310376525b
- Use the forked [binding](https://code.forgejo.org/go-chi/binding) library. This library has two benefits, it removes the usage of `github.com/goccy/go-json` (has no benefit as the minimo library is also using it). It adds the `TrimSpace` feature, which will during the binding part trim the spaces around the value it got from the form, this is done before validation.
240 lines
5.9 KiB
Go
240 lines
5.9 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package validation
|
|
|
|
import (
|
|
"fmt"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/auth"
|
|
"code.gitea.io/gitea/modules/git"
|
|
|
|
"code.forgejo.org/go-chi/binding"
|
|
"github.com/gobwas/glob"
|
|
)
|
|
|
|
const (
|
|
// ErrGitRefName is git reference name error
|
|
ErrGitRefName = "GitRefNameError"
|
|
// ErrGlobPattern is returned when glob pattern is invalid
|
|
ErrGlobPattern = "GlobPattern"
|
|
// ErrRegexPattern is returned when a regex pattern is invalid
|
|
ErrRegexPattern = "RegexPattern"
|
|
// ErrUsername is username error
|
|
ErrUsername = "UsernameError"
|
|
// ErrInvalidGroupTeamMap is returned when a group team mapping is invalid
|
|
ErrInvalidGroupTeamMap = "InvalidGroupTeamMap"
|
|
// ErrEmail is returned when an email address is invalid
|
|
ErrEmail = "Email"
|
|
)
|
|
|
|
// AddBindingRules adds additional binding rules
|
|
func AddBindingRules() {
|
|
addGitRefNameBindingRule()
|
|
addValidURLBindingRule()
|
|
addValidSiteURLBindingRule()
|
|
addGlobPatternRule()
|
|
addRegexPatternRule()
|
|
addGlobOrRegexPatternRule()
|
|
addUsernamePatternRule()
|
|
addValidGroupTeamMapRule()
|
|
addEmailBindingRules()
|
|
}
|
|
|
|
func addGitRefNameBindingRule() {
|
|
// Git refname validation rule
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "GitRefName")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
|
|
if !git.IsValidRefPattern(str) {
|
|
errs.Add([]string{name}, ErrGitRefName, "GitRefName")
|
|
return false, errs
|
|
}
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func addValidURLBindingRule() {
|
|
// URL validation rule
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "ValidUrl")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
if len(str) != 0 && !IsValidURL(str) {
|
|
errs.Add([]string{name}, binding.ERR_URL, "Url")
|
|
return false, errs
|
|
}
|
|
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func addValidSiteURLBindingRule() {
|
|
// URL validation rule
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "ValidSiteUrl")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
if len(str) != 0 && !IsValidSiteURL(str) {
|
|
errs.Add([]string{name}, binding.ERR_URL, "Url")
|
|
return false, errs
|
|
}
|
|
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func addGlobPatternRule() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return rule == "GlobPattern"
|
|
},
|
|
IsValid: globPatternValidator,
|
|
})
|
|
}
|
|
|
|
func globPatternValidator(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
|
|
if len(str) != 0 {
|
|
if _, err := glob.Compile(str); err != nil {
|
|
errs.Add([]string{name}, ErrGlobPattern, err.Error())
|
|
return false, errs
|
|
}
|
|
}
|
|
|
|
return true, errs
|
|
}
|
|
|
|
func addRegexPatternRule() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return rule == "RegexPattern"
|
|
},
|
|
IsValid: regexPatternValidator,
|
|
})
|
|
}
|
|
|
|
func regexPatternValidator(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
|
|
if _, err := regexp.Compile(str); err != nil {
|
|
errs.Add([]string{name}, ErrRegexPattern, err.Error())
|
|
return false, errs
|
|
}
|
|
|
|
return true, errs
|
|
}
|
|
|
|
func addGlobOrRegexPatternRule() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return rule == "GlobOrRegexPattern"
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := strings.TrimSpace(fmt.Sprintf("%v", val))
|
|
|
|
if len(str) >= 2 && strings.HasPrefix(str, "/") && strings.HasSuffix(str, "/") {
|
|
return regexPatternValidator(errs, name, str[1:len(str)-1])
|
|
}
|
|
return globPatternValidator(errs, name, val)
|
|
},
|
|
})
|
|
}
|
|
|
|
func addUsernamePatternRule() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return rule == "Username"
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
str := fmt.Sprintf("%v", val)
|
|
if !IsValidUsername(str) {
|
|
errs.Add([]string{name}, ErrUsername, "invalid username")
|
|
return false, errs
|
|
}
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func addValidGroupTeamMapRule() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "ValidGroupTeamMap")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
_, err := auth.UnmarshalGroupTeamMapping(fmt.Sprintf("%v", val))
|
|
if err != nil {
|
|
errs.Add([]string{name}, ErrInvalidGroupTeamMap, err.Error())
|
|
return false, errs
|
|
}
|
|
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func addEmailBindingRules() {
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "EmailWithAllowedDomain")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
if err := ValidateEmail(fmt.Sprintf("%v", val)); err != nil {
|
|
errs.Add([]string{name}, ErrEmail, err.Error())
|
|
return false, errs
|
|
}
|
|
return true, errs
|
|
},
|
|
})
|
|
|
|
binding.AddRule(&binding.Rule{
|
|
IsMatch: func(rule string) bool {
|
|
return strings.HasPrefix(rule, "EmailForAdmin")
|
|
},
|
|
IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) {
|
|
if err := ValidateEmailForAdmin(fmt.Sprintf("%v", val)); err != nil {
|
|
errs.Add([]string{name}, ErrEmail, err.Error())
|
|
return false, errs
|
|
}
|
|
return true, errs
|
|
},
|
|
})
|
|
}
|
|
|
|
func portOnly(hostport string) string {
|
|
colon := strings.IndexByte(hostport, ':')
|
|
if colon == -1 {
|
|
return ""
|
|
}
|
|
if i := strings.Index(hostport, "]:"); i != -1 {
|
|
return hostport[i+len("]:"):]
|
|
}
|
|
if strings.Contains(hostport, "]") {
|
|
return ""
|
|
}
|
|
return hostport[colon+len(":"):]
|
|
}
|
|
|
|
func validPort(p string) bool {
|
|
for _, r := range []byte(p) {
|
|
if r < '0' || r > '9' {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|