5991a21818
* First batch of changes for the refactor
Added the support of gin in routes and other services/utils
Begining implementation of JetHTML
* Remove os folder
* Move scrapers to own repo
* Second batch of changes
All .jet.html are the working templates.
You can now test this PR, the index Page and upload works. If you want to complete the other html templates, you're welcome
* Move captcha to util
* Move uploadService to utils
* Use govalidator instead of regex
* Third batch of changes
All the front end should as previously.
I also fixed some minor things unrelated to the refactor (mostly style issues on static pages)
Now errors can be accessed by importing the "errors" helpers and using the `yield errors(name="xxx")` command in templates.
Same for infos.
Templates are now more hierarchized with a base template "base.jet.html" which is extended depending on the context in "index_site" or "index_admin" layouts. Those layouts are extended than in every pages.
Other helpers are captcha to render a captcha `yield captcha(captchaid="xxx")`
And also csrf, with the command `yield csrf_field()`
To translate, you don't have anymore to do `call $.T "xxx"`, you just have to do `T("xxx")`.
Pages for the website part are in folders in the folder "templates/site". Pages for the admin part are in "templates/admin". Layouts are separated in "templates/layouts". Helpers and menu are in "templates/layouts/helpers" and "templates/layouts/menu". Error pages should be put in "templates/errors"
* Added test on templates
When adding a new template, you have to tell to template_test.go, the context of the new template (if it doesn't use the common context)
* Panel admin works
Now the templating part should work. The PR can now be fully tested.
I think we should push the templating PR and do the routes/controllers/removal of services in another branch. So we know that this one is functional
* Updated dependencies
* Fixed test for modelhelper
* Fix testing for commentlist
* Fix travis :')
* Just renamed router and removed network
* Applying same SEO fix
* Update form_validator.go
* Added back regexp package
93 lignes
2,8 Kio
Go
93 lignes
2,8 Kio
Go
// Copyright 2014 Manu Martinez-Almeida. All rights reserved.
|
|
// Use of this source code is governed by a MIT style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package gin
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
"strconv"
|
|
)
|
|
|
|
const AuthUserKey = "user"
|
|
|
|
type (
|
|
Accounts map[string]string
|
|
authPair struct {
|
|
Value string
|
|
User string
|
|
}
|
|
authPairs []authPair
|
|
)
|
|
|
|
func (a authPairs) searchCredential(authValue string) (string, bool) {
|
|
if len(authValue) == 0 {
|
|
return "", false
|
|
}
|
|
for _, pair := range a {
|
|
if pair.Value == authValue {
|
|
return pair.User, true
|
|
}
|
|
}
|
|
return "", false
|
|
}
|
|
|
|
// BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
|
|
// the key is the user name and the value is the password, as well as the name of the Realm.
|
|
// If the realm is empty, "Authorization Required" will be used by default.
|
|
// (see http://tools.ietf.org/html/rfc2617#section-1.2)
|
|
func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc {
|
|
if realm == "" {
|
|
realm = "Authorization Required"
|
|
}
|
|
realm = "Basic realm=" + strconv.Quote(realm)
|
|
pairs := processAccounts(accounts)
|
|
return func(c *Context) {
|
|
// Search user in the slice of allowed credentials
|
|
user, found := pairs.searchCredential(c.Request.Header.Get("Authorization"))
|
|
if !found {
|
|
// Credentials doesn't match, we return 401 and abort handlers chain.
|
|
c.Header("WWW-Authenticate", realm)
|
|
c.AbortWithStatus(401)
|
|
} else {
|
|
// The user credentials was found, set user's id to key AuthUserKey in this context, the userId can be read later using
|
|
// c.MustGet(gin.AuthUserKey)
|
|
c.Set(AuthUserKey, user)
|
|
}
|
|
}
|
|
}
|
|
|
|
// BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where
|
|
// the key is the user name and the value is the password.
|
|
func BasicAuth(accounts Accounts) HandlerFunc {
|
|
return BasicAuthForRealm(accounts, "")
|
|
}
|
|
|
|
func processAccounts(accounts Accounts) authPairs {
|
|
assert1(len(accounts) > 0, "Empty list of authorized credentials")
|
|
pairs := make(authPairs, 0, len(accounts))
|
|
for user, password := range accounts {
|
|
assert1(len(user) > 0, "User can not be empty")
|
|
value := authorizationHeader(user, password)
|
|
pairs = append(pairs, authPair{
|
|
Value: value,
|
|
User: user,
|
|
})
|
|
}
|
|
return pairs
|
|
}
|
|
|
|
func authorizationHeader(user, password string) string {
|
|
base := user + ":" + password
|
|
return "Basic " + base64.StdEncoding.EncodeToString([]byte(base))
|
|
}
|
|
|
|
func secureCompare(given, actual string) bool {
|
|
if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
|
|
return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
|
|
}
|
|
/* Securely compare actual to itself to keep constant time, but always return false */
|
|
return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
|
|
}
|