mirror of
https://github.com/go-gitea/gitea
synced 2025-01-09 17:24:43 +00:00
2a828e2798
In history (from some legacy frameworks), both `:name` and `name` are supported as path path name, `:name` is an alias to `name`. To make code consistent, now we should only use `name` but not `:name`. Also added panic check in related functions to make sure the name won't be abused in case some downstreams still use them.
336 lines
9.7 KiB
Go
336 lines
9.7 KiB
Go
// Copyright 2018 The Gitea Authors. All rights reserved.
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package templates
|
|
|
|
import (
|
|
"fmt"
|
|
"html"
|
|
"html/template"
|
|
"net/url"
|
|
"strings"
|
|
"time"
|
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/base"
|
|
"code.gitea.io/gitea/modules/htmlutil"
|
|
"code.gitea.io/gitea/modules/markup"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/svg"
|
|
"code.gitea.io/gitea/modules/templates/eval"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/services/gitdiff"
|
|
"code.gitea.io/gitea/services/webtheme"
|
|
)
|
|
|
|
// NewFuncMap returns functions for injecting to templates
|
|
func NewFuncMap() template.FuncMap {
|
|
return map[string]any{
|
|
"ctx": func() any { return nil }, // template context function
|
|
|
|
"DumpVar": dumpVar,
|
|
"NIL": func() any { return nil },
|
|
|
|
// -----------------------------------------------------------------
|
|
// html/template related functions
|
|
"dict": dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
|
|
"Iif": iif,
|
|
"Eval": evalTokens,
|
|
"SafeHTML": safeHTML,
|
|
"HTMLFormat": htmlutil.HTMLFormat,
|
|
"HTMLEscape": htmlEscape,
|
|
"QueryEscape": queryEscape,
|
|
"QueryBuild": QueryBuild,
|
|
"JSEscape": jsEscapeSafe,
|
|
"SanitizeHTML": SanitizeHTML,
|
|
"URLJoin": util.URLJoin,
|
|
"DotEscape": dotEscape,
|
|
|
|
"PathEscape": url.PathEscape,
|
|
"PathEscapeSegments": util.PathEscapeSegments,
|
|
|
|
// utils
|
|
"StringUtils": NewStringUtils,
|
|
"SliceUtils": NewSliceUtils,
|
|
"JsonUtils": NewJsonUtils,
|
|
"DateUtils": NewDateUtils,
|
|
|
|
// -----------------------------------------------------------------
|
|
// svg / avatar / icon / color
|
|
"svg": svg.RenderHTML,
|
|
"EntryIcon": base.EntryIcon,
|
|
"MigrationIcon": migrationIcon,
|
|
"ActionIcon": actionIcon,
|
|
"SortArrow": sortArrow,
|
|
"ContrastColor": util.ContrastColor,
|
|
|
|
// -----------------------------------------------------------------
|
|
// time / number / format
|
|
"FileSize": base.FileSize,
|
|
"CountFmt": countFmt,
|
|
"Sec2Time": util.SecToTime,
|
|
|
|
"TimeEstimateString": timeEstimateString,
|
|
|
|
"LoadTimes": func(startTime time.Time) string {
|
|
return fmt.Sprint(time.Since(startTime).Nanoseconds()/1e6) + "ms"
|
|
},
|
|
|
|
// -----------------------------------------------------------------
|
|
// setting
|
|
"AppName": func() string {
|
|
return setting.AppName
|
|
},
|
|
"AppSubUrl": func() string {
|
|
return setting.AppSubURL
|
|
},
|
|
"AssetUrlPrefix": func() string {
|
|
return setting.StaticURLPrefix + "/assets"
|
|
},
|
|
"AppUrl": func() string {
|
|
// The usage of AppUrl should be avoided as much as possible,
|
|
// because the AppURL(ROOT_URL) may not match user's visiting site and the ROOT_URL in app.ini may be incorrect.
|
|
// And it's difficult for Gitea to guess absolute URL correctly with zero configuration,
|
|
// because Gitea doesn't know whether the scheme is HTTP or HTTPS unless the reverse proxy could tell Gitea.
