From 3b387336bfc097090d5b03f5b01e136bca56f8fd Mon Sep 17 00:00:00 2001 From: Unknown Date: Thu, 20 Mar 2014 11:41:24 -0400 Subject: [PATCH] Add Repository/user name filter --- README.md | 2 +- gogs.go | 2 +- models/repo.go | 31 +++++++++++++++++++++++++++++++ models/user.go | 5 +++++ routers/repo/repo.go | 3 +++ routers/repo/single.go | 5 +++++ routers/user/user.go | 8 +++++--- 7 files changed, 51 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3a1023c6d..4219e4ed0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Gogs(Go Git Service) is a GitHub-like clone in the Go Programming Language. Since we choose to use pure Go implementation of Git manipulation, Gogs certainly supports **ALL platforms** that Go supports, including Linux, Max OS X, and Windows with **ZERO** dependency. -##### Current version: 0.1.1 Alpha +##### Current version: 0.1.4 Alpha ## Purpose diff --git a/gogs.go b/gogs.go index d32e3908c..a600c53d1 100644 --- a/gogs.go +++ b/gogs.go @@ -20,7 +20,7 @@ import ( // Test that go1.1 tag above is included in builds. main.go refers to this definition. const go11tag = true -const APP_VER = "0.1.2.0320.1" +const APP_VER = "0.1.3.0320.1" func init() { base.AppVer = APP_VER diff --git a/models/repo.go b/models/repo.go index 052341ff6..bcbc58678 100644 --- a/models/repo.go +++ b/models/repo.go @@ -12,6 +12,7 @@ import ( "os" "path" "path/filepath" + "regexp" "strings" "sync" "time" @@ -82,6 +83,7 @@ var ( ErrRepoAlreadyExist = errors.New("Repository already exist") ErrRepoNotExist = errors.New("Repository does not exist") ErrRepoFileNotExist = errors.New("Target Repo file does not exist") + ErrRepoNameIllegal = errors.New("Repository name contains illegal characters") ) func init() { @@ -104,6 +106,15 @@ func init() { os.Exit(2) } } + + // Initialize illegal patterns. + for i := range illegalPatterns[1:] { + pattern := "" + for j := range illegalPatterns[i+1] { + pattern += "[" + string(illegalPatterns[i+1][j]-32) + string(illegalPatterns[i+1][j]) + "]" + } + illegalPatterns[i+1] = pattern + } } // IsRepositoryExist returns true if the repository with given name under user has already existed. @@ -120,8 +131,28 @@ func IsRepositoryExist(user *User, repoName string) (bool, error) { return s.IsDir(), nil } +var ( + // Define as all lower case!! + illegalPatterns = []string{"[.][Gg][Ii][Tt]", "user", "help", "stars", "issues", "pulls", "commits", "admin", "repo", "template"} +) + +// IsLegalName returns false if name contains illegal characters. +func IsLegalName(repoName string) bool { + for _, pattern := range illegalPatterns { + has, _ := regexp.MatchString(pattern, repoName) + if has { + return false + } + } + return true +} + // CreateRepository creates a repository for given user or orgnaziation. func CreateRepository(user *User, repoName, desc, repoLang, license string, private bool, initReadme bool) (*Repository, error) { + if !IsLegalName(repoName) { + return nil, ErrRepoNameIllegal + } + isExist, err := IsRepositoryExist(user, repoName) if err != nil { return nil, err diff --git a/models/user.go b/models/user.go index fd89af6b3..990e1954a 100644 --- a/models/user.go +++ b/models/user.go @@ -79,6 +79,7 @@ var ( ErrUserAlreadyExist = errors.New("User already exist") ErrUserNotExist = errors.New("User does not exist") ErrEmailAlreadyUsed = errors.New("E-mail already used") + ErrUserNameIllegal = errors.New("User name contains illegal characters") ) // IsUserExist checks if given user name exist, @@ -108,6 +109,10 @@ func GetUserSalt() string { // RegisterUser creates record of a new user. func RegisterUser(user *User) (*User, error) { + if !IsLegalName(user.Name) { + return nil, ErrUserNameIllegal + } + isExist, err := IsUserExist(user.Name) if err != nil { return nil, err diff --git a/routers/repo/repo.go b/routers/repo/repo.go index 556cc4343..c83a6df52 100644 --- a/routers/repo/repo.go +++ b/routers/repo/repo.go @@ -31,6 +31,9 @@ func Create(ctx *middleware.Context, form auth.CreateRepoForm) { } else if err == models.ErrRepoAlreadyExist { ctx.RenderWithErr("Repository name has already been used", "repo/create", &form) return + } else if err == models.ErrRepoNameIllegal { + ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "repo/create", &form) + return } ctx.Handle(200, "repo.Create", err) } diff --git a/routers/repo/single.go b/routers/repo/single.go index f1b15ccee..eab49be91 100644 --- a/routers/repo/single.go +++ b/routers/repo/single.go @@ -217,6 +217,11 @@ func Setting(ctx *middleware.Context, params martini.Params) { title = t } + if len(params["branchname"]) == 0 { + params["branchname"] = "master" + } + + ctx.Data["Branchname"] = params["branchname"] ctx.Data["Title"] = title + " - settings" ctx.HTML(200, "repo/setting") } diff --git a/routers/user/user.go b/routers/user/user.go index be2c4d383..ea6922591 100644 --- a/routers/user/user.go +++ b/routers/user/user.go @@ -139,11 +139,13 @@ func SignUp(ctx *middleware.Context, form auth.RegisterForm) { var err error if u, err = models.RegisterUser(u); err != nil { - switch err.Error() { - case models.ErrUserAlreadyExist.Error(): + switch err { + case models.ErrUserAlreadyExist: ctx.RenderWithErr("Username has been already taken", "user/signup", &form) - case models.ErrEmailAlreadyUsed.Error(): + case models.ErrEmailAlreadyUsed: ctx.RenderWithErr("E-mail address has been already used", "user/signup", &form) + case models.ErrUserNameIllegal: + ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "user/signup", &form) default: ctx.Handle(200, "user.SignUp", err) }