OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
6663 Commits
197 Branches
392 MB
2718 Download
Tree: e47df0b301
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e47df0b301'
${ noResults }
aiforge/modules/auth/auth.go

auth.go 7.1 kB
Raw Normal View History

Add binding form for register user
11 years ago
New UI merge in progress
11 years ago
Add binding form for register user
11 years ago
cmd: CMD option for port number of `gogs web` to prevent first time run conflict - routers: use new binding convention to simplify code - templates: able to set HTTP port number in install page
10 years ago
fix import path, fix #1782
9 years ago
Replace uuid module with original package
9 years ago
fix import path, fix #1782
9 years ago
Add binding form for register user
11 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
Better URL validation (#1507) * Add correct git branch name validation * Change git refname validation error constant name * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add git reference name validation unit tests * Remove unused variable in unit test * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add url validation unit tests
8 years ago
Add binding form for register user
11 years ago
golint fixed for modules/auth
8 years ago
#1128: API calls are not hidden behind sign in
10 years ago
#842 able to use access token replace basic auth
9 years ago
New UI merge in progress
11 years ago
#842 able to use access token replace basic auth
9 years ago
support URL param to token, but still restrict to APIs
9 years ago
GitHub API Compliance (& linting)
8 years ago
support URL param to token, but still restrict to APIs
9 years ago
#842 able to use access token replace basic auth
9 years ago
support URL param to token, but still restrict to APIs
9 years ago
Fixes #3110 (#3136)
9 years ago
support URL param to token, but still restrict to APIs
9 years ago
add personal access token panel #12
10 years ago
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
7 years ago
typo fix
9 years ago
support URL param to token, but still restrict to APIs
9 years ago
Enforce token on api routes [fixed critical security issue #4357] (#4840)
6 years ago
support URL param to token, but still restrict to APIs
9 years ago
add personal access token panel #12
10 years ago
#12, API: list user repos, list repo hooks
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
#12, API: list user repos, list repo hooks
10 years ago
New UI merge in progress
11 years ago
Finish create organization team
11 years ago
New UI merge in progress
11 years ago
fix #165
10 years ago
#842 able to use access token replace basic auth
9 years ago
work on #616 and update locales
10 years ago
more APIs on #12
10 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
fix #165
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
work on #616 and update locales
10 years ago
Enforce token on api routes [fixed critical security issue #4357] (#4840)
6 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
New UI merge in progress
11 years ago
Avoid duplicate queries in auth (#827) Avoid identical making calls to GetUserByID(..) in SignedInUser(..)
8 years ago
Working on install page
11 years ago
golint fixed for modules/auth
8 years ago
Use binding middleware
10 years ago
cmd: CMD option for port number of `gogs web` to prevent first time run conflict - routers: use new binding convention to simplify code - templates: able to set HTTP port number in install page
10 years ago
New UI merge in progress
11 years ago
cmd: CMD option for port number of `gogs web` to prevent first time run conflict - routers: use new binding convention to simplify code - templates: able to set HTTP port number in install page
10 years ago
New UI merge in progress
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
New UI merge in progress
11 years ago
Fix #340
11 years ago
fix: gofmt errors. (#1106)
8 years ago
New UI merge in progress
11 years ago
golint fixed for modules/auth
8 years ago
UI: basic label list - create new label
10 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
UI: basic label list - create new label
10 years ago
golint fixed for modules/auth
8 years ago
Fix #340
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
Fix #340
11 years ago
golint fixed for modules/auth
8 years ago
Fix #340
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
golint fixed for modules/auth
8 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
Fix #340
11 years ago
#1487 Readme Template
9 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
fix: gofmt errors. (#1106)
8 years ago
UI: install - new version
10 years ago
Use binding middleware
10 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
Better URL validation (#1507) * Add correct git branch name validation * Change git refname validation error constant name * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add git reference name validation unit tests * Remove unused variable in unit test * Implement URL validation based on GoLang url.Parse method * Backward compatibility with older Go compiler * Add url validation unit tests
8 years ago
UI: basic label list - create new label
10 years ago
fix binding api broken
10 years ago
Fix #340
11 years ago
fix binding api broken
10 years ago
Fix #340
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
fix binding api broken
10 years ago
New UI merge in progress
11 years ago
work on #470 and fix miror JS issue when choose targets on compare and pull
9 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
New UI merge in progress
11 years ago
Use binding middleware
10 years ago
Working on install page
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package auth

  6. 

  7. import (

  8. 	"reflect"

  9. 	"strings"

  10. 

  11. 	"github.com/Unknwon/com"

  12. 	"github.com/go-macaron/binding"

  13. 	"github.com/go-macaron/session"

  14. 	gouuid "github.com/satori/go.uuid"

  15. 	"gopkg.in/macaron.v1"

  16. 

  17. 	"code.gitea.io/gitea/models"

  18. 	"code.gitea.io/gitea/modules/base"

  19. 	"code.gitea.io/gitea/modules/log"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 	"code.gitea.io/gitea/modules/util"

  22. 	"code.gitea.io/gitea/modules/validation"

  23. )

  24. 

