diff options
Diffstat (limited to 'modules/middleware')
| -rw-r--r-- | modules/middleware/auth.go | 2 | ||||
| -rw-r--r-- | modules/middleware/binding.go | 426 | ||||
| -rw-r--r-- | modules/middleware/binding_test.go | 701 | ||||
| -rw-r--r-- | modules/middleware/context.go | 86 | ||||
| -rw-r--r-- | modules/middleware/render.go | 2 | ||||
| -rw-r--r-- | modules/middleware/repo.go | 96 |
6 files changed, 1288 insertions, 25 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go index bde3be72..39b7796d 100644 --- a/modules/middleware/auth.go +++ b/modules/middleware/auth.go @@ -47,7 +47,7 @@ func Toggle(options *ToggleOptions) martini.Handler { return } else if !ctx.User.IsActive && base.Service.RegisterEmailConfirm { ctx.Data["Title"] = "Activate Your Account" - ctx.HTML(200, "user/active") + ctx.HTML(200, "user/activate") return } } diff --git a/modules/middleware/binding.go b/modules/middleware/binding.go new file mode 100644 index 00000000..cde9ae9c --- /dev/null +++ b/modules/middleware/binding.go @@ -0,0 +1,426 @@ +// Copyright 2013 The Martini Contrib Authors. All rights reserved. +// Copyright 2014 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package middleware + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "reflect" + "regexp" + "strconv" + "strings" + "unicode/utf8" + + "github.com/go-martini/martini" + + "github.com/gogits/gogs/modules/base" +) + +/* + To the land of Middle-ware Earth: + + One func to rule them all, + One func to find them, + One func to bring them all, + And in this package BIND them. +*/ + +// Bind accepts a copy of an empty struct and populates it with +// values from the request (if deserialization is successful). It +// wraps up the functionality of the Form and Json middleware +// according to the Content-Type of the request, and it guesses +// if no Content-Type is specified. Bind invokes the ErrorHandler +// middleware to bail out if errors occurred. If you want to perform +// your own error handling, use Form or Json middleware directly. +// An interface pointer can be added as a second argument in order +// to map the struct to a specific interface. +func Bind(obj interface{}, ifacePtr ...interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + contentType := req.Header.Get("Content-Type") + + if strings.Contains(contentType, "form-urlencoded") { + context.Invoke(Form(obj, ifacePtr...)) + } else if strings.Contains(contentType, "multipart/form-data") { + context.Invoke(MultipartForm(obj, ifacePtr...)) + } else if strings.Contains(contentType, "json") { + context.Invoke(Json(obj, ifacePtr...)) + } else { + context.Invoke(Json(obj, ifacePtr...)) + if getErrors(context).Count() > 0 { + context.Invoke(Form(obj, ifacePtr...)) + } + } + + context.Invoke(ErrorHandler) + } +} + +// BindIgnErr will do the exactly same thing as Bind but without any +// error handling, which user has freedom to deal with them. +// This allows user take advantages of validation. +func BindIgnErr(obj interface{}, ifacePtr ...interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + contentType := req.Header.Get("Content-Type") + + if strings.Contains(contentType, "form-urlencoded") { + context.Invoke(Form(obj, ifacePtr...)) + } else if strings.Contains(contentType, "multipart/form-data") { + context.Invoke(MultipartForm(obj, ifacePtr...)) + } else if strings.Contains(contentType, "json") { + context.Invoke(Json(obj, ifacePtr...)) + } else { + context.Invoke(Json(obj, ifacePtr...)) + if getErrors(context).Count() > 0 { + context.Invoke(Form(obj, ifacePtr...)) + } + } + } +} + +// Form is middleware to deserialize form-urlencoded data from the request. +// It gets data from the form-urlencoded body, if present, or from the +// query string. It uses the http.Request.ParseForm() method +// to perform deserialization, then reflection is used to map each field +// into the struct with the proper type. Structs with primitive slice types +// (bool, float, int, string) can support deserialization of repeated form +// keys, for example: key=val1&key=val2&key=val3 +// An interface pointer can be added as a second argument in order +// to map the struct to a specific interface. +func Form(formStruct interface{}, ifacePtr ...interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + ensureNotPointer(formStruct) + formStruct := reflect.New(reflect.TypeOf(formStruct)) + errors := newErrors() + parseErr := req.ParseForm() + + // Format validation of the request body or the URL would add considerable overhead, + // and ParseForm does not complain when URL encoding is off. + // Because an empty request body or url can also mean absence of all needed values, + // it is not in all cases a bad request, so let's return 422. + if parseErr != nil { + errors.Overall[base.BindingDeserializationError] = parseErr.Error() + } + + mapForm(formStruct, req.Form, errors) + + validateAndMap(formStruct, context, errors, ifacePtr...) + } +} + +func MultipartForm(formStruct interface{}, ifacePtr ...interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + ensureNotPointer(formStruct) + formStruct := reflect.New(reflect.TypeOf(formStruct)) + errors := newErrors() + + // Workaround for multipart forms returning nil instead of an error + // when content is not multipart + // https://code.google.com/p/go/issues/detail?id=6334 + multipartReader, err := req.MultipartReader() + if err != nil { + errors.Overall[base.BindingDeserializationError] = err.Error() + } else { + form, parseErr := multipartReader.ReadForm(MaxMemory) + + if parseErr != nil { + errors.Overall[base.BindingDeserializationError] = parseErr.Error() + } + + req.MultipartForm = form + } + + mapForm(formStruct, req.MultipartForm.Value, errors) + + validateAndMap(formStruct, context, errors, ifacePtr...) + } +} + +// Json is middleware to deserialize a JSON payload from the request +// into the struct that is passed in. The resulting struct is then +// validated, but no error handling is actually performed here. +// An interface pointer can be added as a second argument in order +// to map the struct to a specific interface. +func Json(jsonStruct interface{}, ifacePtr ...interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + ensureNotPointer(jsonStruct) + jsonStruct := reflect.New(reflect.TypeOf(jsonStruct)) + errors := newErrors() + + if req.Body != nil { + defer req.Body.Close() + } + + if err := json.NewDecoder(req.Body).Decode(jsonStruct.Interface()); err != nil && err != io.EOF { + errors.Overall[base.BindingDeserializationError] = err.Error() + } + + validateAndMap(jsonStruct, context, errors, ifacePtr...) + } +} + +// Validate is middleware to enforce required fields. If the struct +// passed in is a Validator, then the user-defined Validate method +// is executed, and its errors are mapped to the context. This middleware +// performs no error handling: it merely detects them and maps them. +func Validate(obj interface{}) martini.Handler { + return func(context martini.Context, req *http.Request) { + errors := newErrors() + validateStruct(errors, obj) + + if validator, ok := obj.(Validator); ok { + validator.Validate(errors, req, context) + } + context.Map(*errors) + } +} + +var ( + alphaDashPattern = regexp.MustCompile("[^\\d\\w-_]") + emailPattern = regexp.MustCompile("[\\w!#$%&'*+/=?^_`{|}~-]+(?:\\.[\\w!#$%&'*+/=?^_`{|}~-]+)*@(?:[\\w](?:[\\w-]*[\\w])?\\.)+[a-zA-Z0-9](?:[\\w-]*[\\w])?") + urlPattern = regexp.MustCompile(`(http|https):\/\/[\w\-_]+(\.[\w\-_]+)+([\w\-\.,@?^=%&:/~\+#]*[\w\-\@?^=%&/~\+#])?`) +) + +func validateStruct(errors *base.BindingErrors, obj interface{}) { + typ := reflect.TypeOf(obj) + val := reflect.ValueOf(obj) + + if typ.Kind() == reflect.Ptr { + typ = typ.Elem() + val = val.Elem() + } + + for i := 0; i < typ.NumField(); i++ { + field := typ.Field(i) + + // Allow ignored fields in the struct + if field.Tag.Get("form") == "-" { + continue + } + + fieldValue := val.Field(i).Interface() + if field.Type.Kind() == reflect.Struct { + validateStruct(errors, fieldValue) + continue + } + + zero := reflect.Zero(field.Type).Interface() + + // Match rules. + for _, rule := range strings.Split(field.Tag.Get("binding"), ";") { + if len(rule) == 0 { + continue + } + + switch { + case rule == "Required": + if reflect.DeepEqual(zero, fieldValue) { + errors.Fields[field.Name] = base.BindingRequireError + break + } + case rule == "AlphaDash": + if alphaDashPattern.MatchString(fmt.Sprintf("%v", fieldValue)) { + errors.Fields[field.Name] = base.BindingAlphaDashError + break + } + case strings.HasPrefix(rule, "MinSize("): + min, err := strconv.Atoi(rule[8 : len(rule)-1]) + if err != nil { + errors.Overall["MinSize"] = err.Error() + break + } + if str, ok := fieldValue.(string); ok && utf8.RuneCountInString(str) < min { + errors.Fields[field.Name] = base.BindingMinSizeError + break + } + v := reflect.ValueOf(fieldValue) + if v.Kind() == reflect.Slice && v.Len() < min { + errors.Fields[field.Name] = base.BindingMinSizeError + break + } + case strings.HasPrefix(rule, "MaxSize("): + max, err := strconv.Atoi(rule[8 : len(rule)-1]) + if err != nil { + errors.Overall["MaxSize"] = err.Error() + break + } + if str, ok := fieldValue.(string); ok && utf8.RuneCountInString(str) > max { + errors.Fields[field.Name] = base.BindingMaxSizeError + break + } + v := reflect.ValueOf(fieldValue) + if v.Kind() == reflect.Slice && v.Len() > max { + errors.Fields[field.Name] = base.BindingMinSizeError + break + } + case rule == "Email": + if !emailPattern.MatchString(fmt.Sprintf("%v", fieldValue)) { + errors.Fields[field.Name] = base.BindingEmailError + break + } + case rule == "Url": + if !urlPattern.MatchString(fmt.Sprintf("%v", fieldValue)) { + errors.Fields[field.Name] = base.BindingUrlError + break + } + } + } + } +} + +func mapForm(formStruct reflect.Value, form map[string][]string, errors *base.BindingErrors) { + typ := formStruct.Elem().Type() + + for i := 0; i < typ.NumField(); i++ { + typeField := typ.Field(i) + if inputFieldName := typeField.Tag.Get("form"); inputFieldName != "" { + structField := formStruct.Elem().Field(i) + if !structField.CanSet() { + continue + } + + inputValue, exists := form[inputFieldName] + + if !exists { + continue + } + + numElems := len(inputValue) + if structField.Kind() == reflect.Slice && numElems > 0 { + sliceOf := structField.Type().Elem().Kind() + slice := reflect.MakeSlice(structField.Type(), numElems, numElems) + for i := 0; i < numElems; i++ { + setWithProperType(sliceOf, inputValue[i], slice.Index(i), inputFieldName, errors) + } + formStruct.Elem().Field(i).Set(slice) + } else { + setWithProperType(typeField.Type.Kind(), inputValue[0], structField, inputFieldName, errors) + } + } + } +} + +// ErrorHandler simply counts the number of errors in the +// context and, if more than 0, writes a 400 Bad Request +// response and a JSON payload describing the errors with +// the "Content-Type" set to "application/json". +// Middleware remaining on the stack will not even see the request +// if, by this point, there are any errors. +// This is a "default" handler, of sorts, and you are +// welcome to use your own instead. The Bind middleware +// invokes this automatically for convenience. +func ErrorHandler(errs base.BindingErrors, resp http.ResponseWriter) { + if errs.Count() > 0 { + resp.Header().Set("Content-Type", "application/json; charset=utf-8") + if _, ok := errs.Overall[base.BindingDeserializationError]; ok { + resp.WriteHeader(http.StatusBadRequest) + } else { + resp.WriteHeader(422) + } + errOutput, _ := json.Marshal(errs) + resp.Write(errOutput) + return + } +} + +// This sets the value in a struct of an indeterminate type to the +// matching value from the request (via Form middleware) in the +// same type, so that not all deserialized values have to be strings. +// Supported types are string, int, float, and bool. +func setWithProperType(valueKind reflect.Kind, val string, structField reflect.Value, nameInTag string, errors *base.BindingErrors) { + switch valueKind { + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + if val == "" { + val = "0" + } + intVal, err := strconv.ParseInt(val, 10, 64) + if err != nil { + errors.Fields[nameInTag] = base.BindingIntegerTypeError + } else { + structField.SetInt(intVal) + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + if val == "" { + val = "0" + } + uintVal, err := strconv.ParseUint(val, 10, 64) + if err != nil { + errors.Fields[nameInTag] = base.BindingIntegerTypeError + } else { + structField.SetUint(uintVal) + } + case reflect.Bool: + structField.SetBool(val == "on") + case reflect.Float32: + if val == "" { + val = "0.0" + } + floatVal, err := strconv.ParseFloat(val, 32) + if err != nil { + errors.Fields[nameInTag] = base.BindingFloatTypeError + } else { + structField.SetFloat(floatVal) + } + case reflect.Float64: + if val == "" { + val = "0.0" + } + floatVal, err := strconv.ParseFloat(val, 64) + if err != nil { + errors.Fields[nameInTag] = base.BindingFloatTypeError + } else { + structField.SetFloat(floatVal) + } + case reflect.String: + structField.SetString(val) + } +} + +// Don't pass in pointers to bind to. Can lead to bugs. See: +// https://github.com/codegangsta/martini-contrib/issues/40 +// https://github.com/codegangsta/martini-contrib/pull/34#issuecomment-29683659 +func ensureNotPointer(obj interface{}) { + if reflect.TypeOf(obj).Kind() == reflect.Ptr { + panic("Pointers are not accepted as binding models") + } +} + +// Performs validation and combines errors from validation +// with errors from deserialization, then maps both the +// resulting struct and the errors to the context. +func validateAndMap(obj reflect.Value, context martini.Context, errors *base.BindingErrors, ifacePtr ...interface{}) { + context.Invoke(Validate(obj.Interface())) + errors.Combine(getErrors(context)) + context.Map(*errors) + context.Map(obj.Elem().Interface()) + if len(ifacePtr) > 0 { + context.MapTo(obj.Elem().Interface(), ifacePtr[0]) + } +} + +func newErrors() *base.BindingErrors { + return &base.BindingErrors{make(map[string]string), make(map[string]string)} +} + +func getErrors(context martini.Context) base.BindingErrors { + return context.Get(reflect.TypeOf(base.BindingErrors{})).Interface().(base.BindingErrors) +} + +type ( + // Implement the Validator interface to define your own input + // validation before the request even gets to your application. + // The Validate method will be executed during the validation phase. + Validator interface { + Validate(*base.BindingErrors, *http.Request, martini.Context) + } +) + +var ( + // Maximum amount of memory to use when parsing a multipart form. + // Set this to whatever value you prefer; default is 10 MB. + MaxMemory = int64(1024 * 1024 * 10) +) diff --git a/modules/middleware/binding_test.go b/modules/middleware/binding_test.go new file mode 100644 index 00000000..2a74e1a6 --- /dev/null +++ b/modules/middleware/binding_test.go @@ -0,0 +1,701 @@ +// Copyright 2013 The Martini Contrib Authors. All rights reserved. +// Copyright 2014 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package middleware + +import ( + "bytes" + "mime/multipart" + "net/http" + "net/http/httptest" + "strconv" + "strings" + "testing" + + "github.com/codegangsta/martini" +) + +func TestBind(t *testing.T) { + testBind(t, false) +} + +func