func SetUser() gin.HandlerFunc { return func(c *gin.Context) { var user *model.User t, err := token.ParseRequest(c.Request, func(t *token.Token) (string, error) { var err error user, err = store.GetUserLogin(c, t.Text) return user.Hash, err }) if err == nil { c.Set("user", user) // if this is a session token (ie not the API token) // this means the user is accessing with a web browser, // so we should implement CSRF protection measures. if t.Kind == token.SessToken { err = token.CheckCsrf(c.Request, func(t *token.Token) (string, error) { return user.Hash, nil }) // if csrf token validation fails, exit immediately // with a not authorized error. if err != nil { c.AbortWithStatus(http.StatusUnauthorized) return } } } c.Next() } }
func GetCommit(c *gin.Context) { repo := session.Repo(c) parsed, err := token.ParseRequest(c.Request, func(t *token.Token) (string, error) { return repo.Hash, nil }) if err != nil { c.AbortWithError(http.StatusBadRequest, err) return } if parsed.Text != repo.FullName { c.AbortWithStatus(http.StatusUnauthorized) return } commit := c.Param("sha") branch := c.Query("branch") if len(branch) == 0 { branch = repo.Branch } build, err := store.GetBuildCommit(c, repo, commit, branch) if err != nil { c.AbortWithError(http.StatusNotFound, err) return } c.JSON(http.StatusOK, build) }
func GetPullRequest(c *gin.Context) { repo := session.Repo(c) refs := fmt.Sprintf("refs/pull/%s/head", c.Param("number")) parsed, err := token.ParseRequest(c.Request, func(t *token.Token) (string, error) { return repo.Hash, nil }) if err != nil { c.AbortWithError(http.StatusBadRequest, err) return } if parsed.Text != repo.FullName { c.AbortWithStatus(http.StatusUnauthorized) return } build, err := store.GetBuildRef(c, repo, refs) if err != nil { c.AbortWithError(http.StatusNotFound, err) return } c.JSON(http.StatusOK, build) }