diff --git a/cmd/web.go b/cmd/web.go index 289e07285f..b5690c87c1 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -64,7 +64,7 @@ func checkVersion() { // Check dependency version. macaronVer := git.MustParseVersion(strings.Join(strings.Split(macaron.Version(), ".")[:3], ".")) - if macaronVer.LessThan(git.MustParseVersion("0.2.3")) { + if macaronVer.LessThan(git.MustParseVersion("0.4.0")) { log.Fatal(4, "Package macaron version is too old, did you forget to update?(github.com/Unknwon/macaron)") } i18nVer := git.MustParseVersion(i18n.Version()) @@ -354,7 +354,6 @@ func runWeb(*cli.Context) { m.Post("/labels/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel) m.Post("/labels/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel) m.Post("/labels/delete", repo.DeleteLabel) - m.Get("/milestones", repo.Milestones) m.Get("/milestones/new", repo.NewMilestone) m.Post("/milestones/new", bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost) m.Get("/milestones/:index/edit", repo.UpdateMilestone) @@ -364,31 +363,28 @@ func runWeb(*cli.Context) { m.Post("/comment/:action", repo.Comment) m.Get("/releases/new", repo.NewRelease) - m.Get("/releases/edit/:tagname", repo.EditRelease) - }, reqSignIn, middleware.RepoAssignment(true)) - - m.Group("/:username/:reponame", func() { m.Post("/releases/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost) + m.Get("/releases/edit/:tagname", repo.EditRelease) m.Post("/releases/edit/:tagname", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost) }, reqSignIn, middleware.RepoAssignment(true)) m.Group("/:username/:reponame", func() { + m.Get("/releases", repo.Releases) m.Get("/issues", repo.Issues) m.Get("/issues/:index", repo.ViewIssue) + m.Get("/issues/milestones", repo.Milestones) m.Get("/pulls", repo.Pulls) m.Get("/branches", repo.Branches) m.Get("/archive/*", repo.Download) m.Get("/issues2/", repo.Issues2) - }, ignSignIn, middleware.RepoAssignment(true)) - m.Group("/:username/:reponame", func() { m.Group("", func() { m.Get("/src/*", repo.Home) m.Get("/raw/*", repo.SingleDownload) m.Get("/commits/*", repo.RefCommits) m.Get("/commit/*", repo.Diff) }, middleware.RepoRef()) - m.Get("/releases", repo.Releases) + m.Get("/compare/:before([a-z0-9]+)...:after([a-z0-9]+)", repo.CompareDiff) }, ignSignIn, middleware.RepoAssignment(true)) diff --git a/gogs.go b/gogs.go index 70379d2f9e..a8e1ea1b63 100644 --- a/gogs.go +++ b/gogs.go @@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.5.7.1106 Beta" +const APP_VER = "0.5.7.1107 Beta" func init() { runtime.GOMAXPROCS(runtime.NumCPU()) diff --git a/modules/base/tool.go b/modules/base/tool.go index 5b56d1f6b7..4d3e1c7bfd 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -9,7 +9,9 @@ import ( "crypto/md5" "crypto/rand" "crypto/sha1" + "encoding/base64" "encoding/hex" + "errors" "fmt" "hash" "html/template" @@ -31,6 +33,26 @@ func EncodeMd5(str string) string { return hex.EncodeToString(m.Sum(nil)) } +func BasicAuthDecode(encoded string) (user string, name string, err error) { + var s []byte + s, err = base64.StdEncoding.DecodeString(encoded) + if err != nil { + return user, name, err + } + + a := strings.Split(string(s), ":") + if len(a) == 2 { + user, name = a[0], a[1] + } else { + err = errors.New("decode failed") + } + return user, name, err +} + +func BasicAuthEncode(username, password string) string { + return base64.StdEncoding.EncodeToString([]byte(username + ":" + password)) +} + // GetRandomString generate random string by specify chars. func GetRandomString(n int, alphabets ...byte) string { const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" diff --git a/modules/middleware/context.go b/modules/middleware/context.go index d2620fed12..7d767b9e76 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -173,6 +173,27 @@ func Contexter() macaron.Handler { // Get user from session if logined. ctx.User = auth.SignedInUser(ctx.Req.Header, ctx.Session) + + // Check with basic auth again. + if ctx.User == nil { + baHead := ctx.Req.Header.Get("Authorization") + auths := strings.Fields(baHead) + if len(auths) == 2 && auths[0] == "Basic" { + uname, passwd, _ := base.BasicAuthDecode(auths[1]) + u, err := models.GetUserByName(uname) + if err != nil { + if err != models.ErrUserNotExist { + ctx.Handle(500, "GetUserByName", err) + return + } + } else { + if u.ValidtePassword(passwd) { + ctx.User = u + } + } + } + } + if ctx.User != nil { ctx.IsSigned = true ctx.Data["IsSigned"] = ctx.IsSigned diff --git a/routers/repo/http.go b/routers/repo/http.go index 3641f4dae6..0ce83cef4d 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -7,8 +7,6 @@ package repo import ( "bytes" "compress/gzip" - "encoding/base64" - "errors" "fmt" "io" "io/ioutil" @@ -16,6 +14,7 @@ import ( "os" "os/exec" "path" + "path/filepath" "regexp" "strconv" @@ -29,27 +28,6 @@ import ( "github.com/gogits/gogs/modules/setting" ) -func basicEncode(username, password string) string { - auth := username + ":" + password - return base64.StdEncoding.EncodeToString([]byte(auth)) -} - -func basicDecode(encoded string) (user string, name string, err error) { - var s []byte - s, err = base64.StdEncoding.DecodeString(encoded) - if err != nil { - return user, name, err - } - - a := strings.Split(string(s), ":") - if len(a) == 2 { - user, name = a[0], a[1] - } else { - err = errors.New("decode failed") - } - return user, name, err -} - func authRequired(ctx *middleware.Context) { ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"") ctx.Data["ErrorMsg"] = "no basic auth and digit auth" @@ -112,11 +90,12 @@ func Http(ctx *middleware.Context) { auths := strings.Fields(baHead) // currently check basic auth // TODO: support digit auth + // FIXME: middlewares/context.go did basic auth check already if len(auths) != 2 || auths[0] != "Basic" { ctx.Handle(401, "no basic auth and digit auth", nil) return } - authUsername, passwd, err = basicDecode(auths[1]) + authUsername, passwd, err = base.BasicAuthDecode(auths[1]) if err != nil { ctx.Handle(401, "no basic auth and digit auth", nil) return diff --git a/templates/.VERSION b/templates/.VERSION index 7c013be746..172a31fa28 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.5.7.1106 Beta \ No newline at end of file +0.5.7.1107 Beta \ No newline at end of file