Always return valid go-get meta, even if unauthorized (#2010)
* Always return valid go-get meta, even if unauthorized * don't leak information
This commit is contained in:
Kim "BKC" Carlbäcker
Lunny Xiao
parent
49d397a9ee
commit
5db8cf3bd1
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"html/template"
|
"html/template"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -18,6 +19,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"github.com/Unknwon/com"
|
||||||
"github.com/go-macaron/cache"
|
"github.com/go-macaron/cache"
|
||||||
"github.com/go-macaron/csrf"
|
"github.com/go-macaron/csrf"
|
||||||
"github.com/go-macaron/i18n"
|
"github.com/go-macaron/i18n"
|
||||||
|
|
@ -33,6 +35,7 @@ type Context struct {
|
||||||
Flash *session.Flash
|
Flash *session.Flash
|
||||||
Session session.Store
|
Session session.Store
|
||||||
|
|
||||||
|
Link string // current request URL
|
||||||
User *models.User
|
User *models.User
|
||||||
IsSigned bool
|
IsSigned bool
|
||||||
IsBasicAuth bool
|
IsBasicAuth bool
|
||||||
|
|
@ -154,15 +157,50 @@ func Contexter() macaron.Handler {
|
||||||
csrf: x,
|
csrf: x,
|
||||||
Flash: f,
|
Flash: f,
|
||||||
Session: sess,
|
Session: sess,
|
||||||
|
Link: setting.AppSubURL + strings.TrimSuffix(c.Req.URL.Path, "/"),
|
||||||
Repo: &Repository{
|
Repo: &Repository{
|
||||||
PullRequest: &PullRequest{},
|
PullRequest: &PullRequest{},
|
||||||
},
|
},
|
||||||
Org: &Organization{},
|
Org: &Organization{},
|
||||||
}
|
}
|
||||||
// Compute current URL for real-time change language.
|
c.Data["Link"] = ctx.Link
|
||||||
ctx.Data["Link"] = setting.AppSubURL + strings.TrimSuffix(ctx.Req.URL.Path, "/")
|
|
||||||
|
|
||||||
ctx.Data["PageStartTime"] = time.Now()
|
ctx.Data["PageStartTime"] = time.Now()
|
||||||
|
// Quick responses appropriate go-get meta with status 200
|
||||||
|
// regardless of if user have access to the repository,
|
||||||
|
// or the repository does not exist at all.
|
||||||
|
// This is particular a workaround for "go get" command which does not respect
|
||||||
|
// .netrc file.
|
||||||
|
if ctx.Query("go-get") == "1" {
|
||||||
|
ownerName := c.Params(":username")
|
||||||
|
repoName := c.Params(":reponame")
|
||||||
|
branchName := "master"
|
||||||
|
|
||||||
|
owner, err := models.GetUserByName(ownerName)
|
||||||
|
if err == nil {
|
||||||
|
repo, err := models.GetRepositoryByName(owner.ID, repoName)
|
||||||
|
if err == nil && len(repo.DefaultBranch) > 0 {
|
||||||
|
branchName = repo.DefaultBranch
|
||||||
|
}
|
||||||
|
}
|
||||||
|
prefix := setting.AppURL + path.Join(ownerName, repoName, "src", branchName)
|
||||||
|
c.PlainText(http.StatusOK, []byte(com.Expand(`
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta name="go-import" content="{GoGetImport} git {CloneLink}">
|
||||||
|
<meta name="go-source" content="{GoGetImport} _ {GoDocDirectory} {GoDocFile}">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
go get {GoGetImport}
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
`, map[string]string{
|
||||||
|
"GoGetImport": path.Join(setting.Domain, setting.AppSubURL, ctx.Link),
|
||||||
|
"CloneLink": models.ComposeHTTPSCloneURL(ownerName, repoName),
|
||||||
|
"GoDocDirectory": prefix + "{/dir}",
|
||||||
|
"GoDocFile": prefix + "{/dir}/{file}#L{line}",
|
||||||
|
})))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Get user from session if logged in.
|
// Get user from session if logged in.
|
||||||
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
|
ctx.User, ctx.IsBasicAuth = auth.SignedInUser(ctx.Context, ctx.Session)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue