2016-03-14 05:37:44 +08:00
|
|
|
// Copyright 2016 The Gogs Authors. All rights reserved.
|
2019-03-19 10:29:43 +08:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2016-03-14 05:37:44 +08:00
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package context
|
|
|
|
|
|
|
|
import (
|
2016-03-14 11:20:22 +08:00
|
|
|
"fmt"
|
2020-05-29 00:58:11 +08:00
|
|
|
"net/http"
|
2019-06-26 16:51:32 +08:00
|
|
|
"net/url"
|
2016-03-14 11:20:22 +08:00
|
|
|
"strings"
|
|
|
|
|
2016-11-15 06:33:58 +08:00
|
|
|
"code.gitea.io/gitea/models"
|
2019-03-27 17:33:00 +08:00
|
|
|
"code.gitea.io/gitea/modules/git"
|
2016-11-11 00:24:48 +08:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2019-03-27 17:33:00 +08:00
|
|
|
|
2019-08-24 00:40:30 +08:00
|
|
|
"gitea.com/macaron/csrf"
|
|
|
|
"gitea.com/macaron/macaron"
|
2016-03-14 05:37:44 +08:00
|
|
|
)
|
|
|
|
|
2016-11-25 14:51:01 +08:00
|
|
|
// APIContext is a specific macaron context for API service
|
2016-03-14 05:37:44 +08:00
|
|
|
type APIContext struct {
|
|
|
|
*Context
|
2016-03-26 06:04:02 +08:00
|
|
|
Org *APIOrganization
|
2016-03-14 05:37:44 +08:00
|
|
|
}
|
|
|
|
|
2017-05-02 21:35:59 +08:00
|
|
|
// APIError is error format response
|
|
|
|
// swagger:response error
|
|
|
|
type APIError struct {
|
|
|
|
Message string `json:"message"`
|
|
|
|
URL string `json:"url"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// APIValidationError is error format response related to input validation
|
|
|
|
// swagger:response validationError
|
|
|
|
type APIValidationError struct {
|
|
|
|
Message string `json:"message"`
|
|
|
|
URL string `json:"url"`
|
|
|
|
}
|
|
|
|
|
2019-12-21 01:07:12 +08:00
|
|
|
// APIInvalidTopicsError is error format response to invalid topics
|
|
|
|
// swagger:response invalidTopicsError
|
|
|
|
type APIInvalidTopicsError struct {
|
|
|
|
Topics []string `json:"invalidTopics"`
|
|
|
|
Message string `json:"message"`
|
|
|
|
}
|
|
|
|
|
2017-05-18 22:39:42 +08:00
|
|
|
//APIEmpty is an empty response
|
2017-05-02 21:35:59 +08:00
|
|
|
// swagger:response empty
|
|
|
|
type APIEmpty struct{}
|
|
|
|
|
|
|
|
//APIForbiddenError is a forbidden error response
|
|
|
|
// swagger:response forbidden
|
|
|
|
type APIForbiddenError struct {
|
|
|
|
APIError
|
|
|
|
}
|
|
|
|
|
|
|
|
//APINotFound is a not found empty response
|
|
|
|
// swagger:response notFound
|
|
|
|
type APINotFound struct{}
|
|
|
|
|
2020-10-31 09:56:34 +08:00
|
|
|
//APIConflict is a conflict empty response
|
|
|
|
// swagger:response conflict
|
|
|
|
type APIConflict struct{}
|
|
|
|
|
2017-08-21 19:13:47 +08:00
|
|
|
//APIRedirect is a redirect response
|
|
|
|
// swagger:response redirect
|
|
|
|
type APIRedirect struct{}
|
|
|
|
|
2020-06-05 19:03:12 +08:00
|
|
|
//APIString is a string response
|
|
|
|
// swagger:response string
|
|
|
|
type APIString string
|
|
|
|
|
2020-05-29 00:58:11 +08:00
|
|
|
// Error responds with an error message to client with given obj as the message.
