mirror of
https://github.com/astaxie/beego.git
synced 2024-11-18 10:30:55 +00:00
34ddcef1dc
default value is true when you Enable Global XSRF, also can control in the prepare function to change the value.
474 lines
13 KiB
Go
474 lines
13 KiB
Go
// Beego (http://beego.me/)
|
|
// @description beego is an open-source, high-performance web framework for the Go programming language.
|
|
// @link http://github.com/astaxie/beego for the canonical source repository
|
|
// @license http://github.com/astaxie/beego/blob/master/LICENSE
|
|
// @authors astaxie
|
|
|
|
package beego
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"html/template"
|
|
"io"
|
|
"io/ioutil"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"reflect"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/astaxie/beego/context"
|
|
"github.com/astaxie/beego/session"
|
|
"github.com/astaxie/beego/utils"
|
|
)
|
|
|
|
var (
|
|
// custom error when user stop request handler manually.
|
|
USERSTOPRUN = errors.New("User stop run")
|
|
)
|
|
|
|
// Controller defines some basic http request handler operations, such as
|
|
// http context, template and view, session and xsrf.
|
|
type Controller struct {
|
|
Ctx *context.Context
|
|
Data map[interface{}]interface{}
|
|
controllerName string
|
|
actionName string
|
|
TplNames string
|
|
Layout string
|
|
LayoutSections map[string]string // the key is the section name and the value is the template name
|
|
TplExt string
|
|
_xsrf_token string
|
|
gotofunc string
|
|
CruSession session.SessionStore
|
|
XSRFExpire int
|
|
AppController interface{}
|
|
EnableRender bool
|
|
EnableXSRF bool
|
|
}
|
|
|
|
// ControllerInterface is an interface to uniform all controller handler.
|
|
type ControllerInterface interface {
|
|
Init(ct *context.Context, controllerName, actionName string, app interface{})
|
|
Prepare()
|
|
Get()
|
|
Post()
|
|
Delete()
|
|
Put()
|
|
Head()
|
|
Patch()
|
|
Options()
|
|
Finish()
|
|
Render() error
|
|
XsrfToken() string
|
|
CheckXsrfCookie() bool
|
|
}
|
|
|
|
// Init generates default values of controller operations.
|
|
func (c *Controller) Init(ctx *context.Context, controllerName, actionName string, app interface{}) {
|
|
c.Layout = ""
|
|
c.TplNames = ""
|
|
c.controllerName = controllerName
|
|
c.actionName = actionName
|
|
c.Ctx = ctx
|
|
c.TplExt = "tpl"
|
|
c.AppController = app
|
|
c.EnableRender = true
|
|
c.EnableXSRF = true
|
|
c.Data = ctx.Input.Data
|
|
}
|
|
|
|
// Prepare runs after Init before request function execution.
|
|
func (c *Controller) Prepare() {
|
|
|
|
}
|
|
|
|
// Finish runs after request function execution.
|
|
func (c *Controller) Finish() {
|
|
|
|
}
|
|
|
|
// Get adds a request function to handle GET request.
|
|
func (c *Controller) Get() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Post adds a request function to handle POST request.
|
|
func (c *Controller) Post() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Delete adds a request function to handle DELETE request.
|
|
func (c *Controller) Delete() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Put adds a request function to handle PUT request.
|
|
func (c *Controller) Put() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Head adds a request function to handle HEAD request.
|
|
func (c *Controller) Head() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Patch adds a request function to handle PATCH request.
|
|
func (c *Controller) Patch() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Options adds a request function to handle OPTIONS request.
|
|
func (c *Controller) Options() {
|
|
http.Error(c.Ctx.ResponseWriter, "Method Not Allowed", 405)
|
|
}
|
|
|
|
// Render sends the response with rendered template bytes as text/html type.
|
|
func (c *Controller) Render() error {
|
|
if !c.EnableRender {
|
|
return nil
|
|
}
|
|
rb, err := c.RenderBytes()
|
|
|
|
if err != nil {
|
|
return err
|
|
} else {
|
|
c.Ctx.Output.Header("Content-Type", "text/html; charset=utf-8")
|
|
c.Ctx.Output.Body(rb)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// RenderString returns the rendered template string. Do not send out response.
|
|
func (c *Controller) RenderString() (string, error) {
|
|
b, e := c.RenderBytes()
|
|
return string(b), e
|
|
}
|
|
|
|
// RenderBytes returns the bytes of rendered template string. Do not send out response.