|
|
return setting.AppURL
|
|
},
|
|
"AppVer": func() string {
|
|
return setting.AppVer
|
|
},
|
|
"AppDomain": func() string { // documented in mail-templates.md
|
|
return setting.Domain
|
|
},
|
|
"AssetVersion": func() string {
|
|
return setting.AssetVersion
|
|
},
|
|
"DefaultShowFullName": func() bool {
|
|
return setting.UI.DefaultShowFullName
|
|
},
|
|
"ShowFooterTemplateLoadTime": func() bool {
|
|
return setting.Other.ShowFooterTemplateLoadTime
|
|
},
|
|
"ShowFooterPoweredBy": func() bool {
|
|
return setting.Other.ShowFooterPoweredBy
|
|
},
|
|
"AllowedReactions": func() []string {
|
|
return setting.UI.Reactions
|
|
},
|
|
"CustomEmojis": func() map[string]string {
|
|
return setting.UI.CustomEmojisMap
|
|
},
|
|
"MetaAuthor": func() string {
|
|
return setting.UI.Meta.Author
|
|
},
|
|
"MetaDescription": func() string {
|
|
return setting.UI.Meta.Description
|
|
},
|
|
"MetaKeywords": func() string {
|
|
return setting.UI.Meta.Keywords
|
|
},
|
|
"EnableTimetracking": func() bool {
|
|
return setting.Service.EnableTimetracking
|
|
},
|
|
"DisableGitHooks": func() bool {
|
|
return setting.DisableGitHooks
|
|
},
|
|
"DisableWebhooks": func() bool {
|
|
return setting.DisableWebhooks
|
|
},
|
|
"DisableImportLocal": func() bool {
|
|
return !setting.ImportLocalPaths
|
|
},
|
|
"UserThemeName": userThemeName,
|
|
"NotificationSettings": func() map[string]any {
|
|
return map[string]any{
|
|
"MinTimeout": int(setting.UI.Notification.MinTimeout / time.Millisecond),
|
|
"TimeoutStep": int(setting.UI.Notification.TimeoutStep / time.Millisecond),
|
|
"MaxTimeout": int(setting.UI.Notification.MaxTimeout / time.Millisecond),
|
|
"EventSourceUpdateTime": int(setting.UI.Notification.EventSourceUpdateTime / time.Millisecond),
|
|
}
|
|
},
|
|
"MermaidMaxSourceCharacters": func() int {
|
|
return setting.MermaidMaxSourceCharacters
|
|
},
|
|
|
|
// -----------------------------------------------------------------
|
|
// render
|
|
"RenderCodeBlock": renderCodeBlock,
|
|
"ReactionToEmoji": reactionToEmoji,
|
|
|
|
// -----------------------------------------------------------------
|
|
// misc
|
|
"ShortSha": base.ShortSha,
|
|
"ActionContent2Commits": ActionContent2Commits,
|
|
"IsMultilineCommitMessage": isMultilineCommitMessage,
|
|
"CommentMustAsDiff": gitdiff.CommentMustAsDiff,
|
|
"MirrorRemoteAddress": mirrorRemoteAddress,
|
|
|
|
"FilenameIsImage": filenameIsImage,
|
|
"TabSizeClass": tabSizeClass,
|
|
|
|
// for backward compatibility only, do not use them anymore
|
|
"TimeSince": timeSinceLegacy,
|
|
"TimeSinceUnix": timeSinceLegacy,
|
|
"DateTime": dateTimeLegacy,
|
|
|
|
"RenderEmoji": renderEmojiLegacy,
|
|
"RenderLabel": renderLabelLegacy,
|
|
"RenderLabels": renderLabelsLegacy,
|
|
"RenderIssueTitle": renderIssueTitleLegacy,
|
|
|
|
"RenderMarkdownToHtml": renderMarkdownToHtmlLegacy,
|
|
|
|
"RenderCommitMessage": renderCommitMessageLegacy,
|
|
"RenderCommitMessageLinkSubject": renderCommitMessageLinkSubjectLegacy,
|
|
"RenderCommitBody": renderCommitBodyLegacy,
|
|
}
|
|
}
|
|
|
|
// safeHTML render raw as HTML
|
|
func safeHTML(s any) template.HTML {
|
|
switch v := s.(type) {
|
|
case string:
|
|
return template.HTML(v)
|
|
case template.HTML:
|
|
return v
|
|
}
|
|
panic(fmt.Sprintf("unexpected type %T", s))
|
|
}
|
|
|
|
// SanitizeHTML sanitizes the input by pre-defined markdown rules
|
|
func SanitizeHTML(s string) template.HTML {
|
|
return template.HTML(markup.Sanitize(s))
|
|
}
|
|
|
|
func htmlEscape(s any) template.HTML {
|
|
switch v := s.(type) {
|
|
case string:
|
|
return template.HTML(html.EscapeString(v))
|
|
case template.HTML:
|
|
return v
|
|
}
|
|
panic(fmt.Sprintf("unexpected type %T", s))
|
|
}
|
|
|
|
func jsEscapeSafe(s string) template.HTML {
|
|
return template.HTML(template.JSEscapeString(s))
|
|
}
|
|
|
|
func queryEscape(s string) template.URL {
|
|
return template.URL(url.QueryEscape(s))
|
|
}
|
|
|
|
// dotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent auto-linkers from detecting these as urls
|
|
func dotEscape(raw string) string {
|
|
return strings.ReplaceAll(raw, ".", "\u200d.\u200d")
|
|
}
|
|
|
|
// iif is an "inline-if", similar util.Iif[T] but templates need the non-generic version,
|
|
// and it could be simply used as "{{iif expr trueVal}}" (omit the falseVal).