TestBindWithInterface(t *testing.T) { + testBind(t, true) +} + +func TestMultipartBind(t *testing.T) { + index := 0 + for test, expectStatus := range bindMultipartTests { + handler := func(post BlogPost, errors Errors) { + handle(test, t, index, post, errors) + } + recorder := testMultipart(t, test, Bind(BlogPost{}), handler, index) + + if recorder.Code != expectStatus { + t.Errorf("On test case %v, got status code %d but expected %d", test, recorder.Code, expectStatus) + } + + index++ + } +} + +func TestForm(t *testing.T) { + testForm(t, false) +} + +func TestFormWithInterface(t *testing.T) { + testForm(t, true) +} + +func TestEmptyForm(t *testing.T) { + testEmptyForm(t) +} + +func TestMultipartForm(t *testing.T) { + for index, test := range multipartformTests { + handler := func(post BlogPost, errors Errors) { + handle(test, t, index, post, errors) + } + testMultipart(t, test, MultipartForm(BlogPost{}), handler, index) + } +} + +func TestMultipartFormWithInterface(t *testing.T) { + for index, test := range multipartformTests { + handler := func(post Modeler, errors Errors) { + post.Create(test, t, index) + } + testMultipart(t, test, MultipartForm(BlogPost{}, (*Modeler)(nil)), handler, index) + } +} + +func TestJson(t *testing.T) { + testJson(t, false) +} + +func TestJsonWithInterface(t *testing.T) { + testJson(t, true) +} + +func TestEmptyJson(t *testing.T) { + testEmptyJson(t) +} + +func TestValidate(t *testing.T) { + handlerMustErr := func(errors Errors) { + if errors.Count() == 0 { + t.Error("Expected at least one error, got 0") + } + } + handlerNoErr := func(errors Errors) { + if errors.Count() > 0 { + t.Error("Expected no errors, got", errors.Count()) + } + } + + performValidationTest(&BlogPost{"", "...", 0, 0, []int{}}, handlerMustErr, t) + performValidationTest(&BlogPost{"Good Title", "Good content", 0, 0, []int{}}, handlerNoErr, t) + + performValidationTest(&User{Name: "Jim", Home: Address{"", ""}}, handlerMustErr, t) + performValidationTest(&User{Name: "Jim", Home: Address{"required", ""}}, handlerNoErr, t) +} + +func handle(test testCase, t *testing.T, index int, post BlogPost, errors Errors) { + assertEqualField(t, "Title", index, test.ref.Title, post.Title) + assertEqualField(t, "Content", index, test.ref.Content, post.Content) + assertEqualField(t, "Views", index, test.ref.Views, post.Views) + + for i := range test.ref.Multiple { + if i >= len(post.Multiple) { + t.Errorf("Expected: %v (size %d) to have same size as: %v (size %d)", post.Multiple, len(post.Multiple), test.ref.Multiple, len(test.ref.Multiple)) + break + } + if test.ref.Multiple[i] != post.Multiple[i] { + t.Errorf("Expected: %v to deep equal: %v", post.Multiple, test.ref.Multiple) + break + } + } + + if test.ok && errors.Count() > 0 { + t.Errorf("%+v should be OK (0 errors), but had errors: %+v", test, errors) + } else if !test.ok && errors.Count() == 0 { + t.Errorf("%+v should have errors, but was OK (0 errors)", test) + } +} + +func handleEmpty(test emptyPayloadTestCase, t *testing.T, index int, section BlogSection, errors Errors) { + assertEqualField(t, "Title", index, test.ref.Title, section.Title) + assertEqualField(t, "Content", index, test.ref.Content, section.Content) + + if test.ok && errors.Count() > 0 { + t.Errorf("%+v should be OK (0 errors), but had errors: %+v", test, errors) + } else if !test.ok && errors.Count() == 0 { + t.Errorf("%+v should have errors, but was OK (0 errors)", test) + } +} + +func testBind(t *testing.T, withInterface bool) { + index := 0 + for test, expectStatus := range bindTests { + m := martini.Classic() + recorder := httptest.NewRecorder() + handler := func(post BlogPost, errors Errors) { handle(test, t, index, post, errors) } + binding := Bind(BlogPost{}) + + if withInterface { + handler = func(post BlogPost, errors Errors) { + post.Create(test, t, index) + } + binding = Bind(BlogPost{}, (*Modeler)(nil)) + } + + switch test.method { + case "GET": + m.Get(route, binding, handler) + case "POST": + m.Post(route, binding, handler) + } + + req, err := http.NewRequest(test.method, test.path, strings.NewReader(test.payload)) + req.Header.Add("Content-Type", test.contentType) + + if err != nil { + t.Error(err) + } + m.ServeHTTP(recorder, req) + + if recorder.Code != expectStatus { + t.Errorf("On test case %v, got status code %d but expected %d", test, recorder.Code, expectStatus) + } + + index++ + } +} + +func testJson(t *testing.T, withInterface bool) { + for index, test := range jsonTests { + recorder := httptest.NewRecorder() + handler := func(post BlogPost, errors Errors) { handle(test, t, index, post, errors) } + binding := Json(BlogPost{}) + + if withInterface { + handler = func(post BlogPost, errors Errors) { + post.Create(test, t, index) + } + binding = Bind(BlogPost{}, (*Modeler)(nil)) + } + + m := martini.Classic() + switch test.method { + case "GET": + m.Get(route, binding, handler) + case "POST": + m.Post(route, binding, handler) + case "PUT": + m.Put(route, binding, handler) + case "DELETE": + m.Delete(route, binding, handler) + } + + req, err := http.NewRequest(test.method, route, strings.NewReader(test.payload)) + if