updated vendor files and paths

router/middleware/context/context.go

@@ -0,0 +1,42 @@
+package context
+
+import (
+	"database/sql"
+
+	"github.com/drone/drone/engine"
+	"github.com/drone/drone/remote"
+	"github.com/gin-gonic/gin"
+)
+
+func SetDatabase(db *sql.DB) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("database", db)
+		c.Next()
+	}
+}
+
+func Database(c *gin.Context) *sql.DB {
+	return c.MustGet("database").(*sql.DB)
+}
+
+func SetRemote(remote remote.Remote) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("remote", remote)
+		c.Next()
+	}
+}
+
+func Remote(c *gin.Context) remote.Remote {
+	return c.MustGet("remote").(remote.Remote)
+}
+
+func SetEngine(engine engine.Engine) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Set("engine", engine)
+		c.Next()
+	}
+}
+
+func Engine(c *gin.Context) engine.Engine {
+	return c.MustGet("engine").(engine.Engine)
+}

router/middleware/header/header.go

@@ -0,0 +1,40 @@
+package header
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+func SetHeaders() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		c.Writer.Header().Add("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Add("X-Frame-Options", "DENY")
+		c.Writer.Header().Add("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Add("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Add("Cache-Control", "no-cache")
+		c.Writer.Header().Add("Cache-Control", "no-store")
+		c.Writer.Header().Add("Cache-Control", "max-age=0")
+		c.Writer.Header().Add("Cache-Control", "must-revalidate")
+		c.Writer.Header().Add("Cache-Control", "value")
+		c.Writer.Header().Set("Last-Modified", time.Now().UTC().Format(http.TimeFormat))
+		c.Writer.Header().Set("Expires", "Thu, 01 Jan 1970 00:00:00 GMT")
+		//c.Writer.Header().Set("Content-Security-Policy", "script-src 'self' https://cdnjs.cloudflare.com")
+		if c.Request.TLS != nil {
+			c.Writer.Header().Add("Strict-Transport-Security", "max-age=31536000")
+		}
+
+		if c.Request.Method == "OPTIONS" {
+			c.Writer.Header().Set("Access-Control-Allow-Methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS")
+			c.Writer.Header().Set("Access-Control-Allow-Headers", "Authorization")
+			c.Writer.Header().Set("Allow", "HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS")
+			c.Writer.Header().Set("Content-Type", "application/json")
+			c.Writer.WriteHeader(200)
+			return
+		}
+
+		c.Next()
+	}
+}

