forgejo-federation/modules/context/context.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package context

import (
	"html"
	"html/template"
	"io"
	"net/http"
	"net/url"
	"path"
	"strings"
	"time"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/auth"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"
	"github.com/Unknwon/com"
	"github.com/go-macaron/cache"
	"github.com/go-macaron/csrf"
	"github.com/go-macaron/i18n"
	"github.com/go-macaron/session"
	macaron "gopkg.in/macaron.v1"
)

// Context represents context of a request.
type Context struct {
	*macaron.Context
	Cache   cache.Cache
	csrf    csrf.CSRF
	Flash   *session.Flash
	Session session.Store

	Link        string // current request URL
	EscapedLink string
	User        *models.User
	IsSigned    bool
	IsBasicAuth bool

	Repo *Repository
	Org  *Organization
}

// HasAPIError returns true if error occurs in form validation.
func (ctx *Context) HasAPIError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	return hasErr.(bool)
}

// GetErrMsg returns error message
func (ctx *Context) GetErrMsg() string {
	return ctx.Data["ErrorMsg"].(string)
}

// HasError returns true if error occurs in form validation.
func (ctx *Context) HasError() bool {
	hasErr, ok := ctx.Data["HasError"]
	if !ok {
		return false
	}
	ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)
	ctx.Data["Flash"] = ctx.Flash
	return hasErr.(bool)
}

// HasValue returns true if value of given name exists.
func (ctx *Context) HasValue(name string) bool {
	_, ok := ctx.Data[name]
	return ok
}

// RedirectToFirst redirects to first not empty URL
func (ctx *Context) RedirectToFirst(location ...string) {
	for _, loc := range location {
		if len(loc) == 0 {
			continue
		}

		u, err := url.Parse(loc)
		if err != nil || (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {
			continue
		}

		ctx.Redirect(loc)
		return
	}

	ctx.Redirect(setting.AppSubURL + "/")
	return
}

// HTML calls Context.HTML and converts template name to string.
func (ctx *Context) HTML(status int, name base.TplName) {
	log.Debug("Template: %s", name)
	ctx.Context.HTML(status, string(name))
}

// RenderWithErr used for page has form validation but need to prompt error to users.
func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {
	if form != nil {
		auth.AssignForm(form, ctx.Data)
	}
	ctx.Flash.ErrorMsg = msg
	ctx.Data["Flash"] = ctx.Flash
	ctx.HTML(200, tpl)
}

// NotFound displays a 404 (Not Found) page and prints the given error, if any.
func (ctx *Context) NotFound(title string, err error) {
	if err != nil {
		log.Error(4, "%s: %v", title, err)
		if macaron.Env != macaron.PROD {
			ctx.Data["ErrorMsg"] = err
		}
	}

	ctx.Data["Title"] = "Page Not Found"
	ctx.HTML(http.StatusNotFound, base.TplName("status/404"))
}

// ServerError displays a 500 (Internal Server Error) page and prints the given
// error, if any.
func (ctx *Context) ServerError(title string, err error) {
	if err != nil {
		log.Error(4, "%s: %v", title, err)
		if macaron.Env != macaron.PROD {
			ctx.Data["ErrorMsg"] = err
		}
	}

	ctx.Data["Title"] = "Internal Server Error"
	ctx.HTML(404, base.TplName("status/500"))
}

// NotFoundOrServerError use error check function to determine if the error
// is about not found. It responses with 404 status code for not found error,
// or error context description for logging purpose of 500 server error.
func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool, err error) {
	if errck(err) {
		ctx.NotFound(title, err)
		return
	}

	ctx.ServerError(title, err)
}

// HandleText handles HTTP status code
func (ctx *Context) HandleText(status int, title string) {
	if (status/100 == 4) || (status/100 == 5) {
		log.Error(4, "%s", title)
	}
	ctx.PlainText(status, []byte(title))
}

