add csrf check
This commit is contained in:
parent
01e781dedb
commit
076fc98d98
18 changed files with 208 additions and 46 deletions
|
@ -25,13 +25,17 @@ func EncodeMd5(str string) string {
|
||||||
return hex.EncodeToString(m.Sum(nil))
|
return hex.EncodeToString(m.Sum(nil))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Random generate string
|
// GetRandomString generate random string by specify chars.
|
||||||
func GetRandomString(n int) string {
|
func GetRandomString(n int, alphabets ...byte) string {
|
||||||
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||||
var bytes = make([]byte, n)
|
var bytes = make([]byte, n)
|
||||||
rand.Read(bytes)
|
rand.Read(bytes)
|
||||||
for i, b := range bytes {
|
for i, b := range bytes {
|
||||||
bytes[i] = alphanum[b%byte(len(alphanum))]
|
if len(alphabets) == 0 {
|
||||||
|
bytes[i] = alphanum[b%byte(len(alphanum))]
|
||||||
|
} else {
|
||||||
|
bytes[i] = alphabets[b%byte(len(alphabets))]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return string(bytes)
|
return string(bytes)
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,39 +10,45 @@ import (
|
||||||
"github.com/gogits/gogs/modules/base"
|
"github.com/gogits/gogs/modules/base"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SignInRequire requires user to sign in.
|
type ToggleOptions struct {
|
||||||
func SignInRequire(redirect bool) martini.Handler {
|
SignInRequire bool
|
||||||
return func(ctx *Context) {
|
SignOutRequire bool
|
||||||
if !ctx.IsSigned {
|
AdminRequire bool
|
||||||
if redirect {
|
DisableCsrf bool
|
||||||
ctx.Redirect("/user/login")
|
|
||||||
}
|
|
||||||
return
|
|
||||||
} else if !ctx.User.IsActive && base.Service.RegisterEmailConfirm {
|
|
||||||
ctx.Data["Title"] = "Activate Your Account"
|
|
||||||
ctx.HTML(200, "user/active")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignOutRequire requires user to sign out.
|
func Toggle(options *ToggleOptions) martini.Handler {
|
||||||
func SignOutRequire() martini.Handler {
|
|
||||||
return func(ctx *Context) {
|
return func(ctx *Context) {
|
||||||
if ctx.IsSigned {
|
if options.SignOutRequire && ctx.IsSigned {
|
||||||
ctx.Redirect("/")
|
ctx.Redirect("/")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// AdminRequire requires user signed in as administor.
|
if !options.DisableCsrf {
|
||||||
func AdminRequire() martini.Handler {
|
if ctx.Req.Method == "POST" {
|
||||||
return func(ctx *Context) {
|
if !ctx.CsrfTokenValid() {
|
||||||
if !ctx.User.IsAdmin {
|
ctx.Error(403, "CSRF token does not match")
|
||||||
ctx.Error(403)
|
return
|
||||||
return
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if options.SignInRequire {
|
||||||
|
if !ctx.IsSigned {
|
||||||
|
ctx.Redirect("/user/login")
|
||||||
|
return
|
||||||
|
} else if !ctx.User.IsActive && base.Service.RegisterEmailConfirm {
|
||||||
|
ctx.Data["Title"] = "Activate Your Account"
|
||||||
|
ctx.HTML(200, "user/active")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if options.AdminRequire {
|
||||||
|
if !ctx.User.IsAdmin {
|
||||||
|
ctx.Error(403)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ctx.Data["PageIsAdmin"] = true
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ package middleware
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"html/template"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -32,6 +33,8 @@ type Context struct {
|
||||||
User *models.User
|
User *models.User
|
||||||
IsSigned bool
|
IsSigned bool
|
||||||
|
|
||||||
|
csrfToken string
|
||||||
|
|
||||||
Repo struct {
|
Repo struct {
|
||||||
IsValid bool
|
IsValid bool
|
||||||
IsOwner bool
|
IsOwner bool
