78 lines
2.1 KiB
Go
78 lines
2.1 KiB
Go
package hat
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/routers/api/v1/misc"
|
|
"code.gitea.io/gitea/services/auth"
|
|
"github.com/go-chi/cors"
|
|
)
|
|
|
|
func Routers() *web.Route {
|
|
m := web.NewRoute()
|
|
|
|
m.Use(securityHeaders())
|
|
if setting.CORSConfig.Enabled {
|
|
m.Use(cors.Handler(cors.Options{
|
|
// Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
|
|
AllowedOrigins: setting.CORSConfig.AllowDomain,
|
|
// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
|
|
AllowedMethods: setting.CORSConfig.Methods,
|
|
AllowCredentials: setting.CORSConfig.AllowCredentials,
|
|
AllowedHeaders: []string{"Authorization", "X-Gitea-OTP"},
|
|
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
|
|
}))
|
|
}
|
|
m.Use(context.APIContexter())
|
|
|
|
group := buildAuthGroup()
|
|
if err := group.Init(); err != nil {
|
|
log.Error("Could not initialize '%s' auth method, error: %s", group.Name(), err)
|
|
}
|
|
|
|
// Get user from session if logged in.
|
|
m.Use(context.APIAuth(group))
|
|
|
|
m.Use(context.ToggleAPI(&context.ToggleOptions{
|
|
SignInRequired: setting.Service.RequireSignInView,
|
|
}))
|
|
|
|
m.Use(context.ToggleAPI(&context.ToggleOptions{
|
|
SignInRequired: setting.Service.RequireSignInView,
|
|
}))
|
|
|
|
m.Group("", func() {
|
|
m.Get("/version", misc.Version)
|
|
})
|
|
|
|
return m
|
|
}
|
|
|
|
func securityHeaders() func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
|
|
// CORB: https://www.chromium.org/Home/chromium-security/corb-for-developers
|
|
// http://stackoverflow.com/a/3146618/244009
|
|
resp.Header().Set("x-content-type-options", "nosniff")
|
|
next.ServeHTTP(resp, req)
|
|
})
|
|
}
|
|
}
|
|
|
|
func buildAuthGroup() *auth.Group {
|
|
group := auth.NewGroup(
|
|
&auth.OAuth2{},
|
|
&auth.HTTPSign{},
|
|
&auth.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
|
|
)
|
|
if setting.Service.EnableReverseProxyAuth {
|
|
group.Add(&auth.ReverseProxy{})
|
|
}
|
|
|
|
return group
|
|
}
|