  25. // IsAPIPath if URL is an api path

  26. func IsAPIPath(url string) bool {

  27. 	return strings.HasPrefix(url, "/api/")

  28. }

  29. 

  30. // SignedInID returns the id of signed in user.

  31. func SignedInID(ctx *macaron.Context, sess session.Store) int64 {

  32. 	if !models.HasEngine {

  33. 		return 0

  34. 	}

  35. 

  36. 	// Check access token.

  37. 	if IsAPIPath(ctx.Req.URL.Path) {

  38. 		tokenSHA := ctx.Query("token")

  39. 		if len(tokenSHA) <= 0 {

  40. 			tokenSHA = ctx.Query("access_token")

  41. 		}

  42. 		if len(tokenSHA) == 0 {

  43. 			// Well, check with header again.

  44. 			auHead := ctx.Req.Header.Get("Authorization")

  45. 			if len(auHead) > 0 {

  46. 				auths := strings.Fields(auHead)

  47. 				if len(auths) == 2 && auths[0] == "token" {

  48. 					tokenSHA = auths[1]

  49. 				}

  50. 			}

  51. 		}

  52. 

  53. 		// Let's see if token is valid.

  54. 		if len(tokenSHA) > 0 {

  55. 			t, err := models.GetAccessTokenBySHA(tokenSHA)

  56. 			if err != nil {

  57. 				if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {

  58. 					log.Error(4, "GetAccessTokenBySHA: %v", err)

  59. 				}

  60. 				return 0

  61. 			}

  62. 			t.UpdatedUnix = util.TimeStampNow()

  63. 			if err = models.UpdateAccessToken(t); err != nil {

  64. 				log.Error(4, "UpdateAccessToken: %v", err)

  65. 			}

  66. 			ctx.Data["IsApiToken"] = true

  67. 			return t.UID

  68. 		}

  69. 	}

  70. 

  71. 	uid := sess.Get("uid")

  72. 	if uid == nil {

  73. 		return 0

  74. 	} else if id, ok := uid.(int64); ok {

  75. 		return id

  76. 	}

  77. 	return 0

  78. }

  79. 

  80. // SignedInUser returns the user object of signed user.

  81. // It returns a bool value to indicate whether user uses basic auth or not.

  82. func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) {

  83. 	if !models.HasEngine {

  84. 		return nil, false

  85. 	}

  86. 

  87. 	if uid := SignedInID(ctx, sess); uid > 0 {

  88. 		user, err := models.GetUserByID(uid)

  89. 		if err == nil {

  90. 			return user, false

  91. 		} else if !models.IsErrUserNotExist(err) {

  92. 			log.Error(4, "GetUserById: %v", err)

  93. 		}

  94. 	}

  95. 

  96. 	if setting.Service.EnableReverseProxyAuth {

  97. 		webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)

  98. 		if len(webAuthUser) > 0 {

  99. 			u, err := models.GetUserByName(webAuthUser)

  100. 			if err != nil {

  101. 				if !models.IsErrUserNotExist(err) {

  102. 					log.Error(4, "GetUserByName: %v", err)

  103. 					return nil, false

  104. 				}

  105. 

  106. 				// Check if enabled auto-registration.

  107. 				if setting.Service.EnableReverseProxyAutoRegister {

  108. 					u := &models.User{

  109. 						Name:     webAuthUser,

  110. 						Email:    gouuid.NewV4().String() + "@localhost",

  111. 						Passwd:   webAuthUser,

  112. 						IsActive: true,

  113. 					}

  114. 					if err = models.CreateUser(u); err != nil {

  115. 						// FIXME: should I create a system notice?

  116. 						log.Error(4, "CreateUser: %v", err)

  117. 						return nil, false

  118. 					}

  119. 					return u, false

  120. 				}

  121. 			}

  122. 			return u, false

  123. 		}

  124. 	}

  125. 

  126. 	// Check with basic auth.

  127. 	baHead := ctx.Req.Header.Get("Authorization")

  128. 	if len(baHead) > 0 {

  129. 		auths := strings.Fields(baHead)

  130. 		if len(auths) == 2 && auths[0] == "Basic" {

  131. 			uname, passwd, _ := base.BasicAuthDecode(auths[1])

  132. 

  133. 			u, err := models.UserSignIn(uname, passwd)

  134. 			if err != nil {

  135. 				if !models.IsErrUserNotExist(err) {

  136. 					log.Error(4, "UserSignIn: %v", err)

  137. 				}

  138. 				return nil, false

  139. 			}

  140. 			ctx.Data["IsApiToken"] = true

  141. 			return u, true

  142. 		}

  143. 	}

  144. 	return nil, false

  145. }

  146. 

  147. // Form form binding interface

  148. type Form interface {

  149. 	binding.Validator

  150. }

  151. 

  152. func init() {

  153. 	binding.SetNameMapper(com.ToSnakeCase)

  154. }

  155. 

  156. // AssignForm assign form values back to the template data.