|
2016-03-14 06:49:16 +08:00
|
|
|
// If status is 500, also it prints error to log.
|
|
|
|
func (ctx *APIContext) Error(status int, title string, obj interface{}) {
|
|
|
|
var message string
|
|
|
|
if err, ok := obj.(error); ok {
|
|
|
|
message = err.Error()
|
|
|
|
} else {
|
2020-05-29 00:58:11 +08:00
|
|
|
message = fmt.Sprintf("%s", obj)
|
2016-03-14 06:49:16 +08:00
|
|
|
}
|
|
|
|
|
2020-05-29 00:58:11 +08:00
|
|
|
if status == http.StatusInternalServerError {
|
|
|
|
log.ErrorWithSkip(1, "%s: %s", title, message)
|
2020-06-04 02:17:54 +08:00
|
|
|
|
2020-10-13 08:41:49 +08:00
|
|
|
if macaron.Env == macaron.PROD && !(ctx.User != nil && ctx.User.IsAdmin) {
|
2020-06-04 02:17:54 +08:00
|
|
|
message = ""
|
|
|
|
}
|
2016-03-14 06:49:16 +08:00
|
|
|
}
|
|
|
|
|
2017-05-02 21:35:59 +08:00
|
|
|
ctx.JSON(status, APIError{
|
|
|
|
Message: message,
|
2019-06-13 05:07:24 +08:00
|
|
|
URL: setting.API.SwaggerURL,
|
2016-03-14 06:49:16 +08:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-05-29 00:58:11 +08:00
|
|
|
// InternalServerError responds with an error message to the client with the error as a message
|
|
|
|
// and the file and line of the caller.
|
|
|
|
func (ctx *APIContext) InternalServerError(err error) {
|
|
|
|
log.ErrorWithSkip(1, "InternalServerError: %v", err)
|
|
|
|
|
|
|
|
var message string
|
2020-10-13 08:41:49 +08:00
|
|
|
if macaron.Env != macaron.PROD || (ctx.User != nil && ctx.User.IsAdmin) {
|
2020-05-29 00:58:11 +08:00
|
|
|
message = err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.JSON(http.StatusInternalServerError, APIError{
|
|
|
|
Message: message,
|
|
|
|
URL: setting.API.SwaggerURL,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2019-06-26 16:51:32 +08:00
|
|
|
func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
|
|
|
|
page := NewPagination(total, pageSize, curPage, 0)
|
2019-04-20 12:15:19 +08:00
|
|
|
paginater := page.Paginater
|
2016-03-14 11:20:22 +08:00
|
|
|
links := make([]string, 0, 4)
|
2019-06-26 16:51:32 +08:00
|
|
|
|
2019-04-20 12:15:19 +08:00
|
|
|
if paginater.HasNext() {
|
2019-06-26 16:51:32 +08:00
|
|
|
u := *curURL
|
|
|
|
queries := u.Query()
|
|
|
|
queries.Set("page", fmt.Sprintf("%d", paginater.Next()))
|
|
|
|
u.RawQuery = queries.Encode()
|
|
|
|
|
|
|
|
links = append(links, fmt.Sprintf("<%s%s>; rel=\"next\"", setting.AppURL, u.RequestURI()[1:]))
|
2016-03-14 11:20:22 +08:00
|
|
|
}
|
2019-04-20 12:15:19 +08:00
|
|
|
if !paginater.IsLast() {
|
2019-06-26 16:51:32 +08:00
|
|
|
u := *curURL
|
|
|
|
queries := u.Query()
|
|
|
|
queries.Set("page", fmt.Sprintf("%d", paginater.TotalPages()))
|
|
|
|
u.RawQuery = queries.Encode()
|
|
|
|
|
|
|
|
links = append(links, fmt.Sprintf("<%s%s>; rel=\"last\"", setting.AppURL, u.RequestURI()[1:]))
|
2016-03-14 11:20:22 +08:00
|
|
|
}
|
2019-04-20 12:15:19 +08:00
|
|
|
if !paginater.IsFirst() {
|
2019-06-26 16:51:32 +08:00
|
|
|
u := *curURL
|
|
|
|
queries := u.Query()
|
|
|
|
queries.Set("page", "1")
|
|
|
|
u.RawQuery = queries.Encode()
|
|
|
|
|
|
|
|