// ServeContent serves content to http request
func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {
	modtime := time.Now()
	for _, p := range params {
		switch v := p.(type) {
		case time.Time:
			modtime = v
		}
	}
	ctx.Resp.Header().Set("Content-Description", "File Transfer")
	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
	ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)
	ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")
	ctx.Resp.Header().Set("Expires", "0")
	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
	ctx.Resp.Header().Set("Pragma", "public")
	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
}

// Contexter initializes a classic context for a request.
func Contexter() macaron.Handler {
	return func(c *macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f *session.Flash, x csrf.CSRF) {
		ctx := &Context{
			Context: c,
			Cache:   cache,
			csrf:    x,
			Flash:   f,
			Session: sess,
			Link:    setting.AppSubURL + strings.TrimSuffix(c.Req.URL.EscapedPath(), "/"),
			Repo: &Repository{
				PullRequest: &PullRequest{},
			},
			Org: &Organization{},
		}
		c.Data["Link"] = ctx.Link
		ctx.Data["PageStartTime"] = time.Now()
		// Quick responses appropriate go-get meta with status 200
		// regardless of if user have access to the repository,
		// or the repository does not exist at all.
		// This is particular a workaround for "go get" command which does not respect
		// .netrc file.
		if ctx.Query("go-get") == "1" {
			ownerName := c.Params(":username")
			repoName := c.Params(":reponame")
			branchName := "master"

			repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)
			if err == nil && len(repo.DefaultBranch) > 0 {
				branchName = repo.DefaultBranch
			}
			prefix := setting.AppURL + path.Join(ownerName, repoName, "src", "branch", branchName)
			c.Header().Set("Content-Type", "text/html")
			c.WriteHeader(http.StatusOK)
			c.Write([]byte(com.Expand(`<!doctype html>
<html>
	<head>
		<meta name="go-import" content="{GoGetImport} git {CloneLink}">
		<meta name="go-source" content="{GoGetImport} _ {GoDocDirectory} {GoDocFile}">
	</head>
	<body>
		go get {GoGetImport}
	</body>
</html>
`, map[string]string{
				"GoGetImport":    ComposeGoGetImport(ownerName, strings.TrimSuffix(repoName, ".git")),
				"CloneLink":      models.ComposeHTTPSCloneURL(ownerName, repoName),
				"GoDocDirectory": prefix + "{/dir}",
				"GoDocFile":      prefix + "{/dir}/{file}#L{line}",
			})))
			return
		}

		// Get user from session if logged in.
		ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)

		if ctx.User != nil {
			ctx.IsSigned = true
			ctx.Data["IsSigned"] = ctx.IsSigned
			ctx.Data["SignedUser"] = ctx.User
			ctx.Data["SignedUserID"] = ctx.User.ID
			ctx.Data["SignedUserName"] = ctx.User.Name
			ctx.Data["IsAdmin"] = ctx.User.IsAdmin
		} else {
			ctx.Data["SignedUserID"] = int64(0)
			ctx.Data["SignedUserName"] = ""
		}

		// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
		if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
			if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
				ctx.ServerError("ParseMultipartForm", err)
				return
			}
		}

		ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

		ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken())
		ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
		log.Debug("Session ID: %s", sess.ID())
		log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"])

		ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
		ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding
		ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion
		ctx.Data["EnableSwagger"] = setting.API.EnableSwagger
		ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn

		c.Map(ctx)
	}
}
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

Rename module: middleware -> context 2016-03-11 22:26:52 +05:30			`package context`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30
			`import (`
Fixes xss, clickjacking & password autocompletion 2016-11-30 03:19:06 +05:30			`"html"`
add csrf check 2014-03-22 23:14:02 +05:30			`"html/template"`
zip archive download 2014-04-15 21:57:29 +05:30			`"io"`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`"net/http"`
Refactor and simplify redirect to url (#3674) 2018-03-16 02:43:34 +05:30			`"net/url"`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`"path"`
Add auto-login 2014-03-23 02:10:09 +05:30			`"strings"`
fork render 2014-03-19 19:27:55 +05:30			`"time"`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path 2016-11-10 21:54:48 +05:30			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/auth"`
			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/setting"`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`"github.com/Unknwon/com"`
Fix imports found by goimports. 2016-11-05 22:26:35 +05:30			`"github.com/go-macaron/cache"`
			`"github.com/go-macaron/csrf"`
			`"github.com/go-macaron/i18n"`
			`"github.com/go-macaron/session"`
			`macaron "gopkg.in/macaron.v1"`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`)`

