osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
关注 15
点赞 7
百科 捐赠
本站源代码
分支: gamification
com/modules/validation/helpers.go

97 行
2.2KB
原始文件 永久链接 Blame 文件历史 

  1. // Copyright 2018 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package validation

  6. 

  7. import (

  8. 	"net"

  9. 	"net/url"

  10. 	"regexp"

  11. 	"strings"

  12. 

  13. 	"code.gitea.io/gitea/modules/setting"

  14. )

  15. 

  16. var loopbackIPBlocks []*net.IPNet

  17. 

  18. var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)

  19. 

  20. func init() {

  21. 	for _, cidr := range []string{

  22. 		"127.0.0.0/8", // IPv4 loopback

  23. 		"::1/128",     // IPv6 loopback

  24. 	} {

  25. 		if _, block, err := net.ParseCIDR(cidr); err == nil {

  26. 			loopbackIPBlocks = append(loopbackIPBlocks, block)

  27. 		}

  28. 	}

  29. }

  30. 

  31. func isLoopbackIP(ip string) bool {

  32. 	pip := net.ParseIP(ip)

  33. 	if pip == nil {

  34. 		return false

  35. 	}

  36. 	for _, block := range loopbackIPBlocks {

  37. 		if block.Contains(pip) {

  38. 			return true

  39. 		}

  40. 	}

  41. 	return false

  42. }

  43. 

  44. // IsValidURL checks if URL is valid

  45. func IsValidURL(uri string) bool {

  46. 	if u, err := url.ParseRequestURI(uri); err != nil ||

  47. 		(u.Scheme != "http" && u.Scheme != "https") ||

  48. 		!validPort(portOnly(u.Host)) {

  49. 		return false

  50. 	}

  51. 

  52. 	return true

  53. }

  54. 

  55. // IsAPIURL checks if URL is current Gitea instance API URL

  56. func IsAPIURL(uri string) bool {

  57. 	return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))

  58. }

  59. 

  60. // IsValidExternalURL checks if URL is valid external URL

  61. func IsValidExternalURL(uri string) bool {

  62. 	if !IsValidURL(uri) || IsAPIURL(uri) {

  63. 		return false

  64. 	}

  65. 

  66. 	u, err := url.ParseRequestURI(uri)

  67. 	if err != nil {

  68. 		return false

  69. 	}

  70. 

  71. 	// Currently check only if not loopback IP is provided to keep compatibility

  72. 	if isLoopbackIP(u.Hostname()) || strings.ToLower(u.Hostname()) == "localhost" {

  73. 		return false

  74. 	}

  75. 

  76. 	// TODO: Later it should be added to allow local network IP addreses

  77. 	//       only if allowed by special setting

  78. 

  79. 	return true

  80. }

  81. 

  82. // IsValidExternalTrackerURLFormat checks if URL matches required syntax for external trackers

  83. func IsValidExternalTrackerURLFormat(uri string) bool {

  84. 	if !IsValidExternalURL(uri) {

  85. 		return false

  86. 	}

  87. 

  88. 	// check for typoed variables like /{index/ or /[repo}

  89. 	for _, match := range externalTrackerRegex.FindAllStringSubmatch(uri, -1) {

  90. 		if (match[1] == "{" || match[2] == "}") && (match[1] != "{" || match[2] != "}") {

  91. 			return false

  92. 		}

  93. 	}

  94. 

  95. 	return true

  96. }
上海开阖软件有限公司 沪ICP备12045867号-1