|
|
func (c *Controller) RenderBytes() ([]byte, error) {
|
|
//if the controller has set layout, then first get the tplname's content set the content to the layout
|
|
if c.Layout != "" {
|
|
if c.TplNames == "" {
|
|
c.TplNames = strings.ToLower(c.controllerName) + "/" + strings.ToLower(c.actionName) + "." + c.TplExt
|
|
}
|
|
if RunMode == "dev" {
|
|
BuildTemplate(ViewsPath)
|
|
}
|
|
newbytes := bytes.NewBufferString("")
|
|
if _, ok := BeeTemplates[c.TplNames]; !ok {
|
|
panic("can't find templatefile in the path:" + c.TplNames)
|
|
}
|
|
err := BeeTemplates[c.TplNames].ExecuteTemplate(newbytes, c.TplNames, c.Data)
|
|
if err != nil {
|
|
Trace("template Execute err:", err)
|
|
return nil, err
|
|
}
|
|
tplcontent, _ := ioutil.ReadAll(newbytes)
|
|
c.Data["LayoutContent"] = template.HTML(string(tplcontent))
|
|
|
|
if c.LayoutSections != nil {
|
|
for sectionName, sectionTpl := range c.LayoutSections {
|
|
if sectionTpl == "" {
|
|
c.Data[sectionName] = ""
|
|
continue
|
|
}
|
|
|
|
sectionBytes := bytes.NewBufferString("")
|
|
err = BeeTemplates[sectionTpl].ExecuteTemplate(sectionBytes, sectionTpl, c.Data)
|
|
if err != nil {
|
|
Trace("template Execute err:", err)
|
|
return nil, err
|
|
}
|
|
sectionContent, _ := ioutil.ReadAll(sectionBytes)
|
|
c.Data[sectionName] = template.HTML(string(sectionContent))
|
|
}
|
|
}
|
|
|
|
ibytes := bytes.NewBufferString("")
|
|
err = BeeTemplates[c.Layout].ExecuteTemplate(ibytes, c.Layout, c.Data)
|
|
if err != nil {
|
|
Trace("template Execute err:", err)
|
|
return nil, err
|
|
}
|
|
icontent, _ := ioutil.ReadAll(ibytes)
|
|
return icontent, nil
|
|
} else {
|
|
if c.TplNames == "" {
|
|
c.TplNames = strings.ToLower(c.controllerName) + "/" + strings.ToLower(c.actionName) + "." + c.TplExt
|
|
}
|
|
if RunMode == "dev" {
|
|
BuildTemplate(ViewsPath)
|
|
}
|
|
ibytes := bytes.NewBufferString("")
|
|
if _, ok := BeeTemplates[c.TplNames]; !ok {
|
|
panic("can't find templatefile in the path:" + c.TplNames)
|
|
}
|
|
err := BeeTemplates[c.TplNames].ExecuteTemplate(ibytes, c.TplNames, c.Data)
|
|
if err != nil {
|
|
Trace("template Execute err:", err)
|
|
return nil, err
|
|
}
|
|
icontent, _ := ioutil.ReadAll(ibytes)
|
|
return icontent, nil
|
|
}
|
|
}
|
|
|
|
// Redirect sends the redirection response to url with status code.
|
|
func (c *Controller) Redirect(url string, code int) {
|
|
c.Ctx.Redirect(code, url)
|
|
}
|
|
|
|
// Aborts stops controller handler and show the error data if code is defined in ErrorMap or code string.
|
|
func (c *Controller) Abort(code string) {
|
|
status, err := strconv.Atoi(code)
|
|
if err == nil {
|
|
c.Ctx.Abort(status, code)
|
|
} else {
|
|
c.Ctx.Abort(200, code)
|
|
}
|
|
}
|
|
|
|
// StopRun makes panic of USERSTOPRUN error and go to recover function if defined.
|
|
func (c *Controller) StopRun() {
|
|
panic(USERSTOPRUN)
|
|
}
|
|
|
|
// UrlFor does another controller handler in this request function.
|
|
// it goes to this controller method if endpoint is not clear.
|
|
func (c *Controller) UrlFor(endpoint string, values ...string) string {
|
|
if len(endpoint) <= 0 {
|
|
return ""
|
|
}
|
|
if endpoint[0] == '.' {
|
|
return UrlFor(reflect.Indirect(reflect.ValueOf(c.AppController)).Type().Name()+endpoint, values...)