Clean code 2014-03-15 18:47:16 +05:30			`// Context represents context of a request.`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`type Context struct {`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`*macaron.Context`
Convert captcha, cache, csrf as middlewares 2014-08-01 02:55:34 +05:30			`Cache cache.Cache`
			`csrf csrf.CSRF`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`Flash *session.Flash`
			`Session session.Store`

Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`Link string // current request URL`
Various wiki bug fixes (#2996) * Update macaron * Various wiki bug fixes 2017-11-28 15:13:51 +05:30			`EscapedLink string`
more APIs on #12 2014-11-18 21:37:16 +05:30			`User *models.User`
			`IsSigned bool`
			`IsBasicAuth bool`
modify RepoAssignment 2014-03-15 21:33:23 +05:30
Rename module: middleware -> context 2016-03-11 22:26:52 +05:30			`Repo *Repository`
Add APIContext 2016-03-14 03:07:44 +05:30			`Org *Organization`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`}`

Golint fixed for modules/context 2016-11-25 12:21:01 +05:30			`// HasAPIError returns true if error occurs in form validation.`
			`func (ctx *Context) HasAPIError() bool {`
Clean api code 2014-05-05 22:38:01 +05:30			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
			`return hasErr.(bool)`
			`}`

Golint fixed for modules/context 2016-11-25 12:21:01 +05:30			`// GetErrMsg returns error message`
Clean api code 2014-05-05 22:38:01 +05:30			`func (ctx *Context) GetErrMsg() string {`
			`return ctx.Data["ErrorMsg"].(string)`
			`}`

Clean code 2014-03-15 20:22:14 +05:30			`// HasError returns true if error occurs in form validation.`
			`func (ctx *Context) HasError() bool {`
			`hasErr, ok := ctx.Data["HasError"]`
			`if !ok {`
			`return false`
			`}`
Clean oauth code 2014-04-14 03:42:07 +05:30			`ctx.Flash.ErrorMsg = ctx.Data["ErrorMsg"].(string)`
			`ctx.Data["Flash"] = ctx.Flash`
Clean code 2014-03-15 20:22:14 +05:30			`return hasErr.(bool)`
			`}`

UI: install - new version 2015-07-08 17:17:56 +05:30			`// HasValue returns true if value of given name exists.`
			`func (ctx *Context) HasValue(name string) bool {`
			`_, ok := ctx.Data[name]`
			`return ok`
			`}`

Refactor and simplify redirect to url (#3674) 2018-03-16 02:43:34 +05:30			`// RedirectToFirst redirects to first not empty URL`
			`func (ctx *Context) RedirectToFirst(location ...string) {`
			`for _, loc := range location {`
			`if len(loc) == 0 {`
			`continue`
			`}`

			`u, err := url.Parse(loc)`
			`if err != nil \|\| (u.Scheme != "" && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) {`
			`continue`
			`}`

			`ctx.Redirect(loc)`
			`return`
			`}`

			`ctx.Redirect(setting.AppSubURL + "/")`
			`return`
			`}`

Finish new repo settings page 2014-08-02 23:17:33 +05:30			`// HTML calls Context.HTML and converts template name to string.`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`func (ctx *Context) HTML(status int, name base.TplName) {`
#2014 allow switch branches between two orgs in compose PR 2015-12-20 11:36:54 +05:30			`log.Debug("Template: %s", name)`
Finish new repo settings page 2014-08-02 23:17:33 +05:30			`ctx.Context.HTML(status, string(name))`
Work on admin 2014-03-20 17:20:26 +05:30			`}`

