diff options
| author | Unknwon <u@gogs.io> | 2017-04-04 19:29:59 -0400 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2017-04-04 19:29:59 -0400 |
| commit | d05395fe906dad7741201faa69a54fef538deda9 (patch) | |
| tree | 11dae6c5c9b40b8ce85c7294bd0309c03cb1199e /pkg/context/auth.go | |
| parent | 37b10666dea98cebf75d0c6f11ee87211ef94703 (diff) | |
Refactoring: rename modules -> pkg
Reasons to change:
1. Shorter than 'modules'
2. More generally used by other Go projects
3. Corresponds to the naming of '$GOPATH/pkg' directory
Diffstat (limited to 'pkg/context/auth.go')
| -rw-r--r-- | pkg/context/auth.go | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/pkg/context/auth.go b/pkg/context/auth.go new file mode 100644 index 00000000..642a320b --- /dev/null +++ b/pkg/context/auth.go @@ -0,0 +1,94 @@ +// Copyright 2014 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package context + +import ( + "net/url" + + "github.com/go-macaron/csrf" + "gopkg.in/macaron.v1" + + "github.com/gogits/gogs/pkg/auth" + "github.com/gogits/gogs/pkg/setting" +) + +type ToggleOptions struct { + SignInRequired bool + SignOutRequired bool + AdminRequired bool + DisableCSRF bool +} + +func Toggle(options *ToggleOptions) macaron.Handler { + return func(ctx *Context) { + // Cannot view any page before installation. + if !setting.InstallLock { + ctx.Redirect(setting.AppSubUrl + "/install") + return + } + + // Check prohibit login users. + if ctx.IsSigned && ctx.User.ProhibitLogin { + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(200, "user/auth/prohibit_login") + return + } + + // Check non-logged users landing page. + if !ctx.IsSigned && ctx.Req.RequestURI == "/" && setting.LandingPageURL != setting.LANDING_PAGE_HOME { + ctx.Redirect(setting.AppSubUrl + string(setting.LandingPageURL)) + return + } + + // Redirect to dashboard if user tries to visit any non-login page. + if options.SignOutRequired && ctx.IsSigned && ctx.Req.RequestURI != "/" { + ctx.Redirect(setting.AppSubUrl + "/") + return + } + + if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) { + csrf.Validate(ctx.Context, ctx.csrf) + if ctx.Written() { + return + } + } + + if options.SignInRequired { + if !ctx.IsSigned { + // Restrict API calls with error message. + if auth.IsAPIPath(ctx.Req.URL.Path) { + ctx.JSON(403, map[string]string{ + "message": "Only signed in user is allowed to call APIs.", + }) + return + } + + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) + ctx.Redirect(setting.AppSubUrl + "/user/login") + return + } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm { + ctx.Data["Title"] = ctx.Tr("auth.active_your_account") + ctx.HTML(200, "user/auth/activate") + return + } + } + + // Redirect to log in page if auto-signin info is provided and has not signed in. + if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) && + len(ctx.GetCookie(setting.CookieUserName)) > 0 { + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl) + ctx.Redirect(setting.AppSubUrl + "/user/login") + return + } + + if options.AdminRequired { + if !ctx.User.IsAdmin { + ctx.Error(403) + return + } + ctx.Data["PageIsAdmin"] = true + } + } +} |