123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
- package middleware
- import (
- "fmt"
- "html/template"
- "io"
- "net/http"
- "strings"
- "time"
- "github.com/go-macaron/cache"
- "github.com/go-macaron/csrf"
- "github.com/go-macaron/i18n"
- "github.com/go-macaron/session"
- "gopkg.in/macaron.v1"
- "github.com/gogits/gogs/models"
- "github.com/gogits/gogs/modules/auth"
- "github.com/gogits/gogs/modules/base"
- "github.com/gogits/gogs/modules/git"
- "github.com/gogits/gogs/modules/log"
- "github.com/gogits/gogs/modules/setting"
- )
- type RepoContext struct {
- AccessMode models.AccessMode
- IsWatching bool
- IsBranch bool
- IsTag bool
- IsCommit bool
- Repository *models.Repository
- Owner *models.User
- Commit *git.Commit
- Tag *git.Tag
- GitRepo *git.Repository
- BranchName string
- TagName string
- TreeName string
- CommitID string
- RepoLink string
- CloneLink models.CloneLink
- CommitsCount int
- Mirror *models.Mirror
- }
- // Context represents context of a request.
- type Context struct {
- *macaron.Context
- Cache cache.Cache
- csrf csrf.CSRF
- Flash *session.Flash
- Session session.Store
- User *models.User
- IsSigned bool
- IsBasicAuth bool
- Repo RepoContext
- Org struct {
- IsOwner bool
- IsMember bool
- IsAdminTeam bool // In owner team or team that has admin permission level.
- Organization *models.User
- OrgLink string
- Team *models.Team
- }
- }
- // IsOwner returns true if current user is the owner of repository.
- func (r RepoContext) IsOwner() bool {
- return r.AccessMode >= models.ACCESS_MODE_OWNER
- }
- // IsAdmin returns true if current user has admin or higher access of repository.
- func (r RepoContext) IsAdmin() bool {
- return r.AccessMode >= models.ACCESS_MODE_ADMIN
- }
- // Return if the current user has read access for this repository
- func (r RepoContext) HasAccess() bool {
- return r.AccessMode >= models.ACCESS_MODE_READ
- }
- // HasError returns true if error occurs in form validation.
- func (ctx *Context) HasApiError() bool {
- hasErr, ok := ctx.Data["HasError"]
- if !ok {
- return false
- }
- return hasErr.(bool)
- }
- func (ctx *Context) GetErrMsg() string {
- return ctx.Data["ErrorMsg"].(string)
- }
- // HasError returns true if error occurs in form validation.
- func (ctx *Context) HasError() bool {
- hasErr, ok := ctx.Data["HasError"]
- if !ok {
- return false
- }
- ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
- ctx.Data["Flash"] = ctx.Flash
- return hasErr.(bool)
- }
- // HasValue returns true if value of given name exists.
- func (ctx *Context) HasValue(name string) bool {
- _, ok := ctx.Data[name]
- return ok
- }
- // HTML calls Context.HTML and converts template name to string.
- func (ctx *Context) HTML(status int, name base.TplName) {
- ctx.Context.HTML(status, string(name))
- }
- // RenderWithErr used for page has form validation but need to prompt error to users.
- func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {
- if form != nil {
- auth.AssignForm(form, ctx.Data)
- }
- ctx.Flash.ErrorMsg = msg
- ctx.Data["Flash"] = ctx.Flash
- ctx.HTML(200, tpl)
- }
- // Handle handles and logs error by given status.
- func (ctx *Context) Handle(status int, title string, err error) {
- if err != nil {
- log.Error(4, "%s: %v", title, err)
- if macaron.Env != macaron.PROD {
- ctx.Data["ErrorMsg"] = err
- }
- }
- switch status {
- case 404:
- ctx.Data["Title"] = "Page Not Found"
- case 500:
- ctx.Data["Title"] = "Internal Server Error"
- }
- ctx.HTML(status, base.TplName(fmt.Sprintf("status/%d", status)))
- }
- func (ctx *Context) HandleText(status int, title string) {
- if (status/100 == 4) || (status/100 == 5) {
- log.Error(4, "%s", title)
- }
- ctx.PlainText(status, []byte(title))
- }
- // APIError logs error with title if status is 500.
- func (ctx *Context) APIError(status int, title string, obj interface{}) {
- var message string
- if err, ok := obj.(error); ok {
- message = err.Error()
- } else {
- message = obj.(string)
- }
- if status == 500 {
- log.Error(4, "%s: %s", title, message)
- }
- ctx.JSON(status, map[string]string{
- "message": message,
- "url": base.DOC_URL,
- })
- }
- func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
- modtime := time.Now()
- for _, p := range params {
- switch v := p.(type) {
- case time.Time:
- modtime = v
- }
- }
- ctx.Resp.Header().Set("Content-Description", "File Transfer")
- ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
- ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)
- ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")
- ctx.Resp.Header().Set("Expires", "0")
- ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
- ctx.Resp.Header().Set("Pragma", "public")
- http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
- }
- // Contexter initializes a classic context for a request.
- func Contexter() macaron.Handler {
- return func(c *macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f *session.Flash, x csrf.CSRF) {
- ctx := &Context{
- Context: c,
- Cache: cache,
- csrf: x,
- Flash: f,
- Session: sess,
- }
- // Compute current URL for real-time change language.
- ctx.Data["Link"] = setting.AppSubUrl + ctx.Req.URL.Path
- ctx.Data["PageStartTime"] = time.Now()
- // Check auto-signin.
- if sess.Get("uid") == nil {
- if _, err := AutoSignIn(ctx); err != nil {
- ctx.Handle(500, "AutoSignIn", err)
- return
- }
- }
- // Get user from session if logined.
- ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
- if ctx.User != nil {
- ctx.IsSigned = true
- ctx.Data["IsSigned"] = ctx.IsSigned
- ctx.Data["SignedUser"] = ctx.User
- ctx.Data["SignedUserID"] = ctx.User.Id
- ctx.Data["SignedUserName"] = ctx.User.Name
- ctx.Data["IsAdmin"] = ctx.User.IsAdmin
- } else {
- ctx.Data["SignedUserID"] = 0
- ctx.Data["SignedUserName"] = ""
- }
- // If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
- if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
- if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
- ctx.Handle(500, "ParseMultipartForm", err)
- return
- }
- }
- ctx.Data["CsrfToken"] = x.GetToken()
- ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + x.GetToken() + `">`)
- ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
- ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
- c.Map(ctx)
- }
- }
|