router/middleware/session/repo.go

@@ -0,0 +1,236 @@
+package session
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/drone/drone/model"
+	"github.com/drone/drone/router/middleware/context"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/gin-gonic/gin"
+	"github.com/hashicorp/golang-lru"
+)
+
+var cache *lru.Cache
+
+func init() {
+	var err error
+	cache, err = lru.New(1028)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func Repo(c *gin.Context) *model.Repo {
+	v, ok := c.Get("repo")
+	if !ok {
+		return nil
+	}
+	u, ok := v.(*model.Repo)
+	if !ok {
+		return nil
+	}
+	return u
+}
+
+func SetRepo() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		var (
+			owner = c.Param("owner")
+			name  = c.Param("name")
+		)
+
+		db := context.Database(c)
+		user := User(c)
+		repo, err := model.GetRepoName(db, owner, name)
+		if err == nil {
+			c.Set("repo", repo)
+			c.Next()
+			return
+		}
+
+		// if the user is not nil, check the remote system
+		// to see if the repository actually exists. If yes,
+		// we can prompt the user to add.
+		if user != nil {
+			remote := context.Remote(c)
+			repo, _ = remote.Repo(user, owner, name)
+		}
+
+		data := gin.H{
+			"User": user,
+			"Repo": repo,
+		}
+
+		// if we found a repository, we should display a page
+		// to the user allowing them to activate.
+		if repo != nil && len(repo.FullName) != 0 {
+			c.HTML(http.StatusNotFound, "repo_activate.html", data)
+		} else {
+			c.HTML(http.StatusNotFound, "404.html", data)
+		}
+
+		c.Abort()
+	}
+}
+
+func Perm(c *gin.Context) *model.Perm {
+	v, ok := c.Get("perm")
+	if !ok {
+		return nil
+	}
+	u, ok := v.(*model.Perm)
+	if !ok {
+		return nil
+	}
+	return u
+}
+
+func SetPerm() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		user := User(c)
+		repo := Repo(c)
+		remote := context.Remote(c)
+		perm := &model.Perm{}
+
+		if user != nil {
+			// attempt to get the permissions from a local cache
+			// just to avoid excess API calls to GitHub
+			key := fmt.Sprintf("%d.%d", user.ID, repo.ID)
+			val, ok := cache.Get(key)
+			if ok {
+				c.Set("perm", val.(*model.Perm))
+				c.Next()
+
+				log.Debugf("%s using cached %+v permission to %s",
+					user.Login, val, repo.FullName)
+				return
+			}
+		}
+
+		switch {
+		// if the user is not authenticated, and the
+		// repository is private, the user has NO permission
+		// to view the repository.
+		case user == nil && repo.IsPrivate == true:
+			perm.Pull = false
+			perm.Push = false
+			perm.Admin = false
+
+		// if the user is not authenticated, but the repository
+		// is public, the user has pull-rights only.
+		case user == nil && repo.IsPrivate == false:
+			perm.Pull = true
+			perm.Push = false
+			perm.Admin = false
+
+		case user.Admin:
+			perm.Pull = true
+			perm.Push = true
+			perm.Admin = true
+
+		// otherwise if the user is authenticated we should
+		// check the remote system to get the users permissiosn.
+		default:
+			var err error
+			perm, err = remote.Perm(user, repo.Owner, repo.Name)
+			if err != nil {
+				perm.Pull = false
+				perm.Push = false
+				perm.Admin = false
+
+				// debug
+				log.Errorf("Error fetching permission for %s %s",
+					user.Login, repo.FullName)
+			}
+			// if we couldn't fetch permissions, but the repository
+			// is public, we should grant the user pull access.
+			if err != nil && repo.IsPrivate == false {
+				perm.Pull = true
+			}
+		}
+
+		if user != nil {
+
+			// cache the updated repository permissions to
+			// prevent un-necessary GitHub API requests.
+			key := fmt.Sprintf("%d.%d", user.ID, repo.ID)
+			cache.Add(key, perm)
+
+			// debug
+			log.Debugf("%s granted %+v permission to %s",
+				user.Login, perm, repo.FullName)
+
+		} else {
+			log.Debugf("Guest granted %+v to %s", perm, repo.FullName)
+		}
+
+		c.Set("perm", perm)
+		c.Next()
+	}
+}
+
+func MustPull(c *gin.Context) {
+	user := User(c)
+	repo := Repo(c)
+	perm := Perm(c)
+
+	if perm.Pull {
+		c.Next()
+		return
+	}
+
+	// if the user doesn't have pull permission to the
+	// repository we display a 404 error to avoid leaking
+	// repository information.
+	c.HTML(http.StatusNotFound, "404.html", gin.H{
+		"User": user,
+		"Repo": repo,
+		"Perm": perm,
+	})
+
+	c.Abort()
+}
+
+func MustPush(c *gin.Context) {
+	user := User(c)
+	repo := Repo(c)
+	perm := Perm(c)
+
+	// if the user has push access, immediately proceed
+	// the middleware execution chain.
+	if perm.Push {
+		c.Next()
+		return
+	}
+
+	data := gin.H{
+		"User": user,
+		"Repo": repo,
+		"Perm": perm,
+	}
+
+	// if the user has pull access we should tell them
+	// the operation is not authorized. Otherwise we should
+	// give a 404 to avoid leaking information.
+	if !perm.Pull {
+		c.HTML(http.StatusNotFound, "404.html", data)
+	} else {
+		c.HTML(http.StatusUnauthorized, "401.html", data)
+	}
+
+	// debugging
+	if user != nil {
+		log.Debugf("%s denied write access to %s",
+			user.Login, c.Request.URL.Path)
+
+	} else {
+		log.Debugf("Guest denied write access to %s %s",
+			c.Request.Method,
+			c.Request.URL.Path,
+		)
+	}
+
+	c.Abort()
+}

router/middleware/session/user.go

@@ -0,0 +1,98 @@
+package session
+
+import (
+	"net/http"
+
+	"github.com/drone/drone/model"
+	"github.com/drone/drone/router/middleware/context"
+	"github.com/drone/drone/shared/token"
+
+	"github.com/gin-gonic/gin"
+)
+
+func User(c *gin.Context) *model.User {
+	v, ok := c.Get("user")
+	if !ok {
+		return nil
+	}
+	u, ok := v.(*model.User)
+	if !ok {
+		return nil
+	}
+	return u
+}
+
+func Token(c *gin.Context) *token.Token {
+	v, ok := c.Get("token")
+	if !ok {
+		return nil
+	}
+	u, ok := v.(*token.Token)
+	if !ok {
+		return nil
+	}
+	return u
+}
+
+func SetUser() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		var user *model.User
+
+		t, err := token.ParseRequest(c.Request, func(t *token.Token) (string, error) {
+			var db = context.Database(c)
+			var err error
+			user, err = model.GetUserLogin(db, t.Text)
+			return user.Hash, err
+		})
+		if err == nil {
+			c.Set("user", user)
+
+			// if this is a session token (ie not the API token)
+			// this means the user is accessing with a web browser,
+			// so we should implement CSRF protection measures.
+			if t.Kind == token.SessToken {
+				err = token.CheckCsrf(c.Request, func(t *token.Token) (string, error) {
+					return user.Hash, nil
+				})
+				// if csrf token validation fails, exit immediately
+				// with a not authorized error.
+				if err != nil {
+					c.AbortWithStatus(http.StatusUnauthorized)
+					return
+				}
+			}
+		}
+		c.Next()
+	}
+}
+
+func MustAdmin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		user := User(c)
+		switch {
+		case user == nil:
+			c.AbortWithStatus(http.StatusUnauthorized)
+			// c.HTML(http.StatusUnauthorized, "401.html", gin.H{})
+		case user.Admin == false:
+			c.AbortWithStatus(http.StatusForbidden)
+			// c.HTML(http.StatusForbidden, "401.html", gin.H{})
+		default:
+			c.Next()
+		}
+
+	}
+}
+
+func MustUser() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		user := User(c)
+		switch {
+		case user == nil:
+			c.AbortWithStatus(http.StatusUnauthorized)
+			// c.HTML(http.StatusUnauthorized, "401.html", gin.H{})
+		default:
+			c.Next()
+		}
+
+	}
+}