|
|
} else {
|
|
return UrlFor(endpoint, values...)
|
|
}
|
|
}
|
|
|
|
// ServeJson sends a json response with encoding charset.
|
|
func (c *Controller) ServeJson(encoding ...bool) {
|
|
var hasIndent bool
|
|
var hasencoding bool
|
|
if RunMode == "prod" {
|
|
hasIndent = false
|
|
} else {
|
|
hasIndent = true
|
|
}
|
|
if len(encoding) > 0 && encoding[0] == true {
|
|
hasencoding = true
|
|
}
|
|
c.Ctx.Output.Json(c.Data["json"], hasIndent, hasencoding)
|
|
}
|
|
|
|
// ServeJsonp sends a jsonp response.
|
|
func (c *Controller) ServeJsonp() {
|
|
var hasIndent bool
|
|
if RunMode == "prod" {
|
|
hasIndent = false
|
|
} else {
|
|
hasIndent = true
|
|
}
|
|
c.Ctx.Output.Jsonp(c.Data["jsonp"], hasIndent)
|
|
}
|
|
|
|
// ServeXml sends xml response.
|
|
func (c *Controller) ServeXml() {
|
|
var hasIndent bool
|
|
if RunMode == "prod" {
|
|
hasIndent = false
|
|
} else {
|
|
hasIndent = true
|
|
}
|
|
c.Ctx.Output.Xml(c.Data["xml"], hasIndent)
|
|
}
|
|
|
|
// Input returns the input data map from POST or PUT request body and query string.
|
|
func (c *Controller) Input() url.Values {
|
|
if c.Ctx.Request.Form == nil {
|
|
c.Ctx.Request.ParseForm()
|
|
}
|
|
return c.Ctx.Request.Form
|
|
}
|
|
|
|
// ParseForm maps input data map to obj struct.
|
|
func (c *Controller) ParseForm(obj interface{}) error {
|
|
return ParseForm(c.Input(), obj)
|
|
}
|
|
|
|
// GetString returns the input value by key string.
|
|
func (c *Controller) GetString(key string) string {
|
|
return c.Ctx.Input.Query(key)
|
|
}
|
|
|
|
// GetStrings returns the input string slice by key string.
|
|
// it's designed for multi-value input field such as checkbox(input[type=checkbox]), multi-selection.
|
|
func (c *Controller) GetStrings(key string) []string {
|
|
f := c.Input()
|
|
if f == nil {
|
|
return []string{}
|
|
}
|
|
vs := f[key]
|
|
if len(vs) > 0 {
|
|
return vs
|
|
}
|
|
return []string{}
|
|
}
|
|
|
|
// GetInt returns input value as int64.
|
|
func (c *Controller) GetInt(key string) (int64, error) {
|
|
return strconv.ParseInt(c.Ctx.Input.Query(key), 10, 64)
|
|
}
|
|
|
|
// GetBool returns input value as bool.
|
|
func (c *Controller) GetBool(key string) (bool, error) {
|
|
return strconv.ParseBool(c.Ctx.Input.Query(key))
|
|
}
|
|
|
|
// GetFloat returns input value as float64.
|
|
func (c *Controller) GetFloat(key string) (float64, error) {
|
|
return strconv.ParseFloat(c.Ctx.Input.Query(key), 64)
|
|
}
|
|
|
|
// GetFile returns the file data in file upload field named as key.
|
|
// it returns the first one of multi-uploaded files.
|
|
func (c *Controller) GetFile(key string) (multipart.File, *multipart.FileHeader, error) {
|
|
return c.Ctx.Request.FormFile(key)
|
|
}
|
|
|
|
// SaveToFile saves uploaded file to new path.
|
|
// it only operates the first one of mutil-upload form file field.
|
|
func (c *Controller) SaveToFile(fromfile, tofile string) error {
|
|
file, _, err := c.Ctx.Request.FormFile(fromfile)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer file.Close()
|
|
f, err := os.OpenFile(tofile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer f.Close()
|
|
io.Copy(f, file)
|
|
return nil
|
|
}
|
|
|
|
// StartSession starts session and load old session data info this controller.
|
|
func (c *Controller) StartSession() session.SessionStore {
|
|
if c.CruSession == nil {
|
|
c.CruSession = c.Ctx.Input.CruSession
|
|
}
|
|
return c.CruSession
|
|
}
|
|
|
|
// SetSession puts value into session.
