gitea/modules/context/api.go

// Copyright 2016 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package context

import (
	"fmt"
	"net/url"
	"strings"

	"github.com/go-macaron/csrf"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/git"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"

	"gopkg.in/macaron.v1"
)

// APIContext is a specific macaron context for API service
type APIContext struct {
	*Context
	Org *APIOrganization
}

// APIError is error format response
// swagger:response error
type APIError struct {
	Message string `json:"message"`
	URL     string `json:"url"`
}

// APIValidationError is error format response related to input validation
// swagger:response validationError
type APIValidationError struct {
	Message string `json:"message"`
	URL     string `json:"url"`
}

//APIEmpty is an empty response
// swagger:response empty
type APIEmpty struct{}

//APIForbiddenError is a forbidden error response
// swagger:response forbidden
type APIForbiddenError struct {
	APIError
}

//APINotFound is a not found empty response
// swagger:response notFound
type APINotFound struct{}

//APIRedirect is a redirect response
// swagger:response redirect
type APIRedirect struct{}

// Error responses error message to client with given message.
// If status is 500, also it prints error to log.
func (ctx *APIContext) Error(status int, title string, obj interface{}) {
	var message string
	if err, ok := obj.(error); ok {
		message = err.Error()
	} else {
		message = obj.(string)
	}

	if status == 500 {
		log.Error("%s: %s", title, message)
	}

	ctx.JSON(status, APIError{
		Message: message,
		URL:     setting.API.SwaggerURL,
	})
}

func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
	page := NewPagination(total, pageSize, curPage, 0)
	paginater := page.Paginater
	links := make([]string, 0, 4)

	if paginater.HasNext() {
		u := *curURL
		queries := u.Query()
		queries.Set("page", fmt.Sprintf("%d", paginater.Next()))
		u.RawQuery = queries.Encode()

		links = append(links, fmt.Sprintf("<%s%s>; rel=\"next\"", setting.AppURL, u.RequestURI()[1:]))
	}
	if !paginater.IsLast() {
		u := *curURL
		queries := u.Query()
		queries.Set("page", fmt.Sprintf("%d", paginater.TotalPages()))
		u.RawQuery = queries.Encode()

		links = append(links, fmt.Sprintf("<%s%s>; rel=\"last\"", setting.AppURL, u.RequestURI()[1:]))
	}
	if !paginater.IsFirst() {
		u := *curURL
		queries := u.Query()
		queries.Set("page", "1")
		u.RawQuery = queries.Encode()

		links = append(links, fmt.Sprintf("<%s%s>; rel=\"first\"", setting.AppURL, u.RequestURI()[1:]))
	}
	if paginater.HasPrevious() {
		u := *curURL
		queries := u.Query()
		queries.Set("page", fmt.Sprintf("%d", paginater.Previous()))
		u.RawQuery = queries.Encode()

		links = append(links, fmt.Sprintf("<%s%s>; rel=\"prev\"", setting.AppURL, u.RequestURI()[1:]))
	}
	return links
}

// SetLinkHeader sets pagination link header by given total number and page size.
func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
	links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.QueryInt("page"))

	if len(links) > 0 {
		ctx.Header().Set("Link", strings.Join(links, ","))
	}
}

// RequireCSRF requires a validated a CSRF token
func (ctx *APIContext) RequireCSRF() {
	headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())
	formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())
	if len(headerToken) > 0 || len(formValueToken) > 0 {
		csrf.Validate(ctx.Context.Context, ctx.csrf)
	} else {
		ctx.Context.Error(401)
	}
}

// CheckForOTP validateds OTP
func (ctx *APIContext) CheckForOTP() {
	otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
	twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)
	if err != nil {
		if models.IsErrTwoFactorNotEnrolled(err) {
			return // No 2FA enrollment for this user
		}
		ctx.Context.Error(500)
		return
	}
	ok, err := twofa.ValidateTOTP(otpHeader)
	if err != nil {
		ctx.Context.Error(500)
		return
	}
	if !ok {
		ctx.Context.Error(401)
		return
	}
}

// APIContexter returns apicontext as macaron middleware
func APIContexter() macaron.Handler {
	return func(c *Context) {
		ctx := &APIContext{
			Context: c,
		}
		c.Map(ctx)
	}
}