err != nil { + t.Error(err) + } + m.ServeHTTP(recorder, req) + } +} + +func testEmptyJson(t *testing.T) { + for index, test := range emptyPayloadTests { + recorder := httptest.NewRecorder() + handler := func(section BlogSection, errors Errors) { handleEmpty(test, t, index, section, errors) } + binding := Json(BlogSection{}) + + m := martini.Classic() + switch test.method { + case "GET": + m.Get(route, binding, handler) + case "POST": + m.Post(route, binding, handler) + case "PUT": + m.Put(route, binding, handler) + case "DELETE": + m.Delete(route, binding, handler) + } + + req, err := http.NewRequest(test.method, route, strings.NewReader(test.payload)) + if err != nil { + t.Error(err) + } + m.ServeHTTP(recorder, req) + } +} + +func testForm(t *testing.T, withInterface bool) { + for index, test := range formTests { + recorder := httptest.NewRecorder() + handler := func(post BlogPost, errors Errors) { handle(test, t, index, post, errors) } + binding := Form(BlogPost{}) + + if withInterface { + handler = func(post BlogPost, errors Errors) { + post.Create(test, t, index) + } + binding = Form(BlogPost{}, (*Modeler)(nil)) + } + + m := martini.Classic() + switch test.method { + case "GET": + m.Get(route, binding, handler) + case "POST": + m.Post(route, binding, handler) + } + + req, err := http.NewRequest(test.method, test.path, nil) + if err != nil { + t.Error(err) + } + m.ServeHTTP(recorder, req) + } +} + +func testEmptyForm(t *testing.T) { + for index, test := range emptyPayloadTests { + recorder := httptest.NewRecorder() + handler := func(section BlogSection, errors Errors) { handleEmpty(test, t, index, section, errors) } + binding := Form(BlogSection{}) + + m := martini.Classic() + switch test.method { + case "GET": + m.Get(route, binding, handler) + case "POST": + m.Post(route, binding, handler) + } + + req, err := http.NewRequest(test.method, test.path, nil) + if err != nil { + t.Error(err) + } + m.ServeHTTP(recorder, req) + } +} + +func testMultipart(t *testing.T, test testCase, middleware martini.Handler, handler martini.Handler, index int) *httptest.ResponseRecorder { + recorder := httptest.NewRecorder() + + m := martini.Classic() + m.Post(route, middleware, handler) + + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + writer.WriteField("title", test.ref.Title) + writer.WriteField("content", test.ref.Content) + writer.WriteField("views", strconv.Itoa(test.ref.Views)) + if len(test.ref.Multiple) != 0 { + for _, value := range test.ref.Multiple { + writer.WriteField("multiple", strconv.Itoa(value)) + } + } + + req, err := http.NewRequest(test.method, test.path, body) + req.Header.Add("Content-Type", writer.FormDataContentType()) + + if err != nil { + t.Error(err) + } + + err = writer.Close() + if err != nil { + t.Error(err) + } + + m.ServeHTTP(recorder, req) + + return recorder +} + +func assertEqualField(t *testing.T, fieldname string, testcasenumber int, expected interface{}, got interface{}) { + if expected != got { + t.Errorf("%s: expected=%s, got=%s in test case %d\n", fieldname, expected, got, testcasenumber) + } +} + +func performValidationTest(data interface{}, handler func(Errors), t *testing.T) { + recorder := httptest.NewRecorder() + m := martini.Classic() + m.Get(route, Validate(data), handler) + + req, err := http.NewRequest("GET", route, nil) + if err != nil { + t.Error("HTTP error:", err) + } + + m.ServeHTTP(recorder, req) +} + +func (self BlogPost) Validate(errors *Errors, req *http.Request) { + if len(self.Title) < 4 { + errors.Fields["Title"] = "Too short; minimum 4 characters" + } + if len(self.Content) > 1024 { + errors.Fields["Content"] = "Too long; maximum 1024 characters" + } + if len(self.Content) < 5 { + errors.Fields["Content"] = "Too short; minimum 5 characters" + } +} + +func (self BlogPost) Create(test testCase, t *testing.T, index int) { + assertEqualField(t, "Title", index, test.ref.Title, self.Title) + assertEqualField(t, "Content", index, test.ref.Content, self.Content) + assertEqualField(t, "Views", index, test.ref.Views, self.Views) + + for i := range test.ref.Multiple { + if i >= len(self.Multiple) { + t.Errorf("Expected: %v (size %d) to have same size as: %v (size %d)", self.Multiple, len(self.Multiple), test.ref.Multiple, len(test.ref.Multiple)) + break + } + if test.ref.Multiple[i] != self.Multiple[i] { + t.Errorf("Expected: %v to deep equal: %v", self.Multiple, test.ref.Multiple) + break + } + } +} + +func (self BlogSection) Create(test emptyPayloadTestCase, t *testing.T, index int) { + // intentionally left empty +} + +type ( + testCase struct { + method string + path string + payload string + contentType string + ok bool + ref *BlogPost + } + + emptyPayloadTestCase struct { + method string + path string + payload string + contentType string + ok bool + ref *BlogSection + } + + Modeler interface { + Create(test testCase, t *testing.T, index int) + } + + BlogPost struct { + Title string `form:"title" json:"title" binding:"required"` + Content string `form:"content" json:"content"` + Views int `form:"views" json:"views"` + internal