|
||||||
|
@ -90,6 +93,95 @@ func (ctx *Context) Handle(status int, title string, err error) {
|
||||||
ctx.HTML(status, fmt.Sprintf("status/%d", status))
|
ctx.HTML(status, fmt.Sprintf("status/%d", status))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ctx *Context) GetCookie(name string) string {
|
||||||
|
cookie, err := ctx.Req.Cookie(name)
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return cookie.Value
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {
|
||||||
|
cookie := http.Cookie{}
|
||||||
|
cookie.Name = name
|
||||||
|
cookie.Value = value
|
||||||
|
|
||||||
|
if len(others) > 0 {
|
||||||
|
switch v := others[0].(type) {
|
||||||
|
case int:
|
||||||
|
cookie.MaxAge = v
|
||||||
|
case int64:
|
||||||
|
cookie.MaxAge = int(v)
|
||||||
|
case int32:
|
||||||
|
cookie.MaxAge = int(v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// default "/"
|
||||||
|
if len(others) > 1 {
|
||||||
|
if v, ok := others[1].(string); ok && len(v) > 0 {
|
||||||
|
cookie.Path = v
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
cookie.Path = "/"
|
||||||
|
}
|
||||||
|
|
||||||
|
// default empty
|
||||||
|
if len(others) > 2 {
|
||||||
|
if v, ok := others[2].(string); ok && len(v) > 0 {
|
||||||
|
cookie.Domain = v
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// default empty
|
||||||
|
if len(others) > 3 {
|
||||||
|
switch v := others[3].(type) {
|
||||||
|
case bool:
|
||||||
|
cookie.Secure = v
|
||||||
|
default:
|
||||||
|
if others[3] != nil {
|
||||||
|
cookie.Secure = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// default false. for session cookie default true
|
||||||
|
if len(others) > 4 {
|
||||||
|
if v, ok := others[4].(bool); ok && v {
|
||||||
|
cookie.HttpOnly = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Res.Header().Add("Set-Cookie", cookie.String())
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ctx *Context) CsrfToken() string {
|
||||||
|
if len(ctx.csrfToken) > 0 {
|
||||||
|
return ctx.csrfToken
|
||||||
|
}
|
||||||
|
|
||||||
|
token := ctx.GetCookie("_csrf")
|
||||||
|
if len(token) == 0 {
|
||||||
|
token = base.GetRandomString(30)
|
||||||
|
ctx.SetCookie("_csrf", token)
|
||||||
|
}
|
||||||
|
ctx.csrfToken = token
|
||||||
|
return token
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ctx *Context) CsrfTokenValid() bool {
|
||||||
|
token := ctx.Query("_csrf")
|
||||||
|
if token == "" {
|
||||||
|
token = ctx.Req.Header.Get("X-Csrf-Token")
|
||||||
|
}
|
||||||
|
if token == "" {
|
||||||
|
return false
|
||||||
|
} else if ctx.csrfToken != token {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// InitContext initializes a classic context for a request.
|
// InitContext initializes a classic context for a request.
|
||||||
func InitContext() martini.Handler {
|
func InitContext() martini.Handler {
|
||||||
return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
|
return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) {
|
||||||
|
@ -103,11 +195,14 @@ func InitContext() martini.Handler {
|
||||||
Render: rd,
|
Render: rd,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx.Data["PageStartTime"] = time.Now()
|
||||||
|
|
||||||
// start session
|
// start session
|
||||||
ctx.Session = base.SessionManager.SessionStart(res, r)
|
ctx.Session = base.SessionManager.SessionStart(res, r)
|
||||||
defer func() {
|
rw := res.(martini.ResponseWriter)
|
||||||
|
rw.Before(func(martini.ResponseWriter) {
|
||||||
ctx.Session.SessionRelease(res)
|
ctx.Session.SessionRelease(res)
|
||||||
}()
|
})
|
||||||
|
|
||||||
// Get user from session if logined.
|
// Get user from session if logined.