// ReferencesGitRepo injects the GitRepo into the Context
func ReferencesGitRepo(allowEmpty bool) macaron.Handler {
	return func(ctx *APIContext) {
		// Empty repository does not have reference information.
		if !allowEmpty && ctx.Repo.Repository.IsEmpty {
			return
		}

		// For API calls.
		if ctx.Repo.GitRepo == nil {
			repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
			gitRepo, err := git.OpenRepository(repoPath)
			if err != nil {
				ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
				return
			}
			ctx.Repo.GitRepo = gitRepo
		}
	}
}

// NotFound handles 404s for APIContext
// String will replace message, errors will be added to a slice
func (ctx *APIContext) NotFound(objs ...interface{}) {
	var message = "Not Found"
	var errors []string
	for _, obj := range objs {
		if err, ok := obj.(error); ok {
			errors = append(errors, err.Error())
		} else {
			message = obj.(string)
		}
	}

	ctx.JSON(404, map[string]interface{}{
		"message":           message,
		"documentation_url": setting.API.SwaggerURL,
		"errors":            errors,
	})
}
Add APIContext 2016-03-13 17:37:44 -04:00			`// Copyright 2016 The Gogs Authors. All rights reserved.`
Updates to API 404 responses (#6077) 2019-03-18 22:29:43 -04:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
Add APIContext 2016-03-13 17:37:44 -04:00			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package context`

			`import (`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`"fmt"`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`"net/url"`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`"strings"`

Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250) * Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware 2018-11-03 21:15:55 -04:00			`"github.com/go-macaron/csrf"`

API endpoints for stars 2016-11-14 17:33:58 -05:00			`"code.gitea.io/gitea/models"`
move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364) * move code.gitea.io/git to code.gitea.io/gitea/modules/git * fix imports * fix fmt * fix misspell * remove wrong tests data * fix unit tests * fix tests * fix tests * fix tests * fix tests * fix tests * enable Debug to trace the failure tests * fix tests * fix tests * fix tests * fix tests * fix tests * comment commit count tests since git clone depth is 50 * fix tests * update from code.gitea.io/git * revert change to makefile 2019-03-27 05:33:00 -04:00			`"code.gitea.io/gitea/modules/git"`
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path 2016-11-10 11:24:48 -05:00			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/setting"`
move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364) * move code.gitea.io/git to code.gitea.io/gitea/modules/git * fix imports * fix fmt * fix misspell * remove wrong tests data * fix unit tests * fix tests * fix tests * fix tests * fix tests * fix tests * enable Debug to trace the failure tests * fix tests * fix tests * fix tests * fix tests * fix tests * comment commit count tests since git clone depth is 50 * fix tests * update from code.gitea.io/git * revert change to makefile 2019-03-27 05:33:00 -04:00
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`"gopkg.in/macaron.v1"`
Add APIContext 2016-03-13 17:37:44 -04:00			`)`

Golint fixed for modules/context 2016-11-25 01:51:01 -05:00			`// APIContext is a specific macaron context for API service`
Add APIContext 2016-03-13 17:37:44 -04:00			`type APIContext struct {`
			`*Context`
#1692 add admin APIs to add/remove a user from teams 2016-03-25 18:04:02 -04:00			`Org *APIOrganization`
Add APIContext 2016-03-13 17:37:44 -04:00			`}`

Generate swagger json (#1402) - Generate swagger.json into public/ - Add swagger-ui auto-installation - Add footer link to local swagger-ui - Add /swagger url for using app url. - Fix Swagger-UI version via git tag 2017-05-02 09:35:59 -04:00			`// APIError is error format response`
			`// swagger:response error`
			`type APIError struct {`
			Message string `json:"message"`
			URL string `json:"url"`
			`}`

			`// APIValidationError is error format response related to input validation`
			`// swagger:response validationError`
			`type APIValidationError struct {`
			Message string `json:"message"`
			URL string `json:"url"`
			`}`

Correct grammar in APIEmpty documentation (#1748) * Correct grammar in APIEmpty doc * Generate swagger.v1.json 2017-05-18 10:39:42 -04:00			`//APIEmpty is an empty response`
Generate swagger json (#1402) - Generate swagger.json into public/ - Add swagger-ui auto-installation - Add footer link to local swagger-ui - Add /swagger url for using app url. - Fix Swagger-UI version via git tag 2017-05-02 09:35:59 -04:00			`// swagger:response empty`
			`type APIEmpty struct{}`

			`//APIForbiddenError is a forbidden error response`
			`// swagger:response forbidden`
			`type APIForbiddenError struct {`
			`APIError`
			`}`