  157. func AssignForm(form interface{}, data map[string]interface{}) {

  158. 	typ := reflect.TypeOf(form)

  159. 	val := reflect.ValueOf(form)

  160. 

  161. 	if typ.Kind() == reflect.Ptr {

  162. 		typ = typ.Elem()

  163. 		val = val.Elem()

  164. 	}

  165. 

  166. 	for i := 0; i < typ.NumField(); i++ {

  167. 		field := typ.Field(i)

  168. 

  169. 		fieldName := field.Tag.Get("form")

  170. 		// Allow ignored fields in the struct

  171. 		if fieldName == "-" {

  172. 			continue

  173. 		} else if len(fieldName) == 0 {

  174. 			fieldName = com.ToSnakeCase(field.Name)

  175. 		}

  176. 

  177. 		data[fieldName] = val.Field(i).Interface()

  178. 	}

  179. }

  180. 

  181. func getRuleBody(field reflect.StructField, prefix string) string {

  182. 	for _, rule := range strings.Split(field.Tag.Get("binding"), ";") {

  183. 		if strings.HasPrefix(rule, prefix) {

  184. 			return rule[len(prefix) : len(rule)-1]

  185. 		}

  186. 	}

  187. 	return ""

  188. }

  189. 

  190. // GetSize get size int form tag

  191. func GetSize(field reflect.StructField) string {

  192. 	return getRuleBody(field, "Size(")

  193. }

  194. 

  195. // GetMinSize get minimal size in form tag

  196. func GetMinSize(field reflect.StructField) string {

  197. 	return getRuleBody(field, "MinSize(")

  198. }

  199. 

  200. // GetMaxSize get max size in form tag

  201. func GetMaxSize(field reflect.StructField) string {

  202. 	return getRuleBody(field, "MaxSize(")

  203. }

  204. 

  205. // GetInclude get include in form tag

  206. func GetInclude(field reflect.StructField) string {

  207. 	return getRuleBody(field, "Include(")

  208. }

  209. 

  210. // FIXME: struct contains a struct

  211. func validateStruct(obj interface{}) binding.Errors {

  212. 

  213. 	return nil

  214. }

  215. 

  216. func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaron.Locale) binding.Errors {

  217. 	if errs.Len() == 0 {

  218. 		return errs

  219. 	}

  220. 

  221. 	data["HasError"] = true

  222. 	AssignForm(f, data)

  223. 

  224. 	typ := reflect.TypeOf(f)

  225. 	val := reflect.ValueOf(f)

  226. 

  227. 	if typ.Kind() == reflect.Ptr {

  228. 		typ = typ.Elem()

  229. 		val = val.Elem()

  230. 	}

  231. 

  232. 	for i := 0; i < typ.NumField(); i++ {

  233. 		field := typ.Field(i)

  234. 

  235. 		fieldName := field.Tag.Get("form")

  236. 		// Allow ignored fields in the struct

  237. 		if fieldName == "-" {

  238. 			continue

  239. 		}

  240. 

  241. 		if errs[0].FieldNames[0] == field.Name {

  242. 			data["Err_"+field.Name] = true

  243. 

  244. 			trName := field.Tag.Get("locale")

  245. 			if len(trName) == 0 {

  246. 				trName = l.Tr("form." + field.Name)

  247. 			} else {

  248. 				trName = l.Tr(trName)

  249. 			}

  250. 

  251. 			switch errs[0].Classification {

  252. 			case binding.ERR_REQUIRED:

  253. 				data["ErrorMsg"] = trName + l.Tr("form.require_error")

  254. 			case binding.ERR_ALPHA_DASH:

  255. 				data["ErrorMsg"] = trName + l.Tr("form.alpha_dash_error")

  256. 			case binding.ERR_ALPHA_DASH_DOT:

  257. 				data["ErrorMsg"] = trName + l.Tr("form.alpha_dash_dot_error")

  258. 			case validation.ErrGitRefName:

  259. 				data["ErrorMsg"] = trName + l.Tr("form.git_ref_name_error")

  260. 			case binding.ERR_SIZE:

  261. 				data["ErrorMsg"] = trName + l.Tr("form.size_error", GetSize(field))

  262. 			case binding.ERR_MIN_SIZE:

  263. 				data["ErrorMsg"] = trName + l.Tr("form.min_size_error", GetMinSize(field))

  264. 			case binding.ERR_MAX_SIZE:

  265. 				data["ErrorMsg"] = trName + l.Tr("form.max_size_error", GetMaxSize(field))

  266. 			case binding.ERR_EMAIL:

  267. 				data["ErrorMsg"] = trName + l.Tr("form.email_error")

  268. 			case binding.ERR_URL:

  269. 				data["ErrorMsg"] = trName + l.Tr("form.url_error")

  270. 			case binding.ERR_INCLUDE:

  271. 				data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))

  272. 			default:

  273. 				data["ErrorMsg"] = l.Tr("form.unknown_error") + " " + errs[0].Classification

  274. 			}

  275. 			return errs

  276. 		}

  277. 	}

  278. 	return errs

  279. }

No Description