mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-22 13:23:15 +01:00
d1353e1f7c
* update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 * update github.com/go-swagger/go-swagger v0.25.0 -> v0.26.0 * update github.com/google/uuid v1.1.2 -> v1.2.0 * update github.com/klauspost/compress v1.11.3 -> v1.11.7 * update github.com/lib/pq 083382b7e6fc -> v1.9.0 * update github.com/markbates/goth v1.65.0 -> v1.66.1 * update github.com/mattn/go-sqlite3 v1.14.4 -> v1.14.6 * update github.com/mgechev/revive 246eac737dc7 -> v1.0.3 * update github.com/minio/minio-go/v7 v7.0.6 -> v7.0.7 * update github.com/niklasfasching/go-org v1.3.2 -> v1.4.0 * update github.com/olivere/elastic/v7 v7.0.21 -> v7.0.22 * update github.com/pquerna/otp v1.2.0 -> v1.3.0 * update github.com/xanzy/go-gitlab v0.39.0 -> v0.42.0 * update github.com/yuin/goldmark v1.2.1 -> v1.3.1
147 lines
4.4 KiB
Go
Vendored
147 lines
4.4 KiB
Go
Vendored
// Copyright 2013 The Gorilla Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package handlers
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"sort"
|
|
"strings"
|
|
)
|
|
|
|
// MethodHandler is an http.Handler that dispatches to a handler whose key in the
|
|
// MethodHandler's map matches the name of the HTTP request's method, eg: GET
|
|
//
|
|
// If the request's method is OPTIONS and OPTIONS is not a key in the map then
|
|
// the handler responds with a status of 200 and sets the Allow header to a
|
|
// comma-separated list of available methods.
|
|
//
|
|
// If the request's method doesn't match any of its keys the handler responds
|
|
// with a status of HTTP 405 "Method Not Allowed" and sets the Allow header to a
|
|
// comma-separated list of available methods.
|
|
type MethodHandler map[string]http.Handler
|
|
|
|
func (h MethodHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|
if handler, ok := h[req.Method]; ok {
|
|
handler.ServeHTTP(w, req)
|
|
} else {
|
|
allow := []string{}
|
|
for k := range h {
|
|
allow = append(allow, k)
|
|
}
|
|
sort.Strings(allow)
|
|
w.Header().Set("Allow", strings.Join(allow, ", "))
|
|
if req.Method == "OPTIONS" {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
}
|
|
}
|
|
}
|
|
|
|
// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP
|
|
// status code and body size
|
|
type responseLogger struct {
|
|
w http.ResponseWriter
|
|
status int
|
|
size int
|
|
}
|
|
|
|
func (l *responseLogger) Write(b []byte) (int, error) {
|
|
size, err := l.w.Write(b)
|
|
l.size += size
|
|
return size, err
|
|
}
|
|
|
|
func (l *responseLogger) WriteHeader(s int) {
|
|
l.w.WriteHeader(s)
|
|
l.status = s
|
|
}
|
|
|
|
func (l *responseLogger) Status() int {
|
|
return l.status
|
|
}
|
|
|
|
func (l *responseLogger) Size() int {
|
|
return l.size
|
|
}
|
|
|
|
func (l *responseLogger) Hijack() (net.Conn, *bufio.ReadWriter, error) {
|
|
conn, rw, err := l.w.(http.Hijacker).Hijack()
|
|
if err == nil && l.status == 0 {
|
|
// The status will be StatusSwitchingProtocols if there was no error and
|
|
// WriteHeader has not been called yet
|
|
l.status = http.StatusSwitchingProtocols
|
|
}
|
|
return conn, rw, err
|
|
}
|
|
|
|
// isContentType validates the Content-Type header matches the supplied
|
|
// contentType. That is, its type and subtype match.
|
|
func isContentType(h http.Header, contentType string) bool {
|
|
ct := h.Get("Content-Type")
|
|
if i := strings.IndexRune(ct, ';'); i != -1 {
|
|
ct = ct[0:i]
|
|
}
|
|
return ct == contentType
|
|
}
|
|
|
|
// ContentTypeHandler wraps and returns a http.Handler, validating the request
|
|
// content type is compatible with the contentTypes list. It writes a HTTP 415
|
|
// error if that fails.
|
|
//
|
|
// Only PUT, POST, and PATCH requests are considered.
|
|
func ContentTypeHandler(h http.Handler, contentTypes ...string) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if !(r.Method == "PUT" || r.Method == "POST" || r.Method == "PATCH") {
|
|
h.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
for _, ct := range contentTypes {
|
|
if isContentType(r.Header, ct) {
|
|
h.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
}
|
|
http.Error(w, fmt.Sprintf("Unsupported content type %q; expected one of %q", r.Header.Get("Content-Type"), contentTypes), http.StatusUnsupportedMediaType)
|
|
})
|
|
}
|
|
|
|
const (
|
|
// HTTPMethodOverrideHeader is a commonly used
|
|
// http header to override a request method.
|
|
HTTPMethodOverrideHeader = "X-HTTP-Method-Override"
|
|
// HTTPMethodOverrideFormKey is a commonly used
|
|
// HTML form key to override a request method.
|
|
HTTPMethodOverrideFormKey = "_method"
|
|
)
|
|
|
|
// HTTPMethodOverrideHandler wraps and returns a http.Handler which checks for
|
|
// the X-HTTP-Method-Override header or the _method form key, and overrides (if
|
|
// valid) request.Method with its value.
|
|
//
|
|
// This is especially useful for HTTP clients that don't support many http verbs.
|
|
// It isn't secure to override e.g a GET to a POST, so only POST requests are
|
|
// considered. Likewise, the override method can only be a "write" method: PUT,
|
|
// PATCH or DELETE.
|
|
//
|
|
// Form method takes precedence over header method.
|
|
func HTTPMethodOverrideHandler(h http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method == "POST" {
|
|
om := r.FormValue(HTTPMethodOverrideFormKey)
|
|
if om == "" {
|
|
om = r.Header.Get(HTTPMethodOverrideHeader)
|
|
}
|
|
if om == "PUT" || om == "PATCH" || om == "DELETE" {
|
|
r.Method = om
|
|
}
|
|
}
|
|
h.ServeHTTP(w, r)
|
|
})
|
|
}
|