|
||||||
user := auth.SignedInUser(ctx.Session)
|
user := auth.SignedInUser(ctx.Session)
|
||||||
|
@ -121,9 +216,15 @@ func InitContext() martini.Handler {
|
||||||
ctx.Data["SignedUserId"] = user.Id
|
ctx.Data["SignedUserId"] = user.Id
|
||||||
ctx.Data["SignedUserName"] = user.LowerName
|
ctx.Data["SignedUserName"] = user.LowerName
|
||||||
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
|
ctx.Data["IsAdmin"] = ctx.User.IsAdmin
|
||||||
|
|
||||||
|
if ctx.User.IsAdmin {
|
||||||
|
ctx.Data["PageIsAdmin"] = true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Data["PageStartTime"] = time.Now()
|
// get or create csrf token
|
||||||
|
ctx.Data["CsrfToken"] = ctx.CsrfToken()
|
||||||
|
ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`)
|
||||||
|
|
||||||
c.Map(ctx)
|
c.Map(ctx)
|
||||||
|
|
||||||
|
|
|
@ -242,8 +242,11 @@ func (r *Render) HTMLString(name string, binding interface{}, htmlOpt ...HTMLOpt
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Render) Error(status int) {
|
func (r *Render) Error(status int, message ...string) {
|
||||||
r.WriteHeader(status)
|
r.WriteHeader(status)
|
||||||
|
if len(message) > 0 {
|
||||||
|
r.Write([]byte(message[0]))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Render) Redirect(location string, status ...int) {
|
func (r *Render) Redirect(location string, status ...int) {
|
||||||
|
|
|
@ -2,6 +2,39 @@ var Gogits = {
|
||||||
"PageIsSignup": false
|
"PageIsSignup": false
|
||||||
};
|
};
|
||||||
|
|
||||||
|
(function($){
|
||||||
|
// extend jQuery ajax, set csrf token value
|
||||||
|
var ajax = $.ajax;
|
||||||
|
$.extend({
|
||||||
|
ajax: function(url, options) {
|
||||||
|
if (typeof url === 'object') {
|
||||||
|
options = url;
|
||||||
|
url = undefined;
|
||||||
|
}
|
||||||
|
options = options || {};
|
||||||
|
url = options.url;
|
||||||
|
var csrftoken = $('meta[name=_csrf]').attr('content');
|
||||||
|
var headers = options.headers || {};
|
||||||
|
var domain = document.domain.replace(/\./ig, '\\.');
|
||||||
|
if (!/^(http:|https:).*/.test(url) || eval('/^(http:|https:)\\/\\/(.+\\.)*' + domain + '.*/').test(url)) {
|
||||||
|
headers = $.extend(headers, {'X-Csrf-Token':csrftoken});
|
||||||
|
}
|
||||||
|
options.headers = headers;
|
||||||
|
var callback = options.success;
|
||||||
|
options.success = function(data){
|
||||||
|
if(data.once){
|
||||||
|
// change all _once value if ajax data.once exist
|
||||||
|
$('[name=_once]').val(data.once);
|
||||||
|
}
|
||||||
|
if(callback){
|
||||||
|
callback.apply(this, arguments);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return ajax(url, options);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}(jQuery));
|
||||||
|
|
||||||
(function ($) {
|
(function ($) {
|
||||||
|
|
||||||
Gogits.showTab = function (selector, index) {
|
Gogits.showTab = function (selector, index) {
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
<br/>
|
<br/>
|
||||||
<form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal">
|
<form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal">
|
||||||
{{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
{{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<input type="hidden" value="{{.User.Id}}" name="userId"/>
|
<input type="hidden" value="{{.User.Id}}" name="userId"/>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-md-3 control-label">Username: </label>
|
<label class="col-md-3 control-label">Username: </label>
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<br/>
|
<br/>
|
||||||
<form action="/admin/users/new" method="post" class="form-horizontal">
|
<form action="/admin/users/new" method="post" class="form-horizontal">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
||||||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
||||||
<label class="col-md-3 control-label">Username: </label>
|
<label class="col-md-3 control-label">Username: </label>
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
<meta name="author" content="Gogs - Go Git Service" />
|
<meta name="author" content="Gogs - Go Git Service" />
|
||||||
<meta name="description" content="Gogs(Go Git Service) is a GitHub-like clone in the Go Programming Language" />
|
<meta name="description" content="Gogs(Go Git Service) is a GitHub-like clone in the Go Programming Language" />
|
||||||
<meta name="keywords" content="go, git">
|
<meta name="keywords" content="go, git">
|
||||||
|
<meta name="_csrf" content="{{.CsrfToken}}" />
|
||||||
|
|
||||||
<!-- Stylesheets -->
|
<!-- Stylesheets -->
|
||||||
<link href="/css/bootstrap.min.css" rel="stylesheet" />
|
<link href="/css/bootstrap.min.css" rel="stylesheet" />
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
{{template "base/navbar" .}}
|
{{template "base/navbar" .}}
|
||||||
<div class="container" id="gogs-body">
|
<div class="container" id="gogs-body">
|
||||||
<form action="/repo/create" method="post" class="form-horizontal gogs-card" id="gogs-repo-create">
|
<form action="/repo/create" method="post" class="form-horizontal gogs-card" id="gogs-repo-create">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<h3>Create New Repository</h3>
|
<h3>Create New Repository</h3>
|
||||||
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
<div class="modal fade" id="delete-repository-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
<div class="modal fade" id="delete-repository-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<form action="/{{.Owner.Name}}/{{.Repository.Name}}/settings" method="post" class="modal-content">
|
<form action="/{{.Owner.Name}}/{{.Repository.Name}}/settings" method="post" class="modal-content">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<input type="hidden" name="action" value="delete">
|
<input type="hidden" name="action" value="delete">
|
||||||
|
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{{template "base/head" .}}
|
{{template "base/head" .}}
|
||||||
{{template "base/navbar" .}}
|
{{template "base/navbar" .}}
|
||||||
<div id="gogs-body" class="container">
|
<div id="gogs-body" class="container">
|
||||||
<form action="/user/activate" method="get" class="form-horizontal gogs-card" id="gogs-login-card">
|
<form action="/user/activate" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<h3>Activate Your Account</h3>
|
<h3>Activate Your Account</h3>
|
||||||
{{if .IsActivatePage}}
|
{{if .IsActivatePage}}
|
||||||
{{if .ServiceNotEnabled}}
|
{{if .ServiceNotEnabled}}
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
<div class="modal fade" id="delete-account-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
<div class="modal fade" id="delete-account-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<form action="/user/delete" method="post" class="modal-content" id="gogs-user-delete">
|
<form action="/user/delete" method="post" class="modal-content" id="gogs-user-delete">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||||
<h4 class="modal-title" id="myModalLabel">Delete Account</h4>
|
<h4 class="modal-title" id="myModalLabel">Delete Account</h4>
|
||||||
|
|
|
@ -5,7 +5,9 @@
|
||||||
<div id="gogs-user-setting-container" class="col-md-9">
|
<div id="gogs-user-setting-container" class="col-md-9">
|
||||||
<div id="gogs-setting-pwd">
|
<div id="gogs-setting-pwd">
|
||||||
<h4>Password</h4>
|
<h4>Password</h4>
|
||||||
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">{{if .IsSuccess}}
|
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
|
{{if .IsSuccess}}
|
||||||
<p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
<p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label>
|
<label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label>
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
<div class="modal fade" id="ssh-add-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
<div class="modal fade" id="ssh-add-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
<form class="modal-content form-horizontal" id="gogs-ssh-form" method="post" action="/user/setting/ssh/">
|
<form class="modal-content form-horizontal" id="gogs-ssh-form" method="post" action="/user/setting/ssh/">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||||
<h4 class="modal-title" id="myModalLabel">Add SSH Key</h4>
|
<h4 class="modal-title" id="myModalLabel">Add SSH Key</h4>
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
<div id="gogs-setting-pwd">
|
<div id="gogs-setting-pwd">
|
||||||
<h4>Account Profile</h4>
|
<h4>Account Profile</h4>
|
||||||
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting">
|
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
{{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
{{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
||||||
<p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
|
<p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
{{template "base/navbar" .}}
|
{{template "base/navbar" .}}
|
||||||
<div class="container" id="gogs-body" data-page="user-signin">
|
<div class="container" id="gogs-body" data-page="user-signin">
|
||||||
<form action="/user/login" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
<form action="/user/login" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
<h3>Log in</h3>
|
<h3>Log in</h3>
|
||||||
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
||||||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
{{template "base/navbar" .}}
|
{{template "base/navbar" .}}
|
||||||
<div class="container" id="gogs-body" data-page="user-signup">
|
<div class="container" id="gogs-body" data-page="user-signup">
|
||||||
<form action="/user/sign_up" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
<form action="/user/sign_up" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||||
|
{{.CsrfTokenHtml}}
|
||||||
{{if .DisenableRegisteration}}
|
{{if .DisenableRegisteration}}
|
||||||
Sorry, registeration has been disenabled, you can only get account from administrator.
