Merge pull request #19 from thomiceli/feature/all-private

Restrict/unrestrict gists visibility to anonymous users
2025-06-13 13:57:13 +02:00 · 2023-04-29 20:22:34 +02:00
parent c45b418bd0 333efeacbf
commit 5ba90af04c
12 changed files with 77 additions and 23 deletions
--- a/internal/web/auth.go
+++ b/internal/web/auth.go
@ -30,7 +30,7 @@ func register(ctx echo.Context) error {
 }

 func processRegister(ctx echo.Context) error {
-	if getData(ctx, "signupDisabled") == true {
+	if getData(ctx, "DisableSignup") == true {
 		return errorRes(403, "Signing up is disabled", nil)
 	}

@ -148,6 +148,10 @@ func oauthCallback(ctx echo.Context) error {
 	// if user is not in database, create it
 	userDB, err := models.GetUserByProvider(user.UserID, user.Provider)
 	if err != nil {
+		if getData(ctx, "DisableSignup") == true {
+			return errorRes(403, "Signing up is disabled", nil)
+		}
+
 		if !errors.Is(err, gorm.ErrRecordNotFound) {
 			return errorRes(500, "Cannot get user", err)
 		}
@ -166,10 +170,6 @@ func oauthCallback(ctx echo.Context) error {
 		}

 		if err = userDB.Create(); err != nil {
-			if getData(ctx, "signupDisabled") == true {
-				return errorRes(403, "Signing up is disabled", nil)
-			}
-
 			if models.IsUniqueConstraintViolation(err) {
 				addFlash(ctx, "Username "+user.NickName+" already exists in Opengist", "error")
 				return redirect(ctx, "/login")
@ -281,7 +281,7 @@ func oauth(ctx echo.Context) error {
 		}
 	}

-	ctxValue := context.WithValue(ctx.Request().Context(), providerKey, provider)
+	ctxValue := context.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, provider)
 	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 	if provider != "github" && provider != "gitea" {
 		return errorRes(400, "Unsupported provider", nil)
--- a/internal/web/git_http.go
+++ b/internal/web/git_http.go
@ -47,9 +47,10 @@ func gitHttp(ctx echo.Context) error {

 			gist := getData(ctx, "gist").(*models.Gist)

-			noAuth := ctx.QueryParam("service") == "git-upload-pack" ||
+			noAuth := (ctx.QueryParam("service") == "git-upload-pack" ||
 				strings.HasSuffix(ctx.Request().URL.Path, "git-upload-pack") ||
-				ctx.Request().Method == "GET"
+				ctx.Request().Method == "GET") &&
+				!getData(ctx, "RequireLogin").(bool)

 			repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)

--- a/internal/web/run.go
+++ b/internal/web/run.go
@ -191,12 +191,12 @@ func Start() {
 			g2.PUT("/set-setting", adminSetSetting)
 		}

-		g1.GET("/all", allGists)
-		g1.GET("/:user", allGists)
+		g1.GET("/all", allGists, checkRequireLogin)
+		g1.GET("/:user", allGists, checkRequireLogin)

 		g3 := g1.Group("/:user/:gistname")
 		{
-			g3.Use(gistInit)
+			g3.Use(checkRequireLogin, gistInit)
 			g3.GET("", gistIndex)
 			g3.GET("/rev/:revision", gistIndex)
 			g3.GET("/revisions", revisions)
@ -243,11 +243,9 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc {
 		ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 		setData(ctx, "loadStartTime", time.Now())

-		disableSignup, err := models.GetSetting(models.SettingDisableSignup)
-		if err != nil {
-			return errorRes(500, "Cannot read setting from database", err)
+		if err := loadSettings(ctx); err != nil {
+			return errorRes(500, "Cannot read settings from database", err)
 		}
-		setData(ctx, "signupDisabled", disableSignup == "1")

 		setData(ctx, "githubOauth", config.C.GithubClientKey != "" && config.C.GithubSecret != "")
 		setData(ctx, "giteaOauth", config.C.GiteaClientKey != "" && config.C.GiteaSecret != "")
@ -318,6 +316,21 @@ func logged(next echo.HandlerFunc) echo.HandlerFunc {
 	}
 }

+func checkRequireLogin(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(ctx echo.Context) error {
+		if user := getUserLogged(ctx); user != nil {
+			return next(ctx)
+		}
+
+		require := getData(ctx, "RequireLogin")
+		if require == true {
+			addFlash(ctx, "You must be logged in to access gists", "error")
+			return redirect(ctx, "/login")
+		}
+		return next(ctx)
+	}
+}
+
 func cacheControl(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		c.Response().Header().Set(echo.HeaderCacheControl, "public, max-age=31536000")
--- a/internal/web/util.go
+++ b/internal/web/util.go
@ -18,10 +18,8 @@ import (
 	"strings"
 )

-type providerKeyType string
 type dataTypeKey string

-const providerKey providerKeyType = "provider"
 const dataKey dataTypeKey = "data"

 func setData(ctx echo.Context, key string, value any) {
@ -110,6 +108,20 @@ func deleteCsrfCookie(ctx echo.Context) {
 	ctx.SetCookie(&http.Cookie{Name: "_csrf", Path: "/", MaxAge: -1})
 }

+func loadSettings(ctx echo.Context) error {
+	settings, err := models.GetSettings()
+	if err != nil {
+		return err
+	}
+
+	for key, value := range settings {
+		s := strings.ReplaceAll(key, "-", " ")
+		s = title.String(s)
+		setData(ctx, strings.ReplaceAll(s, " ", ""), value == "1")
+	}
+	return nil
+}
+
 type OpengistValidator struct {
 	v *validator.Validate
 }