code.gitea.io/gitea@v1.22.3/services/auth/auth.go (about) 1 // Copyright 2014 The Gogs Authors. All rights reserved. 2 // Copyright 2019 The Gitea Authors. All rights reserved. 3 // SPDX-License-Identifier: MIT 4 5 package auth 6 7 import ( 8 "fmt" 9 "net/http" 10 "regexp" 11 "strings" 12 13 user_model "code.gitea.io/gitea/models/user" 14 "code.gitea.io/gitea/modules/auth/webauthn" 15 "code.gitea.io/gitea/modules/log" 16 "code.gitea.io/gitea/modules/optional" 17 "code.gitea.io/gitea/modules/session" 18 "code.gitea.io/gitea/modules/setting" 19 "code.gitea.io/gitea/modules/web/middleware" 20 gitea_context "code.gitea.io/gitea/services/context" 21 user_service "code.gitea.io/gitea/services/user" 22 ) 23 24 // Init should be called exactly once when the application starts to allow plugins 25 // to allocate necessary resources 26 func Init() { 27 webauthn.Init() 28 } 29 30 // isAttachmentDownload check if request is a file download (GET) with URL to an attachment 31 func isAttachmentDownload(req *http.Request) bool { 32 return strings.HasPrefix(req.URL.Path, "/attachments/") && req.Method == "GET" 33 } 34 35 // isContainerPath checks if the request targets the container endpoint 36 func isContainerPath(req *http.Request) bool { 37 return strings.HasPrefix(req.URL.Path, "/v2/") 38 } 39 40 var ( 41 gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`) 42 lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) 43 archivePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/archive/`) 44 ) 45 46 func isGitRawOrAttachPath(req *http.Request) bool { 47 return gitRawOrAttachPathRe.MatchString(req.URL.Path) 48 } 49 50 func isGitRawOrAttachOrLFSPath(req *http.Request) bool { 51 if isGitRawOrAttachPath(req) { 52 return true 53 } 54 if setting.LFS.StartServer { 55 return lfsPathRe.MatchString(req.URL.Path) 56 } 57 return false 58 } 59 60 func isArchivePath(req *http.Request) bool { 61 return archivePathRe.MatchString(req.URL.Path) 62 } 63 64 // handleSignIn clears existing session variables and stores new ones for the specified user object 65 func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) { 66 // We need to regenerate the session... 67 newSess, err := session.RegenerateSession(resp, req) 68 if err != nil { 69 log.Error(fmt.Sprintf("Error regenerating session: %v", err)) 70 } else { 71 sess = newSess 72 } 73 74 _ = sess.Delete("openid_verified_uri") 75 _ = sess.Delete("openid_signin_remember") 76 _ = sess.Delete("openid_determined_email") 77 _ = sess.Delete("openid_determined_username") 78 _ = sess.Delete("twofaUid") 79 _ = sess.Delete("twofaRemember") 80 _ = sess.Delete("webauthnAssertion") 81 _ = sess.Delete("linkAccount") 82 err = sess.Set("uid", user.ID) 83 if err != nil { 84 log.Error(fmt.Sprintf("Error setting session: %v", err)) 85 } 86 err = sess.Set("uname", user.Name) 87 if err != nil { 88 log.Error(fmt.Sprintf("Error setting session: %v", err)) 89 } 90 91 // Language setting of the user overwrites the one previously set 92 // If the user does not have a locale set, we save the current one. 93 if len(user.Language) == 0 { 94 lc := middleware.Locale(resp, req) 95 opts := &user_service.UpdateOptions{ 96 Language: optional.Some(lc.Language()), 97 } 98 if err := user_service.UpdateUser(req.Context(), user, opts); err != nil { 99 log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", user.ID, user.Language)) 100 return 101 } 102 } 103 104 middleware.SetLocaleCookie(resp, user.Language, 0) 105 106 // Clear whatever CSRF has right now, force to generate a new one 107 if ctx := gitea_context.GetWebContext(req); ctx != nil { 108 ctx.Csrf.DeleteCookie(ctx) 109 } 110 }