|
Sorry, registeration has been disenabled, you can only get account from administrator.
|
||||||
{{else}}
|
{{else}}
|
||||||
|
|
24
web.go
24
web.go
|
@ -82,9 +82,10 @@ func runWeb(*cli.Context) {
|
||||||
|
|
||||||
m.Use(middleware.InitContext())
|
m.Use(middleware.InitContext())
|
||||||
|
|
||||||
reqSignIn := middleware.SignInRequire(true)
|
reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
|
||||||
ignSignIn := middleware.SignInRequire(base.Service.RequireSignInView)
|
ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})
|
||||||
reqSignOut := middleware.SignOutRequire()
|
reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})
|
||||||
|
|
||||||
// Routers.
|
// Routers.
|
||||||
m.Get("/", ignSignIn, routers.Home)
|
m.Get("/", ignSignIn, routers.Home)
|
||||||
m.Get("/issues", reqSignIn, user.Issues)
|
m.Get("/issues", reqSignIn, user.Issues)
|
||||||
|
@ -109,14 +110,15 @@ func runWeb(*cli.Context) {
|
||||||
|
|
||||||
m.Get("/help", routers.Help)
|
m.Get("/help", routers.Help)
|
||||||
|
|
||||||
adminReq := middleware.AdminRequire()
|
adminReq := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true, AdminRequire: true})
|
||||||
m.Get("/admin", reqSignIn, adminReq, admin.Dashboard)
|
|
||||||
m.Get("/admin/users", reqSignIn, adminReq, admin.Users)
|
m.Get("/admin", adminReq, admin.Dashboard)
|
||||||
m.Any("/admin/users/new", reqSignIn, adminReq, binding.BindIgnErr(auth.RegisterForm{}), admin.NewUser)
|
m.Get("/admin/users", adminReq, admin.Users)
|
||||||
m.Any("/admin/users/:userid", reqSignIn, adminReq, binding.BindIgnErr(auth.AdminEditUserForm{}), admin.EditUser)
|
m.Any("/admin/users/new", adminReq, binding.BindIgnErr(auth.RegisterForm{}), admin.NewUser)
|
||||||
m.Any("/admin/users/:userid/delete", reqSignIn, adminReq, admin.DeleteUser)
|
m.Any("/admin/users/:userid", adminReq, binding.BindIgnErr(auth.AdminEditUserForm{}), admin.EditUser)
|
||||||
m.Get("/admin/repos", reqSignIn, adminReq, admin.Repositories)
|
m.Any("/admin/users/:userid/delete", adminReq, admin.DeleteUser)
|
||||||
m.Get("/admin/config", reqSignIn, adminReq, admin.Config)
|
m.Get("/admin/repos", adminReq, admin.Repositories)
|
||||||
|
m.Get("/admin/config", adminReq, admin.Config)
|
||||||
|
|
||||||
m.Post("/:username/:reponame/settings", reqSignIn, middleware.RepoAssignment(true), repo.SettingPost)
|
m.Post("/:username/:reponame/settings", reqSignIn, middleware.RepoAssignment(true), repo.SettingPost)
|
||||||
m.Get("/:username/:reponame/settings", reqSignIn, middleware.RepoAssignment(true), repo.Setting)
|
m.Get("/:username/:reponame/settings", reqSignIn, middleware.RepoAssignment(true), repo.Setting)
|
||||||
|
|
Loading…
Reference in a new issue