error message.
  78. if auth.IsAPIPath(ctx.Req.URL.Path) {
  79. ctx.HandleAPI(403, "Only signed in user is allowed to call APIs.")
  80. return
  81. }
  82. ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
  83. ctx.Redirect(setting.AppSubUrl + "/user/login")
  84. return
  85. } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
  86. ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
  87. ctx.HTML(200, "user/auth/activate")
  88. return
  89. }
  90. }
  91. if options.AdminRequire {
  92. if !ctx.User.IsAdmin {
  93. ctx.Error(403)
  94. return
  95. }
  96. ctx.Data["PageIsAdmin"] = true
  97. }
  98. }
  99. }
  100. // Contexter middleware already checks token for user sign in process.
  101. func ApiReqToken() macaron.Handler {
  102. return func(ctx *Context) {
  103. if !ctx.IsSigned {
  104. ctx.Error(403)
  105. return
  106. }
  107. }
  108. }
  109. func ApiReqBasicAuth() macaron.Handler {
  110. return func(ctx *Context) {
  111. if !ctx.IsBasicAuth {
  112. ctx.Error(403)
  113. return
  114. }
  115. }
  116. }