Clean code 2014-03-15 20:22:14 +05:30			`// RenderWithErr used for page has form validation but need to prompt error to users.`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {`
Add: rename repository 2014-04-04 01:20:55 +05:30			`if form != nil {`
			`auth.AssignForm(form, ctx.Data)`
			`}`
Add flash 2014-04-11 02:06:50 +05:30			`ctx.Flash.ErrorMsg = msg`
			`ctx.Data["Flash"] = ctx.Flash`
Work on admin 2014-03-20 17:20:26 +05:30			`ctx.HTML(200, tpl)`
Clean code 2014-03-15 20:22:14 +05:30			`}`

Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30			`// NotFound displays a 404 (Not Found) page and prints the given error, if any.`
			`func (ctx *Context) NotFound(title string, err error) {`
Add router log config option 2014-05-02 04:23:41 +05:30			`if err != nil {`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`log.Error(4, "%s: %v", title, err)`
			`if macaron.Env != macaron.PROD {`
Add router log config option 2014-05-02 04:23:41 +05:30			`ctx.Data["ErrorMsg"] = err`
			`}`
Add some log 2014-03-19 14:18:45 +05:30			`}`

Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30			`ctx.Data["Title"] = "Page Not Found"`
			`ctx.HTML(http.StatusNotFound, base.TplName("status/404"))`
			`}`

			`// ServerError displays a 500 (Internal Server Error) page and prints the given`
			`// error, if any.`
			`func (ctx *Context) ServerError(title string, err error) {`
			`if err != nil {`
			`log.Error(4, "%s: %v", title, err)`
			`if macaron.Env != macaron.PROD {`
			`ctx.Data["ErrorMsg"] = err`
			`}`
Add router log config option 2014-05-02 04:23:41 +05:30			`}`
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30
			`ctx.Data["Title"] = "Internal Server Error"`
			`ctx.HTML(404, base.TplName("status/500"))`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`}`

router/repo: code refactoring 2016-08-30 14:38:38 +05:30			`// NotFoundOrServerError use error check function to determine if the error`
			`// is about not found. It responses with 404 status code for not found error,`
			`// or error context description for logging purpose of 500 server error.`
			`func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool, err error) {`
#1601 support delete issue comment 2016-07-26 00:18:17 +05:30			`if errck(err) {`
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30			`ctx.NotFound(title, err)`
#1601 support delete issue comment 2016-07-26 00:18:17 +05:30			`return`
			`}`

Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30			`ctx.ServerError(title, err)`
#1601 support delete issue comment 2016-07-26 00:18:17 +05:30			`}`

Golint fixed for modules/context 2016-11-25 12:21:01 +05:30			`// HandleText handles HTTP status code`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 20:00:05 +05:30			`func (ctx *Context) HandleText(status int, title string) {`
UI: install - new version 2015-07-08 17:17:56 +05:30			`if (status/100 == 4) \|\| (status/100 == 5) {`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 20:00:05 +05:30			`log.Error(4, "%s", title)`
			`}`
fix import path, fix #1782 2015-10-16 06:58:12 +05:30			`ctx.PlainText(status, []byte(title))`
Set Content-Type to text/plain for http status 401 This is because git command line shows the failure reason only if Content-Type is text/plain. 2015-03-28 20:00:05 +05:30			`}`

Golint fixed for modules/context 2016-11-25 12:21:01 +05:30			`// ServeContent serves content to http request`
zip archive download 2014-04-15 21:57:29 +05:30			`func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interface{}) {`
			`modtime := time.Now()`
			`for _, p := range params {`
			`switch v := p.(type) {`
			`case time.Time:`
			`modtime = v`
			`}`
			`}`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`ctx.Resp.Header().Set("Content-Description", "File Transfer")`
			`ctx.Resp.Header().Set("Content-Type", "application/octet-stream")`
			`ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)`
			`ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")`
			`ctx.Resp.Header().Set("Expires", "0")`
			`ctx.Resp.Header().Set("Cache-Control", "must-revalidate")`
			`ctx.Resp.Header().Set("Pragma", "public")`
Fix API broken 2014-10-19 08:56:55 +05:30			`http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)`
Work on form resubmit 2014-04-11 00:07:43 +05:30			`}`