			`//APINotFound is a not found empty response`
			`// swagger:response notFound`
			`type APINotFound struct{}`

Improve swagger doc (#2274) * Add swagger comment for adminCreateOrg * Add swagger comment for admin route * add hook swagger doc * Add tags * Add auth * Fix name of responses * Edit name method * Update vendor * make generate-swagger 2017-08-21 07:13:47 -04:00			`//APIRedirect is a redirect response`
			`// swagger:response redirect`
			`type APIRedirect struct{}`

Convert all API handers to use *context.APIContext 2016-03-13 18:49:16 -04:00			`// Error responses error message to client with given message.`
			`// If status is 500, also it prints error to log.`
			`func (ctx *APIContext) Error(status int, title string, obj interface{}) {`
			`var message string`
			`if err, ok := obj.(error); ok {`
			`message = err.Error()`
			`} else {`
			`message = obj.(string)`
			`}`

			`if status == 500 {`
Better logging (#6038) (#6095) * Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION 2019-04-02 03:48:31 -04:00			`log.Error("%s: %s", title, message)`
Convert all API handers to use *context.APIContext 2016-03-13 18:49:16 -04:00			`}`

Generate swagger json (#1402) - Generate swagger.json into public/ - Add swagger-ui auto-installation - Add footer link to local swagger-ui - Add /swagger url for using app url. - Fix Swagger-UI version via git tag 2017-05-02 09:35:59 -04:00			`ctx.JSON(status, APIError{`
			`Message: message,`
API error cleanup (#7186) 2019-06-12 17:07:24 -04:00			`URL: setting.API.SwaggerURL,`
Convert all API handers to use *context.APIContext 2016-03-13 18:49:16 -04:00			`})`
			`}`

fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {`
			`page := NewPagination(total, pageSize, curPage, 0)`
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`paginater := page.Paginater`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`links := make([]string, 0, 4)`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`if paginater.HasNext() {`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`u := *curURL`
			`queries := u.Query()`
			`queries.Set("page", fmt.Sprintf("%d", paginater.Next()))`
			`u.RawQuery = queries.Encode()`

			`links = append(links, fmt.Sprintf("<%s%s>; rel=\"next\"", setting.AppURL, u.RequestURI()[1:]))`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`}`
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`if !paginater.IsLast() {`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`u := *curURL`
			`queries := u.Query()`
			`queries.Set("page", fmt.Sprintf("%d", paginater.TotalPages()))`
			`u.RawQuery = queries.Encode()`

			`links = append(links, fmt.Sprintf("<%s%s>; rel=\"last\"", setting.AppURL, u.RequestURI()[1:]))`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`}`
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`if !paginater.IsFirst() {`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`u := *curURL`
			`queries := u.Query()`
			`queries.Set("page", "1")`
			`u.RawQuery = queries.Encode()`

			`links = append(links, fmt.Sprintf("<%s%s>; rel=\"first\"", setting.AppURL, u.RequestURI()[1:]))`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`}`
Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00			`if paginater.HasPrevious() {`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`u := *curURL`
			`queries := u.Query()`
			`queries.Set("page", fmt.Sprintf("%d", paginater.Previous()))`
			`u.RawQuery = queries.Encode()`

			`links = append(links, fmt.Sprintf("<%s%s>; rel=\"prev\"", setting.AppURL, u.RequestURI()[1:]))`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00			`}`
fix API link header (#7298) 2019-06-26 04:51:32 -04:00			`return links`
			`}`

			`// SetLinkHeader sets pagination link header by given total number and page size.`
			`func (ctx *APIContext) SetLinkHeader(total, pageSize int) {`
			`links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.QueryInt("page"))`
#1692 add CRUD issue APIs - Fix go-gogs-client#10 - Related to #809 2016-03-13 23:20:22 -04:00
			`if len(links) > 0 {`
			`ctx.Header().Set("Link", strings.Join(links, ","))`
			`}`
			`}`

Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250) * Add CSRF checking to reqToken and place CSRF in the post for deadline creation Fixes #5226, #5249 * /api/v1/admin/users routes should have reqToken middleware 2018-11-03 21:15:55 -04:00			`// RequireCSRF requires a validated a CSRF token`
			`func (ctx *APIContext) RequireCSRF() {`
			`headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())`
			`formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())`
			`if len(headerToken) > 0 \|\| len(formValueToken) > 0 {`
			`csrf.Validate(ctx.Context.Context, ctx.csrf)`
			`} else {`
			`ctx.Context.Error(401)`
			`}`
			`}`