links = append(links, fmt.Sprintf("<%s%s>; rel=\"first\"", setting.AppURL, u.RequestURI()[1:]))
|
2016-03-14 11:20:22 +08:00
|
|
|
}
|
2019-04-20 12:15:19 +08:00
|
|
|
if paginater.HasPrevious() {
|
2019-06-26 16:51:32 +08:00
|
|
|
u := *curURL
|
|
|
|
queries := u.Query()
|
|
|
|
queries.Set("page", fmt.Sprintf("%d", paginater.Previous()))
|
|
|
|
u.RawQuery = queries.Encode()
|
|
|
|
|
|
|
|
links = append(links, fmt.Sprintf("<%s%s>; rel=\"prev\"", setting.AppURL, u.RequestURI()[1:]))
|
2016-03-14 11:20:22 +08:00
|
|
|
}
|
2019-06-26 16:51:32 +08:00
|
|
|
return links
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetLinkHeader sets pagination link header by given total number and page size.
|
|
|
|
func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
|
|
|
links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.QueryInt("page"))
|
2016-03-14 11:20:22 +08:00
|
|
|
|
|
|
|
if len(links) > 0 {
|
|
|
|
ctx.Header().Set("Link", strings.Join(links, ","))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-04 09:15:55 +08:00
|
|
|
// RequireCSRF requires a validated a CSRF token
|
|
|
|
func (ctx *APIContext) RequireCSRF() {
|
|
|
|
headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())
|
|
|
|
formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())
|
|
|
|
if len(headerToken) > 0 || len(formValueToken) > 0 {
|
|
|
|
csrf.Validate(ctx.Context.Context, ctx.csrf)
|
|
|
|
} else {
|
2020-11-23 15:56:04 +08:00
|
|
|
ctx.Context.Error(401, "Missing CSRF token.")
|
2018-11-04 09:15:55 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-06-22 23:21:11 +08:00
|
|
|
// CheckForOTP validates OTP
|
2019-04-19 16:59:26 +08:00
|
|
|
func (ctx *APIContext) CheckForOTP() {
|
|
|
|
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
|
|
|
|
twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)
|
|
|
|
if err != nil {
|
|
|
|
if models.IsErrTwoFactorNotEnrolled(err) {
|
|
|
|
return // No 2FA enrollment for this user
|
|
|
|
}
|
|
|
|
ctx.Context.Error(500)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ok, err := twofa.ValidateTOTP(otpHeader)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Context.Error(500)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !ok {
|
|
|
|
ctx.Context.Error(401)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-25 14:51:01 +08:00
|
|
|
// APIContexter returns apicontext as macaron middleware
|
2016-03-14 05:37:44 +08:00
|
|
|
func APIContexter() macaron.Handler {
|
|
|
|
return func(c *Context) {
|
|
|
|
ctx := &APIContext{
|
|
|
|
Context: c,
|
|
|
|
}
|
|
|
|
c.Map(ctx)
|
|
|
|
}
|
|
|
|
}
|
2016-11-15 06:33:58 +08:00
|
|
|
|
2016-12-02 19:10:39 +08:00
|
|
|
// ReferencesGitRepo injects the GitRepo into the Context
|
2019-04-17 13:31:08 +08:00
|
|
|
func ReferencesGitRepo(allowEmpty bool) macaron.Handler {
|
2016-12-02 19:10:39 +08:00
|
|
|
return func(ctx *APIContext) {
|
|
|
|
// Empty repository does not have reference information.
|
2019-04-17 13:31:08 +08:00
|
|
|
if !allowEmpty && ctx.Repo.Repository.IsEmpty {
|
2016-12-02 19:10:39 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// For API calls.