int `form:"-"` + Multiple []int `form:"multiple"` + } + + BlogSection struct { + Title string `form:"title" json:"title"` + Content string `form:"content" json:"content"` + } + + User struct { + Name string `json:"name" binding:"required"` + Home Address `json:"address" binding:"required"` + } + + Address struct { + Street1 string `json:"street1" binding:"required"` + Street2 string `json:"street2"` + } +) + +var ( + bindTests = map[testCase]int{ + // These should bail at the deserialization/binding phase + testCase{ + "POST", + path, + `{ bad JSON `, + "application/json", + false, + new(BlogPost), + }: http.StatusBadRequest, + testCase{ + "POST", + path, + `not multipart but has content-type`, + "multipart/form-data", + false, + new(BlogPost), + }: http.StatusBadRequest, + testCase{ + "POST", + path, + `no content-type and not URL-encoded or JSON"`, + "", + false, + new(BlogPost), + }: http.StatusBadRequest, + + // These should deserialize, then bail at the validation phase + testCase{ + "POST", + path + "?title= This is wrong ", + `not URL-encoded but has content-type`, + "x-www-form-urlencoded", + false, + new(BlogPost), + }: 422, // according to comments in Form() -> although the request is not url encoded, ParseForm does not complain + testCase{ + "GET", + path + "?content=This+is+the+content", + ``, + "x-www-form-urlencoded", + false, + &BlogPost{Title: "", Content: "This is the content"}, + }: 422, + testCase{ + "GET", + path + "", + `{"content":"", "title":"Blog Post Title"}`, + "application/json", + false, + &BlogPost{Title: "Blog Post Title", Content: ""}, + }: 422, + + // These should succeed + testCase{ + "GET", + path + "", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "application/json", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }: http.StatusOK, + testCase{ + "GET", + path + "?content=This+is+the+content&title=Blog+Post+Title", + ``, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }: http.StatusOK, + testCase{ + "GET", + path + "?content=This is the content&title=Blog+Post+Title", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }: http.StatusOK, + testCase{ + "GET", + path + "", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }: http.StatusOK, + } + + bindMultipartTests = map[testCase]int{ + // This should deserialize, then bail at the validation phase + testCase{ + "POST", + path, + "", + "multipart/form-data", + false, + &BlogPost{Title: "", Content: "This is the content"}, + }: 422, + // This should succeed + testCase{ + "POST", + path, + "", + "multipart/form-data", + true, + &BlogPost{Title: "This is the Title", Content: "This is the content"}, + }: http.StatusOK, + } + + formTests = []testCase{ + { + "GET", + path + "?content=This is the content", + "", + "", + false, + &BlogPost{Title: "", Content: "This is the content"}, + }, + { + "POST", + path + "?content=This+is+the+content&title=Blog+Post+Title&views=3", + "", + "", + false, // false because POST requests should have a body, not just a query string + &BlogPost{Title: "Blog Post Title", Content: "This is the content", Views: 3}, + }, + { + "GET", + path + "?content=This+is+the+content&title=Blog+Post+Title&views=3&multiple=5&multiple=10&multiple=15&multiple=20", + "", + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content", Views: 3, Multiple: []int{5, 10, 15, 20}}, + }, + } + + multipartformTests = []testCase{ + { + "POST", + path, + "", + "multipart/form-data", + false, + &BlogPost{Title: "", Content: "This is the content"}, + }, + { + "POST", + path, + "", + "multipart/form-data", + false, + &BlogPost{Title: "Blog Post Title", Views: 3}, + }, + { + "POST", + path, + "", + "multipart/form-data", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content", Views: 3, Multiple: []int{5, 10, 15, 20}}, + }, + } + + emptyPayloadTests = []emptyPayloadTestCase{ + { + "GET", + "", + "", + "", + true, + &BlogSection{}, + }, + { + "POST", + "", + "", + "", + true, + &BlogSection{}, + }, + { + "PUT", + "", + "", + "", + true, + &BlogSection{}, + }, + { + "DELETE", + "", + "", + "", + true, + &BlogSection{}, + }, + } + + jsonTests = []testCase{ + // bad requests + { + "GET", + "", + `{blah blah blah}`, + "", + false, + &BlogPost{}, + }, + { + "POST", + "", + `{asdf}`, + "", + false, + &BlogPost{}, + }, + { + "PUT", + "", + `{blah blah blah}`, + "", + false, + &BlogPost{}, + }, + { + "DELETE", + "", + `{;sdf _SDf- }`, + "", + false, + &BlogPost{}, + }, + + // Valid-JSON requests + { + "GET", + "", + `{"content":"This is the content"}`, + "", + false, + &BlogPost{Title: "", Content: "This is the content"}, + }, + { + "POST", + "", + `{}`, + "application/json", + false, + &BlogPost{Title: "", Content: ""}, + }, + { + "POST", + "", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }, + { + "PUT", + "", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }, + { + "DELETE", + "", + `{"content":"This is the content", "title":"Blog Post Title"}`, + "", + true, + &BlogPost{Title: "Blog Post Title", Content: "This is the content"}, + }, + } +) + +const ( + route = "/blogposts/create" + path = "http://localhost:3000" + route +) diff --git a/modules/middleware/context.go b/modules/middleware/context.go index 8129b13b..1330172f 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -10,7 +10,10 @@ import ( "encoding/base64" "fmt" "html/template" + "io" "net/http" + "net/url" + "path/filepath" "strconv" "strings" "time" @@ -34,6 +37,7 @@ type Context struct { p martini.Params Req *http.Request Res http.ResponseWriter + Flash *Flash Session session.SessionStore Cache cache.Cache User *models.User @@ -47,6 +51,7 @@ type Context struct { IsBranch bool IsTag bool IsCommit bool + HasAccess bool Repository *models.Repository Owner *models.User Commit *git.Commit @@ -59,6 +64,7 @@ type Context struct { HTTPS string Git string } + Mirror *models.Mirror } } @@ -78,6 +84,8 @@ func (ctx *Context) HasError() bool { if !ok { return false } + ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string) + ctx.Data["Flash"] = ctx.Flash return hasErr.(bool) } @@ -88,23 +96,21 @@ func (ctx *Context) HTML(status int, name string, htmlOpt ...HTMLOptions) { // RenderWithErr used for page has form validation but need to prompt error to users. func (ctx *Context) RenderWithErr(msg, tpl string, form auth.Form) { - ctx.Data["HasError"] = true - ctx.Data["ErrorMsg"] = msg if form != nil { auth.AssignForm(form, ctx.Data) } + ctx.Flash.ErrorMsg = msg + ctx.Data["Flash"] = ctx.Flash ctx.HTML(200, tpl) } // Handle handles and logs error by given status. func (ctx *Context) Handle(status int, title string, err error) { log.Error("%s: %v", title, err) - if martini.Dev == martini.Prod { - ctx.HTML(500, "status/500") - return + if martini.Dev != martini.Prod { + ctx.Data["ErrorMsg"] = err } - ctx.Data["ErrorMsg"] = err ctx.HTML(status, fmt.Sprintf("status/%d", status)) } @@ -239,6 +245,56 @@ func (ctx *Context) CsrfTokenValid() bool { return true } +func (ctx *Context) ServeFile(file string, names ...string) { + var name string + if len(names) > 0 { + name = names[0] + } else { + name = filepath.Base(file) + } + ctx.Res.Header().Set("Content-Description", "File Transfer") + ctx.Res.Header().Set("Content-Type", "application/octet-stream") + ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name) + ctx.Res.Header().Set("Content-Transfer-Encoding", "binary") + ctx.Res.Header().Set("Expires", "0") + ctx.Res.Header().Set("Cache-Control", "must-revalidate") + ctx.Res.Header().Set("Pragma", "public") + http.ServeFile(ctx.Res, ctx.Req, file) +} + +func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) { + modtime := time.Now() + for _, p := range params { + switch v := p.(type) { + case time.Time: + modtime = v + } + } + ctx.Res.Header().Set("Content-Description", "File Transfer") + ctx.Res.Header().Set("Content-Type", "application/octet-stream") + ctx.Res.Header().Set("Content-Disposition", "attachment; filename="+name) + ctx.Res.Header().Set("Content-Transfer-Encoding", "binary") + ctx.Res.Header().Set("Expires", "0") + ctx.Res.Header().Set("Cache-Control", "must-revalidate") + ctx.Res.Header().Set("Pragma", "public") + http.ServeContent(ctx.Res, ctx.Req, name, modtime, r) +} + +type Flash struct { + url.Values + ErrorMsg, SuccessMsg string +} + +func (f *Flash) Error(msg string) { + f.Set("error", msg) + f.ErrorMsg = msg +} + +func (f *Flash) Success(msg string) { + f.Set("success", msg) + f.SuccessMsg = msg +} + // InitContext initializes a classic context for a request. func InitContext() martini.Handler { return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) { @@ -256,9 +312,27 @@ func InitContext() martini.Handler { // start session ctx.Session = base.SessionManager.SessionStart(res, r) + + // Get flash. + values, err := url.ParseQuery(ctx.GetCookie("gogs_flash")) + if err != nil { + log.Error("InitContext.ParseQuery(flash): %v", err) + } else if len(values) > 0 { + ctx.Flash = &Flash{Values: values} + ctx.Flash.ErrorMsg = ctx.Flash.Get("error") + ctx.Flash.SuccessMsg = ctx.Flash.Get("success") + ctx.Data["Flash"] = ctx.Flash + ctx.SetCookie("gogs_flash", "", -1) + } + ctx.Flash = &Flash{Values: url.Values{}} + rw := res.(martini.ResponseWriter) rw.Before(func(martini.ResponseWriter) { ctx.Session.SessionRelease(res) + + if flash := ctx.Flash.Encode(); len(flash) > 0 { + ctx.SetCookie("gogs_flash", ctx.Flash.Encode(), 0) + } }) // Get user from session if logined. diff --git a/modules/middleware/render.go b/modules/middleware/render.go index 98d485af..66289988 100644 --- a/modules/middleware/render.go +++ b/modules/middleware/render.go @@ -146,7 +146,7 @@ func compile(options RenderOptions) *template.Template { tmpl := t.New(filepath.ToSlash(name)) for _, funcs := range options.Funcs { - tmpl.Funcs(funcs) + tmpl = tmpl.Funcs(funcs) } template.Must(tmpl.Funcs(helperFuncs).Parse(string(buf))) diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go index 2139742c..34144fe3 100644 --- a/modules/middleware/repo.go +++ b/modules/middleware/repo.go @@ -15,6 +15,7 @@ import ( "github.com/gogits/gogs/models" "github.com/gogits/gogs/modules/base" + "github.com/gogits/gogs/modules/log" ) func RepoAssignment(redirect bool, args ...bool) martini.Handler { @@ -39,7 +40,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { userName := params["username"] repoName := params["reponame"] - branchName := params["branchname"] + refName := params["branchname"] // get repository owner ctx.Repo.IsOwner = ctx.IsSigned && ctx.User.LowerName == strings.ToLower(userName) @@ -66,34 +67,69 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { ctx.Handle(200, "RepoAssignment", errors.New("invliad user account for single repository")) return } + ctx.Repo.Owner = user // get repository repo, err := models.GetRepositoryByName(user.Id, repoName) if err != nil { if err == models.ErrRepoNotExist { ctx.Handle(404, "RepoAssignment", err) + return } else if redirect { ctx.Redirect("/") return } - ctx.Handle(404, "RepoAssignment", err) + ctx.Handle(500, "RepoAssignment", err) return } + + // Check access. + if repo.IsPrivate { + if ctx.User == nil { + ctx.Handle(404, "RepoAssignment(HasAccess)", nil) + return + } + + hasAccess, err := models.HasAccess(ctx.User.Name, ctx.Repo.Owner.Name+"/"+repo.Name, models.AU_READABLE) + if err != nil { + ctx.Handle(500, "RepoAssignment(HasAccess)", err) + return + } else if !hasAccess { + ctx.Handle(404, "RepoAssignment(HasAccess)", nil) + return + } + } + ctx.Repo.HasAccess = true + ctx.Data["HasAccess"] = true + + if repo.IsMirror { + ctx.Repo.Mirror, err = models.GetMirror(repo.Id) + if err != nil { + ctx.Handle(500, "RepoAssignment(GetMirror)", err) + return + } + ctx.Data["MirrorInterval"] = ctx.Repo.Mirror.Interval + } + repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues ctx.Repo.Repository = repo - ctx.Data["IsBareRepo"] = ctx.Repo.Repository.IsBare gitRepo, err := git.OpenRepository(models.RepoPath(userName, repoName)) if err != nil { - ctx.Handle(404, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) + ctx.Handle(500, "RepoAssignment Invalid repo "+models.RepoPath(userName, repoName), err) return } ctx.Repo.GitRepo = gitRepo - - ctx.Repo.Owner = user ctx.Repo.RepoLink = "/" + user.Name + "/" + repo.Name + tags, err := ctx.Repo.GitRepo.GetTags() + if err != nil { + ctx.Handle(500, "RepoAssignment(GetTags))", err) + return + } + ctx.Repo.Repository.NumTags = len(tags) + ctx.Data["Title"] = user.Name + "/" + repo.Name ctx.Data["Repository"] = repo ctx.Data["Owner"] = user @@ -105,29 +141,43 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { ctx.Repo.CloneLink.HTTPS = fmt.Sprintf("%s%s/%s.git", base.AppUrl, user.LowerName, repo.LowerName) ctx.Data["CloneLink"] = ctx.Repo.CloneLink + if ctx.Repo.Repository.IsGoget { + ctx.Data["GoGetLink"] = fmt.Sprintf("%s%s/%s", base.AppUrl, user.LowerName, repo.LowerName) + ctx.Data["GoGetImport"] = fmt.Sprintf("%s/%s/%s", base.Domain, user.LowerName, repo.LowerName) + } + // when repo is bare, not valid branch if !ctx.Repo.Repository.IsBare && validBranch { detect: - if len(branchName) > 0 { - // TODO check tag - if models.IsBranchExist(user.Name, repoName, branchName) { + if len(refName) > 0 { + if gitRepo.IsBranchExist(refName) { ctx.Repo.IsBranch = true - ctx.Repo.BranchName = branchName + ctx.Repo.BranchName = refName - ctx.Repo.Commit, err = gitRepo.GetCommitOfBranch(branchName) + ctx.Repo.Commit, err = gitRepo.GetCommitOfBranch(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid branch", nil) return } + ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() - ctx.Repo.CommitId = ctx.Repo.Commit.Oid.String() + } else if gitRepo.IsTagExist(refName) { + ctx.Repo.IsBranch = true + ctx.Repo.BranchName = refName - } else if len(branchName) == 40 { + ctx.Repo.Commit, err = gitRepo.GetCommitOfTag(refName) + if err != nil { + ctx.Handle(404, "RepoAssignment invalid tag", nil) + return + } + ctx.Repo.CommitId = ctx.Repo.Commit.Id.String() + + } else if len(refName) == 40 { ctx.Repo.IsCommit = true - ctx.Repo.CommitId = branchName - ctx.Repo.BranchName = branchName + ctx.Repo.CommitId = refName + ctx.Repo.BranchName = refName - ctx.Repo.Commit, err = gitRepo.GetCommit(branchName) + ctx.Repo.Commit, err = gitRepo.GetCommit(refName) if err != nil { ctx.Handle(404, "RepoAssignment invalid commit", nil) return @@ -138,16 +188,23 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { } } else { - branchName = "master" + refName = ctx.Repo.Repository.DefaultBranch + if len(refName) == 0 { + refName = "master" + } goto detect } ctx.Data["IsBranch"] = ctx.Repo.IsBranch ctx.Data["IsCommit"] = ctx.Repo.IsCommit + log.Debug("Repo.Commit: %v", ctx.Repo.Commit) } + log.Debug("displayBare: %v; IsBare: %v", displayBare, ctx.Repo.Repository.IsBare) + // repo is bare and display enable if displayBare && ctx.Repo.Repository.IsBare { + log.Debug("Bare repository: %s", ctx.Repo.RepoLink) ctx.HTML(200, "repo/single_bare") return } @@ -157,6 +214,11 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler { } ctx.Data["BranchName"] = ctx.Repo.BranchName + brs, err := ctx.Repo.GitRepo.GetBranches() + if err != nil { + log.Error("RepoAssignment(GetBranches): %v", err) + } + ctx.Data["Branches"] = brs ctx.Data["CommitId"] = ctx.Repo.CommitId ctx.Data["IsRepositoryWatching"] = ctx.Repo.IsWatching } |