1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-10 20:24:24 +00:00
gitea/routers/api/v1/user/user.go
Monty Taylor 9bde52ffc1 Fix 500 when getting user as unauthenticated user (#8653) (#8663)
Backport #8653

When doing GET /api/v1/users/{user} as an unauthenticated user,
gitea throws a 500 because it's trying to dereference elements
from the context user. It wants to do this to see whether to
show the primary email and will do that if the logged in user
is admin or the user in question. However, if ctx.User is nil there is a panic
2019-10-25 13:09:15 +01:00

160 lines
3.9 KiB
Go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package user
import (
"net/http"
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/routers/api/v1/convert"
"github.com/unknwon/com"
)
// Search search users
func Search(ctx *context.APIContext) {
// swagger:operation GET /users/search user userSearch
// ---
// summary: Search for users
// produces:
// - application/json
// parameters:
// - name: q
// in: query
// description: keyword
// type: string
// - name: uid
// in: query
// description: ID of the user to search for
// type: integer
// format: int64
// - name: limit
// in: query
// description: maximum number of users to return
// type: integer
// responses:
// "200":
// description: "SearchResults of a successful search"
// schema:
// type: object
// properties:
// ok:
// type: boolean
// data:
// type: array
// items:
// "$ref": "#/definitions/User"
opts := &models.SearchUserOptions{
Keyword: strings.Trim(ctx.Query("q"), " "),
UID: com.StrTo(ctx.Query("uid")).MustInt64(),
Type: models.UserTypeIndividual,
PageSize: com.StrTo(ctx.Query("limit")).MustInt(),
}
users, _, err := models.SearchUsers(opts)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
return
}
results := make([]*api.User, len(users))
for i := range users {
results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin)
}
ctx.JSON(200, map[string]interface{}{
"ok": true,
"data": results,
})
}
// GetInfo get user's information
func GetInfo(ctx *context.APIContext) {
// swagger:operation GET /users/{username} user userGet
// ---
// summary: Get a user
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user to get
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/User"
// "404":
// "$ref": "#/responses/notFound"
u, err := models.GetUserByName(ctx.Params(":username"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.NotFound()
} else {
ctx.Error(500, "GetUserByName", err)
}
return
}
ctx.JSON(200, convert.ToUser(u, ctx.IsSigned, ctx.User != nil && (ctx.User.ID == u.ID || ctx.User.IsAdmin)))
}
// GetAuthenticatedUser get current user's information
func GetAuthenticatedUser(ctx *context.APIContext) {
// swagger:operation GET /user user userGetCurrent
// ---
// summary: Get the authenticated user
// produces:
// - application/json
// responses:
// "200":
// "$ref": "#/responses/User"
ctx.JSON(200, convert.ToUser(ctx.User, ctx.IsSigned, ctx.User != nil))
}
// GetUserHeatmapData is the handler to get a users heatmap
func GetUserHeatmapData(ctx *context.APIContext) {
// swagger:operation GET /users/{username}/heatmap user userGetHeatmapData
// ---
// summary: Get a user's heatmap
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user to get
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/UserHeatmapData"
// "404":
// "$ref": "#/responses/notFound"
// Get the user to throw an error if it does not exist
user, err := models.GetUserByName(ctx.Params(":username"))
if err != nil {
if models.IsErrUserNotExist(err) {
ctx.Status(http.StatusNotFound)
} else {
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
}
return
}
heatmap, err := models.GetUserHeatmapDataByUser(user)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserHeatmapDataByUser", err)
return
}
ctx.JSON(200, heatmap)
}