|
|
func iif(condition any, vals ...any) any {
|
|
if isTemplateTruthy(condition) {
|
|
return vals[0]
|
|
} else if len(vals) > 1 {
|
|
return vals[1]
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func isTemplateTruthy(v any) bool {
|
|
truth, _ := template.IsTrue(v)
|
|
return truth
|
|
}
|
|
|
|
// evalTokens evaluates the expression by tokens and returns the result, see the comment of eval.Expr for details.
|
|
// To use this helper function in templates, pass each token as a separate parameter.
|
|
//
|
|
// {{ $int64 := Eval $var "+" 1 }}
|
|
// {{ $float64 := Eval $var "+" 1.0 }}
|
|
//
|
|
// Golang's template supports comparable int types, so the int64 result can be used in later statements like {{if lt $int64 10}}
|
|
func evalTokens(tokens ...any) (any, error) {
|
|
n, err := eval.Expr(tokens...)
|
|
return n.Value, err
|
|
}
|
|
|
|
func userThemeName(user *user_model.User) string {
|
|
if user == nil || user.Theme == "" {
|
|
return setting.UI.DefaultTheme
|
|
}
|
|
if webtheme.IsThemeAvailable(user.Theme) {
|
|
return user.Theme
|
|
}
|
|
return setting.UI.DefaultTheme
|
|
}
|
|
|
|
// QueryBuild builds a query string from a list of key-value pairs.
|
|
// It omits the nil and empty strings, but it doesn't omit other zero values,
|
|
// because the zero value of number types may have a meaning.
|
|
func QueryBuild(a ...any) template.URL {
|
|
var s string
|
|
if len(a)%2 == 1 {
|
|
if v, ok := a[0].(string); ok {
|
|
if v == "" || (v[0] != '?' && v[0] != '&') {
|
|
panic("QueryBuild: invalid argument")
|
|
}
|
|
s = v
|
|
} else if v, ok := a[0].(template.URL); ok {
|
|
s = string(v)
|
|
} else {
|
|
panic("QueryBuild: invalid argument")
|
|
}
|
|
}
|
|
for i := len(a) % 2; i < len(a); i += 2 {
|
|
k, ok := a[i].(string)
|
|
if !ok {
|
|
panic("QueryBuild: invalid argument")
|
|
}
|
|
var v string
|
|
if va, ok := a[i+1].(string); ok {
|
|
v = va
|
|
} else if a[i+1] != nil {
|
|
v = fmt.Sprint(a[i+1])
|
|
}
|
|
// pos1 to pos2 is the "k=v&" part, "&" is optional
|
|
pos1 := strings.Index(s, "&"+k+"=")
|
|
if pos1 != -1 {
|
|
pos1++
|
|
} else {
|
|
pos1 = strings.Index(s, "?"+k+"=")
|
|
if pos1 != -1 {
|
|
pos1++
|
|
} else if strings.HasPrefix(s, k+"=") {
|
|
pos1 = 0
|
|
}
|
|
}
|
|
pos2 := len(s)
|
|
if pos1 == -1 {
|
|
pos1 = len(s)
|
|
} else {
|
|
pos2 = pos1 + 1
|
|
for pos2 < len(s) && s[pos2-1] != '&' {
|
|
pos2++
|
|
}
|
|
}
|
|
if v != "" {
|
|
sep := ""
|
|
hasPrefixSep := pos1 == 0 || (pos1 <= len(s) && (s[pos1-1] == '?' || s[pos1-1] == '&'))
|
|
if !hasPrefixSep {
|
|
sep = "&"
|
|
}
|
|
s = s[:pos1] + sep + k + "=" + url.QueryEscape(v) + "&" + s[pos2:]
|
|
} else {
|
|
s = s[:pos1] + s[pos2:]
|
|
}
|
|
}
|
|
if s != "" && s != "&" && s[len(s)-1] == '&' {
|
|
s = s[:len(s)-1]
|
|
}
|
|
return template.URL(s)
|
|
}
|
|
|
|
func panicIfDevOrTesting() {
|
|
setting.PanicInDevOrTesting("legacy template functions are for backward compatibility only, do not use them in new code")
|
|
}
|