code.gitea.io/gitea@v1.21.7/services/auth/auth.go (about) 1 // Copyright 2014 The Gogs Authors. All rights reserved. 2 // Copyright 2019 The Gitea Authors. All rights reserved. 3 // SPDX-License-Identifier: MIT 4 5 package auth 6 7 import ( 8 "fmt" 9 "net/http" 10 "regexp" 11 "strings" 12 13 user_model "code.gitea.io/gitea/models/user" 14 "code.gitea.io/gitea/modules/auth/webauthn" 15 gitea_context "code.gitea.io/gitea/modules/context" 16 "code.gitea.io/gitea/modules/log" 17 "code.gitea.io/gitea/modules/session" 18 "code.gitea.io/gitea/modules/setting" 19 "code.gitea.io/gitea/modules/web/middleware" 20 ) 21 22 // Init should be called exactly once when the application starts to allow plugins 23 // to allocate necessary resources 24 func Init() { 25 webauthn.Init() 26 } 27 28 // isAttachmentDownload check if request is a file download (GET) with URL to an attachment 29 func isAttachmentDownload(req *http.Request) bool { 30 return strings.HasPrefix(req.URL.Path, "/attachments/") && req.Method == "GET" 31 } 32 33 // isContainerPath checks if the request targets the container endpoint 34 func isContainerPath(req *http.Request) bool { 35 return strings.HasPrefix(req.URL.Path, "/v2/") 36 } 37 38 var ( 39 gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`) 40 lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) 41 archivePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/archive/`) 42 ) 43 44 func isGitRawOrAttachPath(req *http.Request) bool { 45 return gitRawOrAttachPathRe.MatchString(req.URL.Path) 46 } 47 48 func isGitRawOrAttachOrLFSPath(req *http.Request) bool { 49 if isGitRawOrAttachPath(req) { 50 return true 51 } 52 if setting.LFS.StartServer { 53 return lfsPathRe.MatchString(req.URL.Path) 54 } 55 return false 56 } 57 58 func isArchivePath(req *http.Request) bool { 59 return archivePathRe.MatchString(req.URL.Path) 60 } 61 62 // handleSignIn clears existing session variables and stores new ones for the specified user object 63 func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) { 64 // We need to regenerate the session... 65 newSess, err := session.RegenerateSession(resp, req) 66 if err != nil { 67 log.Error(fmt.Sprintf("Error regenerating session: %v", err)) 68 } else { 69 sess = newSess 70 } 71 72 _ = sess.Delete("openid_verified_uri") 73 _ = sess.Delete("openid_signin_remember") 74 _ = sess.Delete("openid_determined_email") 75 _ = sess.Delete("openid_determined_username") 76 _ = sess.Delete("twofaUid") 77 _ = sess.Delete("twofaRemember") 78 _ = sess.Delete("webauthnAssertion") 79 _ = sess.Delete("linkAccount") 80 err = sess.Set("uid", user.ID) 81 if err != nil { 82 log.Error(fmt.Sprintf("Error setting session: %v", err)) 83 } 84 err = sess.Set("uname", user.Name) 85 if err != nil { 86 log.Error(fmt.Sprintf("Error setting session: %v", err)) 87 } 88 89 // Language setting of the user overwrites the one previously set 90 // If the user does not have a locale set, we save the current one. 91 if len(user.Language) == 0 { 92 lc := middleware.Locale(resp, req) 93 user.Language = lc.Language() 94 if err := user_model.UpdateUserCols(req.Context(), user, "language"); err != nil { 95 log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", user.ID, user.Language)) 96 return 97 } 98 } 99 100 middleware.SetLocaleCookie(resp, user.Language, 0) 101 102 // Clear whatever CSRF has right now, force to generate a new one 103 if ctx := gitea_context.GetWebContext(req); ctx != nil { 104 ctx.Csrf.DeleteCookie(ctx) 105 } 106 }