|
|
func (c *Controller) SetSession(name interface{}, value interface{}) {
|
|
if c.CruSession == nil {
|
|
c.StartSession()
|
|
}
|
|
c.CruSession.Set(name, value)
|
|
}
|
|
|
|
// GetSession gets value from session.
|
|
func (c *Controller) GetSession(name interface{}) interface{} {
|
|
if c.CruSession == nil {
|
|
c.StartSession()
|
|
}
|
|
return c.CruSession.Get(name)
|
|
}
|
|
|
|
// SetSession removes value from session.
|
|
func (c *Controller) DelSession(name interface{}) {
|
|
if c.CruSession == nil {
|
|
c.StartSession()
|
|
}
|
|
c.CruSession.Delete(name)
|
|
}
|
|
|
|
// SessionRegenerateID regenerates session id for this session.
|
|
// the session data have no changes.
|
|
func (c *Controller) SessionRegenerateID() {
|
|
if c.CruSession != nil {
|
|
c.CruSession.SessionRelease(c.Ctx.ResponseWriter)
|
|
}
|
|
c.CruSession = GlobalSessions.SessionRegenerateId(c.Ctx.ResponseWriter, c.Ctx.Request)
|
|
c.Ctx.Input.CruSession = c.CruSession
|
|
}
|
|
|
|
// DestroySession cleans session data and session cookie.
|
|
func (c *Controller) DestroySession() {
|
|
c.Ctx.Input.CruSession.Flush()
|
|
GlobalSessions.SessionDestroy(c.Ctx.ResponseWriter, c.Ctx.Request)
|
|
}
|
|
|
|
// IsAjax returns this request is ajax or not.
|
|
func (c *Controller) IsAjax() bool {
|
|
return c.Ctx.Input.IsAjax()
|
|
}
|
|
|
|
// GetSecureCookie returns decoded cookie value from encoded browser cookie values.
|
|
func (c *Controller) GetSecureCookie(Secret, key string) (string, bool) {
|
|
return c.Ctx.GetSecureCookie(Secret, key)
|
|
}
|
|
|
|
// SetSecureCookie puts value into cookie after encoded the value.
|
|
func (c *Controller) SetSecureCookie(Secret, name, value string, others ...interface{}) {
|
|
c.Ctx.SetSecureCookie(Secret, name, value, others...)
|
|
}
|
|
|
|
// XsrfToken creates a xsrf token string and returns.
|
|
func (c *Controller) XsrfToken() string {
|
|
if c._xsrf_token == "" {
|
|
token, ok := c.GetSecureCookie(XSRFKEY, "_xsrf")
|
|
if !ok {
|
|
var expire int64
|
|
if c.XSRFExpire > 0 {
|
|
expire = int64(c.XSRFExpire)
|
|
} else {
|
|
expire = int64(XSRFExpire)
|
|
}
|
|
token = string(utils.RandomCreateBytes(15))
|
|
c.SetSecureCookie(XSRFKEY, "_xsrf", token, expire)
|
|
}
|
|
c._xsrf_token = token
|
|
}
|
|
return c._xsrf_token
|
|
}
|
|
|
|
// CheckXsrfCookie checks xsrf token in this request is valid or not.
|
|
// the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
|
|
// or in form field value named as "_xsrf".
|
|
func (c *Controller) CheckXsrfCookie() bool {
|
|
if !c.EnableXSRF {
|
|
return true
|
|
}
|
|
token := c.GetString("_xsrf")
|
|
if token == "" {
|
|
token = c.Ctx.Request.Header.Get("X-Xsrftoken")
|
|
}
|
|
if token == "" {
|
|
token = c.Ctx.Request.Header.Get("X-Csrftoken")
|
|
}
|
|
if token == "" {
|
|
c.Ctx.Abort(403, "'_xsrf' argument missing from POST")
|
|
} else if c._xsrf_token != token {
|
|
c.Ctx.Abort(403, "XSRF cookie does not match POST argument")
|
|
}
|
|
return true
|
|
}
|
|
|
|
// XsrfFormHtml writes an input field contains xsrf token value.
|
|
func (c *Controller) XsrfFormHtml() string {
|
|
return "<input type=\"hidden\" name=\"_xsrf\" value=\"" +
|
|
c._xsrf_token + "\"/>"
|
|
}
|
|
|
|
// GetControllerAndAction gets the executing controller name and action name.
|
|
func (c *Controller) GetControllerAndAction() (controllerName, actionName string) {
|
|
return c.controllerName, c.actionName
|
|
}
|