New UI merge in progress 2014-07-26 09:54:27 +05:30			`// Contexter initializes a classic context for a request.`
			`func Contexter() macaron.Handler {`
Convert captcha, cache, csrf as middlewares 2014-08-01 02:55:34 +05:30			`return func(c macaron.Context, l i18n.Locale, cache cache.Cache, sess session.Store, f session.Flash, x csrf.CSRF) {`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`ctx := &Context{`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`Context: c,`
Convert captcha, cache, csrf as middlewares 2014-08-01 02:55:34 +05:30			`Cache: cache,`
			`csrf: x,`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`Flash: f,`
			`Session: sess,`
Various wiki bug fixes (#2996) * Update macaron * Various wiki bug fixes 2017-11-28 15:13:51 +05:30			`Link: setting.AppSubURL + strings.TrimSuffix(c.Req.URL.EscapedPath(), "/"),`
Rename module: middleware -> context 2016-03-11 22:26:52 +05:30			`Repo: &Repository{`
			`PullRequest: &PullRequest{},`
Fix pull request availability check 2016-03-07 10:27:46 +05:30			`},`
Add APIContext 2016-03-14 03:07:44 +05:30			`Org: &Organization{},`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`}`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`c.Data["Link"] = ctx.Link`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`ctx.Data["PageStartTime"] = time.Now()`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`// Quick responses appropriate go-get meta with status 200`
			`// regardless of if user have access to the repository,`
			`// or the repository does not exist at all.`
			`// This is particular a workaround for "go get" command which does not respect`
			`// .netrc file.`
			`if ctx.Query("go-get") == "1" {`
			`ownerName := c.Params(":username")`
			`repoName := c.Params(":reponame")`
			`branchName := "master"`

