casdoor/routers/base.go

// Copyright 2021 The Casdoor Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package routers

import (
	"fmt"
	"net"
	"net/http"
	"net/url"
	"strings"

	"github.com/beego/beego/context"
	"github.com/casdoor/casdoor/conf"
	"github.com/casdoor/casdoor/i18n"
	"github.com/casdoor/casdoor/object"
	"github.com/casdoor/casdoor/util"
)

type Response struct {
	Status string      `json:"status"`
	Msg    string      `json:"msg"`
	Data   interface{} `json:"data"`
	Data2  interface{} `json:"data2"`
}

func responseError(ctx *context.Context, error string, data ...interface{}) {
	ctx.ResponseWriter.WriteHeader(http.StatusForbidden)

	resp := Response{Status: "error", Msg: error}
	switch len(data) {
	case 2:
		resp.Data2 = data[1]
		fallthrough
	case 1:
		resp.Data = data[0]
	}

	err := ctx.Output.JSON(resp, true, false)
	if err != nil {
		panic(err)
	}
}

func getAcceptLanguage(ctx *context.Context) string {
	language := ctx.Request.Header.Get("Accept-Language")
	return conf.GetLanguage(language)
}

func T(ctx *context.Context, error string) string {
	return i18n.Translate(getAcceptLanguage(ctx), error)
}

func denyRequest(ctx *context.Context) {
	responseError(ctx, T(ctx, "auth:Unauthorized operation"))
}

func getUsernameByClientIdSecret(ctx *context.Context) string {
	clientId, clientSecret, ok := ctx.Request.BasicAuth()
	if !ok {
		clientId = ctx.Input.Query("clientId")
		clientSecret = ctx.Input.Query("clientSecret")
	}

	if clientId == "" || clientSecret == "" {
		return ""
	}

	application, err := object.GetApplicationByClientId(clientId)
	if err != nil {
		panic(err)
	}

	if application == nil || application.ClientSecret != clientSecret {
		return ""
	}

	return fmt.Sprintf("app/%s", application.Name)
}

func getUsernameByKeys(ctx *context.Context) string {
	accessKey, accessSecret := getKeys(ctx)
	user, err := object.GetUserByAccessKey(accessKey)
	if err != nil {
		panic(err)
	}

	if user != nil && accessSecret == user.AccessSecret {
		return user.GetId()
	}
	return ""
}

func getSessionUser(ctx *context.Context) string {
	user := ctx.Input.CruSession.Get("username")
	if user == nil {
		return ""
	}

	return user.(string)
}

func setSessionUser(ctx *context.Context, user string) {
	err := ctx.Input.CruSession.Set("username", user)
	if err != nil {
		panic(err)
	}

	// https://github.com/beego/beego/issues/3445#issuecomment-455411915
	ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)
}

func setSessionExpire(ctx *context.Context, ExpireTime int64) {
	SessionData := struct{ ExpireTime int64 }{ExpireTime: ExpireTime}
	err := ctx.Input.CruSession.Set("SessionData", util.StructToJson(SessionData))
	if err != nil {
		panic(err)
	}
	ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)
}

func setSessionOidc(ctx *context.Context, scope string, aud string) {
	err := ctx.Input.CruSession.Set("scope", scope)
	if err != nil {
		panic(err)
	}
	err = ctx.Input.CruSession.Set("aud", aud)
	if err != nil {
		panic(err)
	}
	ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)
}

func parseBearerToken(ctx *context.Context) string {
	header := ctx.Request.Header.Get("Authorization")
	tokens := strings.Split(header, " ")
	if len(tokens) != 2 {
		return ""
	}

	prefix := tokens[0]
	if prefix != "Bearer" {
		return ""
	}

	return tokens[1]
}

func getHostname(s string) string {
	if s == "" {
		return ""
	}

	l, err := url.Parse(s)
	if err != nil {
		panic(err)
	}

	res := l.Hostname()
	return res
}

func removePort(s string) string {
	ipStr, _, err := net.SplitHostPort(s)
	if err != nil {
		ipStr = s
	}
	return ipStr
}

func isHostIntranet(s string) bool {
	ipStr, _, err := net.SplitHostPort(s)
	if err != nil {
		ipStr = s
	}

	ip := net.ParseIP(ipStr)
	if ip == nil {
		return false
	}

	return ip.IsPrivate()
}
Update license headers. 2022-02-13 23:39:27 +08:00			`// Copyright 2021 The Casdoor Authors. All Rights Reserved.`
Return 200 for denied request. 2021-08-14 14:02:45 +08:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package routers`

Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00			`import (`
			`"fmt"`
Add isHostIntranet to CORS filter 2023-10-08 11:33:43 +08:00			`"net"`
Return 403 in filter's responseError() 2023-10-05 00:12:02 +08:00			`"net/http"`
Add isHostIntranet to CORS filter 2023-10-08 11:33:43 +08:00			`"net/url"`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00			`"strings"`
Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00
Update beego to v1.12.11 2022-09-29 19:44:08 +08:00			`"github.com/beego/beego/context"`
Fix router error message's i18n 2023-02-18 16:11:23 +08:00			`"github.com/casdoor/casdoor/conf"`
			`"github.com/casdoor/casdoor/i18n"`
Update import path. 2022-01-20 14:11:46 +08:00			`"github.com/casdoor/casdoor/object"`
			`"github.com/casdoor/casdoor/util"`
Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00			`)`
Return 200 for denied request. 2021-08-14 14:02:45 +08:00
			`type Response struct {`
			Status string `json:"status"`
			Msg string `json:"msg"`
			Data interface{} `json:"data"`
			Data2 interface{} `json:"data2"`
			`}`

			`func responseError(ctx *context.Context, error string, data ...interface{}) {`
Return 403 in filter's responseError() 2023-10-05 00:12:02 +08:00			`ctx.ResponseWriter.WriteHeader(http.StatusForbidden)`

Return 200 for denied request. 2021-08-14 14:02:45 +08:00			`resp := Response{Status: "error", Msg: error}`
			`switch len(data) {`
			`case 2:`
			`resp.Data2 = data[1]`
			`fallthrough`
			`case 1:`
			`resp.Data = data[0]`
			`}`

			`err := ctx.Output.JSON(resp, true, false)`
			`if err != nil {`
			`panic(err)`
			`}`
			`}`

Fix router error message's i18n 2023-02-18 16:11:23 +08:00			`func getAcceptLanguage(ctx *context.Context) string {`
			`language := ctx.Request.Header.Get("Accept-Language")`
			`return conf.GetLanguage(language)`
			`}`

			`func T(ctx *context.Context, error string) string {`
			`return i18n.Translate(getAcceptLanguage(ctx), error)`
			`}`

Return 200 for denied request. 2021-08-14 14:02:45 +08:00			`func denyRequest(ctx *context.Context) {`
Fix router error message's i18n 2023-02-18 16:11:23 +08:00			`responseError(ctx, T(ctx, "auth:Unauthorized operation"))`
Return 200 for denied request. 2021-08-14 14:02:45 +08:00			`}`
Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00
			`func getUsernameByClientIdSecret(ctx *context.Context) string {`
Support silent login from HTTP basic authentication. 2021-09-21 22:57:37 +08:00			`clientId, clientSecret, ok := ctx.Request.BasicAuth()`
			`if !ok {`
			`clientId = ctx.Input.Query("clientId")`
			`clientSecret = ctx.Input.Query("clientSecret")`
			`}`

Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00			`if clientId == "" \|\| clientSecret == "" {`
			`return ""`
			`}`

feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`application, err := object.GetApplicationByClientId(clientId)`
			`if err != nil {`
			`panic(err)`
			`}`

Support server-side upload-resource call. 2021-09-05 01:03:29 +08:00			`if application == nil \|\| application.ClientSecret != clientSecret {`
			`return ""`
			`}`

			`return fmt.Sprintf("app/%s", application.Name)`
			`}`
Improve router base.go 2021-09-05 14:44:27 +08:00
feat: add access key and secret key for user (#1971) 2023-06-13 22:18:17 +08:00			`func getUsernameByKeys(ctx *context.Context) string {`
Rename to accessSecret 2023-06-16 20:42:15 +08:00			`accessKey, accessSecret := getKeys(ctx)`
feat: add access key and secret key for user (#1971) 2023-06-13 22:18:17 +08:00			`user, err := object.GetUserByAccessKey(accessKey)`
			`if err != nil {`
			`panic(err)`
			`}`
Rename to accessSecret 2023-06-16 20:42:15 +08:00
			`if user != nil && accessSecret == user.AccessSecret {`
feat: add access key and secret key for user (#1971) 2023-06-13 22:18:17 +08:00			`return user.GetId()`
			`}`
			`return ""`
			`}`