|
|
|
|
if ctx.Repo.GitRepo == nil {
|
|
|
|
repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
|
|
|
|
gitRepo, err := git.OpenRepository(repoPath)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Repo.GitRepo = gitRepo
|
2019-11-13 15:01:19 +08:00
|
|
|
// We opened it, we should close it
|
|
|
|
defer func() {
|
|
|
|
// If it's been set to nil then assume someone else has closed it.
|
|
|
|
if ctx.Repo.GitRepo != nil {
|
|
|
|
ctx.Repo.GitRepo.Close()
|
|
|
|
}
|
|
|
|
}()
|
2016-12-02 19:10:39 +08:00
|
|
|
}
|
2019-11-13 15:01:19 +08:00
|
|
|
|
|
|
|
ctx.Next()
|
2016-12-02 19:10:39 +08:00
|
|
|
}
|
|
|
|
}
|
2019-03-19 10:29:43 +08:00
|
|
|
|
|
|
|
// NotFound handles 404s for APIContext
|
|
|
|
// String will replace message, errors will be added to a slice
|
|
|
|
func (ctx *APIContext) NotFound(objs ...interface{}) {
|
|
|
|
var message = "Not Found"
|
|
|
|
var errors []string
|
|
|
|
for _, obj := range objs {
|
2020-05-06 02:52:13 +08:00
|
|
|
// Ignore nil
|
|
|
|
if obj == nil {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2019-03-19 10:29:43 +08:00
|
|
|
if err, ok := obj.(error); ok {
|
|
|
|
errors = append(errors, err.Error())
|
|
|
|
} else {
|
|
|
|
message = obj.(string)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.JSON(404, map[string]interface{}{
|
|
|
|
"message": message,
|
2019-06-13 05:07:24 +08:00
|
|
|
"documentation_url": setting.API.SwaggerURL,
|
2019-03-19 10:29:43 +08:00
|
|
|
"errors": errors,
|
|
|
|
})
|
|
|
|
}
|
2020-11-15 00:13:55 +08:00
|
|
|
|
|
|
|
// RepoRefForAPI handles repository reference names when the ref name is not explicitly given
|
|
|
|
func RepoRefForAPI() macaron.Handler {
|
|
|
|
return func(ctx *APIContext) {
|
|
|
|
// Empty repository does not have reference information.
|
|
|
|
if ctx.Repo.Repository.IsEmpty {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
if ctx.Repo.GitRepo == nil {
|
|
|
|
repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
|
|
|
|
ctx.Repo.GitRepo, err = git.OpenRepository(repoPath)
|
|
|
|
if err != nil {
|
|
|
|
ctx.InternalServerError(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
// We opened it, we should close it
|
|
|
|
defer func() {
|
|
|
|
// If it's been set to nil then assume someone else has closed it.
|
|
|
|
if ctx.Repo.GitRepo != nil {
|
|
|
|
ctx.Repo.GitRepo.Close()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
refName := getRefName(ctx.Context, RepoRefAny)
|
|
|
|
|
|
|
|
if ctx.Repo.GitRepo.IsBranchExist(refName) {
|
|
|
|
ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(refName)
|
|
|
|
if err != nil {
|
|
|
|
ctx.InternalServerError(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Repo.CommitID = ctx.Repo.Commit.ID.String()
|
|
|
|
} else if ctx.Repo.GitRepo.IsTagExist(refName) {
|
|
|
|
ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetTagCommit(refName)
|
|
|
|
if err != nil {
|
|
|
|
ctx.InternalServerError(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Repo.CommitID = ctx.Repo.Commit.ID.String()
|
|
|
|
} else if len(refName) == 40 {
|
|
|
|
ctx.Repo.CommitID = refName
|
|
|
|
ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetCommit(refName)
|
|
|
|
if err != nil {
|
|
|
|
ctx.NotFound("GetCommit", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ctx.NotFound(fmt.Errorf("not exist: '%s'", ctx.Params("*")))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.Next()
|
|
|
|
}
|
|
|
|
}
|