API OTP Context (#6674) * API OTP Context * Update api.go * token * token * fix per discord * copyright header * remove check for token in OTP * Update auth.go * simplify * Update api.go 2019-04-19 04:59:26 -04:00			`// CheckForOTP validateds OTP`
			`func (ctx *APIContext) CheckForOTP() {`
			`otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")`
			`twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)`
			`if err != nil {`
			`if models.IsErrTwoFactorNotEnrolled(err) {`
			`return // No 2FA enrollment for this user`
			`}`
			`ctx.Context.Error(500)`
			`return`
			`}`
			`ok, err := twofa.ValidateTOTP(otpHeader)`
			`if err != nil {`
			`ctx.Context.Error(500)`
			`return`
			`}`
			`if !ok {`
			`ctx.Context.Error(401)`
			`return`
			`}`
			`}`

Golint fixed for modules/context 2016-11-25 01:51:01 -05:00			`// APIContexter returns apicontext as macaron middleware`
Add APIContext 2016-03-13 17:37:44 -04:00			`func APIContexter() macaron.Handler {`
			`return func(c *Context) {`
			`ctx := &APIContext{`
			`Context: c,`
			`}`
			`c.Map(ctx)`
			`}`
			`}`
API endpoints for stars 2016-11-14 17:33:58 -05:00
[API] Pull Requests (#248) 2016-12-02 06:10:39 -05:00			`// ReferencesGitRepo injects the GitRepo into the Context`
Add API for manipulating Git hooks (#6436) * Add API for manipulating Git hooks Signed-off-by: Segev Finer <segev@codeocean.com> * Replace code.gitea.io/sdk with PR branch temporarily for CI * Switch back to code.gitea.io/sdk@master * Return 403 instead of 404 on no permission to edit hooks in API * Add tests for Git hooks API * Update models/repo_list_test.go Co-Authored-By: segevfiner <segev208@gmail.com> * Update models/repo_list_test.go Co-Authored-By: segevfiner <segev208@gmail.com> * empty line 2019-04-17 01:31:08 -04:00			`func ReferencesGitRepo(allowEmpty bool) macaron.Handler {`
[API] Pull Requests (#248) 2016-12-02 06:10:39 -05:00			`return func(ctx *APIContext) {`
			`// Empty repository does not have reference information.`
Add API for manipulating Git hooks (#6436) * Add API for manipulating Git hooks Signed-off-by: Segev Finer <segev@codeocean.com> * Replace code.gitea.io/sdk with PR branch temporarily for CI * Switch back to code.gitea.io/sdk@master * Return 403 instead of 404 on no permission to edit hooks in API * Add tests for Git hooks API * Update models/repo_list_test.go Co-Authored-By: segevfiner <segev208@gmail.com> * Update models/repo_list_test.go Co-Authored-By: segevfiner <segev208@gmail.com> * empty line 2019-04-17 01:31:08 -04:00			`if !allowEmpty && ctx.Repo.Repository.IsEmpty {`
[API] Pull Requests (#248) 2016-12-02 06:10:39 -05:00			`return`
			`}`

			`// For API calls.`
			`if ctx.Repo.GitRepo == nil {`
			`repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)`
			`gitRepo, err := git.OpenRepository(repoPath)`
			`if err != nil {`
			`ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)`
			`return`
			`}`
			`ctx.Repo.GitRepo = gitRepo`
			`}`
			`}`
			`}`
Updates to API 404 responses (#6077) 2019-03-18 22:29:43 -04:00
			`// NotFound handles 404s for APIContext`
			`// String will replace message, errors will be added to a slice`
			`func (ctx *APIContext) NotFound(objs ...interface{}) {`
			`var message = "Not Found"`
			`var errors []string`
			`for _, obj := range objs {`
			`if err, ok := obj.(error); ok {`
			`errors = append(errors, err.Error())`
			`} else {`
			`message = obj.(string)`
			`}`
			`}`

			`ctx.JSON(404, map[string]interface{}{`
			`"message": message,`
API error cleanup (#7186) 2019-06-12 17:07:24 -04:00			`"documentation_url": setting.API.SwaggerURL,`
Updates to API 404 responses (#6077) 2019-03-18 22:29:43 -04:00			`"errors": errors,`
			`})`
			`}`