Remove GetRepositoryByRef and add GetRepositoryByOwnerAndName (#3043) * remove GetRepositoryByRef and add GetRepositoryByOwnerAndName * fix tests * fix tests bug * some improvements 2017-12-02 13:04:39 +05:30			`repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName)`
			`if err == nil && len(repo.DefaultBranch) > 0 {`
			`branchName = repo.DefaultBranch`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`}`
Fix go-get, src and raw urls to new scheme (#2978) 2017-11-27 06:28:54 +05:30			`prefix := setting.AppURL + path.Join(ownerName, repoName, "src", "branch", branchName)`
Fix go-get content type (#3426) 2018-01-29 23:20:04 +05:30			`c.Header().Set("Content-Type", "text/html")`
			`c.WriteHeader(http.StatusOK)`
			c.Write([]byte(com.Expand(`<!doctype html>
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`<html>`
			`<head>`
			`<meta name="go-import" content="{GoGetImport} git {CloneLink}">`
			`<meta name="go-source" content="{GoGetImport} _ {GoDocDirectory} {GoDocFile}">`
			`</head>`
			`<body>`
			`go get {GoGetImport}`
			`</body>`
			`</html>`
			`, map[string]string{
Fix go get response if only app URL is custom in configuration (#2634) * Fix go get response if only app URL is custom in configuration * Rewrite to update Domain setting to match AppURL 2017-10-02 19:25:09 +05:30			`"GoGetImport": ComposeGoGetImport(ownerName, strings.TrimSuffix(repoName, ".git")),`
Always return valid go-get meta, even if unauthorized (#2010) * Always return valid go-get meta, even if unauthorized * don't leak information 2017-06-26 06:36:40 +05:30			`"CloneLink": models.ComposeHTTPSCloneURL(ownerName, repoName),`
			`"GoDocDirectory": prefix + "{/dir}",`
			`"GoDocFile": prefix + "{/dir}/{file}#L{line}",`
			`})))`
			`return`
			`}`
update session 2014-03-22 18:19:53 +05:30
Fix typos in models/ and modules/ (#1248) 2017-03-15 06:22:01 +05:30			`// Get user from session if logged in.`
#842 able to use access token replace basic auth 2015-09-02 12:10:15 +05:30			`ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)`
work on #609 2014-11-08 01:16:13 +05:30
New UI merge in progress 2014-07-26 09:54:27 +05:30			`if ctx.User != nil {`
			`ctx.IsSigned = true`
			`ctx.Data["IsSigned"] = ctx.IsSigned`
			`ctx.Data["SignedUser"] = ctx.User`
Refactor User.Id to User.ID 2016-07-23 22:38:22 +05:30			`ctx.Data["SignedUserID"] = ctx.User.ID`
Fix #605, fix #255, fix #101 2014-11-07 08:36:41 +05:30			`ctx.Data["SignedUserName"] = ctx.User.Name`
Work on admin 2014-03-20 17:32:14 +05:30			`ctx.Data["IsAdmin"] = ctx.User.IsAdmin`
Fix #605, fix #255, fix #101 2014-11-07 08:36:41 +05:30			`} else {`
Add reactions to issues/PR and comments (#2856) 2017-12-04 04:44:26 +05:30			`ctx.Data["SignedUserID"] = int64(0)`
Fix #605, fix #255, fix #101 2014-11-07 08:36:41 +05:30			`ctx.Data["SignedUserName"] = ""`
fix context 2014-03-15 18:20:17 +05:30			`}`
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30
Add file upload for attachments 2014-07-24 18:49:59 +05:30			`// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.`
New UI merge in progress 2014-07-26 09:54:27 +05:30			`if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {`
			`if err := ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size`
Handle refactor (#3339) * Replace all ctx.Handle with ctx.ServerError or ctx.NotFound * Change Handle(403) to NotFound, avoid using macaron's NotFound 2018-01-11 03:04:17 +05:30			`ctx.ServerError("ParseMultipartForm", err)`
Add file upload for attachments 2014-07-24 18:49:59 +05:30			`return`
			`}`
			`}`

Fixes xss, clickjacking & password autocompletion 2016-11-30 03:19:06 +05:30			ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)

			`ctx.Data["CsrfToken"] = html.EscapeString(x.GetToken())`
			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
#1692 APIs: Users Followers - User profile un/follow - List user's followers/following 2015-12-21 17:54:11 +05:30			`log.Debug("Session ID: %s", sess.ID())`
			`log.Debug("CSRF Token: %v", ctx.Data["CsrfToken"])`
fork render 2014-03-19 19:27:55 +05:30
code fix for #908, and work for #884 2015-02-07 07:46:23 +05:30			`ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton`
#1080: Remove footer ads/branding from default template 2015-03-23 19:49:19 +05:30			`ctx.Data["ShowFooterBranding"] = setting.ShowFooterBranding`
fix #1957 - disable version display This allows the admin to disable the version information about gogs and go in use in the footer. 2015-11-19 03:02:31 +05:30			`ctx.Data["ShowFooterVersion"] = setting.ShowFooterVersion`
Swagger.v1.json template (#3572) * Turn swagger.v1.json into template * Rename ENABLE_SWAGGER_ENDPOINT option to ENABLE_SWAGGER 2018-07-28 05:49:01 +05:30			`ctx.Data["EnableSwagger"] = setting.API.EnableSwagger`
Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION (#1369) * Allow ENABLE_OPENID_SIGNUP to depend on DISABLE_REGISTRATION Omit the configuration variable (the default) to be dependent. Fixes #1363 * Move OpenID settings under Service object * Show OpenID SignUp and SignIn status in admin panel / configuration 2017-03-29 16:27:43 +05:30			`ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn`
code fix for #908, and work for #884 2015-02-07 07:46:23 +05:30
move templateFuncs to one file, add middleware context. 2014-03-15 16:31:50 +05:30			`c.Map(ctx)`
			`}`
			`}`