Improve router base.go 2021-09-05 14:44:27 +08:00			`func getSessionUser(ctx *context.Context) string {`
			`user := ctx.Input.CruSession.Get("username")`
			`if user == nil {`
			`return ""`
			`}`

			`return user.(string)`
			`}`

			`func setSessionUser(ctx *context.Context, user string) {`
			`err := ctx.Input.CruSession.Set("username", user)`
			`if err != nil {`
			`panic(err)`
			`}`

			`// https://github.com/beego/beego/issues/3445#issuecomment-455411915`
			`ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)`
			`}`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00
			`func setSessionExpire(ctx *context.Context, ExpireTime int64) {`
			`SessionData := struct{ ExpireTime int64 }{ExpireTime: ExpireTime}`
			`err := ctx.Input.CruSession.Set("SessionData", util.StructToJson(SessionData))`
			`if err != nil {`
			`panic(err)`
			`}`
			`ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)`
			`}`

feat: add userinfo endpoint (#447) * feat: add userinfo endpoint Signed-off-by: 0x2a <stevesough@gmail.com> * feat: add scope support Signed-off-by: 0x2a <stevesough@gmail.com> * fix: modify the endpoint of discovery Signed-off-by: 0x2a <stevesough@gmail.com> 2022-01-26 11:56:01 +08:00			`func setSessionOidc(ctx *context.Context, scope string, aud string) {`
			`err := ctx.Input.CruSession.Set("scope", scope)`
			`if err != nil {`
			`panic(err)`
			`}`
			`err = ctx.Input.CruSession.Set("aud", aud)`
			`if err != nil {`
			`panic(err)`
			`}`
			`ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)`
			`}`

Improve parseBearerToken(). 2021-12-13 00:37:13 +08:00			`func parseBearerToken(ctx *context.Context) string {`
			`header := ctx.Request.Header.Get("Authorization")`
			`tokens := strings.Split(header, " ")`
			`if len(tokens) != 2 {`
			`return ""`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00			`}`
Improve parseBearerToken(). 2021-12-13 00:37:13 +08:00
			`prefix := tokens[0]`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00			`if prefix != "Bearer" {`
Improve parseBearerToken(). 2021-12-13 00:37:13 +08:00			`return ""`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00			`}`
Improve parseBearerToken(). 2021-12-13 00:37:13 +08:00
			`return tokens[1]`
fix: support using bearer token to access protected resources (#364) * fix: require signed in by bearer token. Signed-off-by: 0x2a <stevesough@gmail.com> * fix: utilize existing code refactoring functions Signed-off-by: 0x2a <stevesough@gmail.com> * fix: improve the bearer parese function Signed-off-by: 0x2a <stevesough@gmail.com> 2021-12-13 00:25:44 +08:00			`}`
Add isHostIntranet to CORS filter 2023-10-08 11:33:43 +08:00
			`func getHostname(s string) string {`
			`if s == "" {`
			`return ""`
			`}`

			`l, err := url.Parse(s)`
			`if err != nil {`
			`panic(err)`
			`}`

			`res := l.Hostname()`
			`return res`
			`}`

feat: fix 403 error in CorsFilter 2023-10-10 18:39:25 +08:00			`func removePort(s string) string {`
			`ipStr, _, err := net.SplitHostPort(s)`
			`if err != nil {`
			`ipStr = s`
			`}`
			`return ipStr`
			`}`

Add isHostIntranet to CORS filter 2023-10-08 11:33:43 +08:00			`func isHostIntranet(s string) bool {`
			`ipStr, _, err := net.SplitHostPort(s)`
			`if err != nil {`
			`ipStr = s`
			`}`

			`ip := net.ParseIP(ipStr)`
			`if ip == nil {`
			`return false`
			`}`

			`return ip.IsPrivate()`
			`}`