Skip to content

Commit 017f314

Browse files
zeripathzeripath
authored
Use Req.URL.RequestURI() to cope with FCGI urls (#9473)
* Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API.
1 parent 546523a commit 017f314

File tree

8 files changed

+17
-15
lines changed

8 files changed

+17
-15
lines changed

docs/content/doc/advanced/config-cheat-sheet.en-us.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -410,7 +410,7 @@ relation to port exhaustion.
410410
NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
411411
- `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
412412
- `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
413-
- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
413+
- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
414414
- The following variables are available:
415415
- `Ctx`: the `macaron.Context` of the request.
416416
- `Identity`: the SignedUserName or `"-"` if not logged in.

docs/content/doc/advanced/logging-documentation.en-us.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ log using the value: `ACCESS = ,`
143143

144144
This value represent a go template. It's default value is:
145145

146-
`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
146+
`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
147147

148148
The template is passed following options:
149149

modules/context/auth.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
4949
if ctx.Req.URL.Path != "/user/settings/change_password" {
5050
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
5151
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
52-
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
52+
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
5353
ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
5454
return
5555
}
@@ -61,7 +61,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
6161
}
6262

6363
// Redirect to dashboard if user tries to visit any non-login page.
64-
if options.SignOutRequired && ctx.IsSigned && ctx.Req.RequestURI != "/" {
64+
if options.SignOutRequired && ctx.IsSigned && ctx.Req.URL.RequestURI() != "/" {
6565
ctx.Redirect(setting.AppSubURL + "/")
6666
return
6767
}
@@ -83,7 +83,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
8383
return
8484
}
8585

86-
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
86+
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
8787
ctx.Redirect(setting.AppSubURL + "/user/login")
8888
return
8989
} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
@@ -118,7 +118,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
118118
// Redirect to log in page if auto-signin info is provided and has not signed in.
119119
if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&
120120
len(ctx.GetCookie(setting.CookieUserName)) > 0 {
121-
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
121+
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
122122
ctx.Redirect(setting.AppSubURL + "/user/login")
123123
return
124124
}

modules/context/permission.go

+5-5
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import (
1515
func RequireRepoAdmin() macaron.Handler {
1616
return func(ctx *Context) {
1717
if !ctx.IsSigned || !ctx.Repo.IsAdmin() {
18-
ctx.NotFound(ctx.Req.RequestURI, nil)
18+
ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
1919
return
2020
}
2121
}
@@ -25,7 +25,7 @@ func RequireRepoAdmin() macaron.Handler {
2525
func RequireRepoWriter(unitType models.UnitType) macaron.Handler {
2626
return func(ctx *Context) {
2727
if !ctx.Repo.CanWrite(unitType) {
28-
ctx.NotFound(ctx.Req.RequestURI, nil)
28+
ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
2929
return
3030
}
3131
}
@@ -39,7 +39,7 @@ func RequireRepoWriterOr(unitTypes ...models.UnitType) macaron.Handler {
3939
return
4040
}
4141
}
42-
ctx.NotFound(ctx.Req.RequestURI, nil)
42+
ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
4343
}
4444
}
4545

@@ -63,7 +63,7 @@ func RequireRepoReader(unitType models.UnitType) macaron.Handler {
6363
ctx.Repo.Permission)
6464
}
6565
}
66-
ctx.NotFound(ctx.Req.RequestURI, nil)
66+
ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
6767
return
6868
}
6969
}
@@ -96,6 +96,6 @@ func RequireRepoReaderOr(unitTypes ...models.UnitType) macaron.Handler {
9696
args = append(args, ctx.Repo.Repository, ctx.Repo.Permission)
9797
log.Trace(format, args...)
9898
}
99-
ctx.NotFound(ctx.Req.RequestURI, nil)
99+
ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
100100
}
101101
}

modules/setting/log.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ func newMacaronLogService() {
204204
func newAccessLogService() {
205205
EnableAccessLog = Cfg.Section("log").Key("ENABLE_ACCESS_LOG").MustBool(false)
206206
AccessLogTemplate = Cfg.Section("log").Key("ACCESS_LOG_TEMPLATE").MustString(
207-
`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`)
207+
`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`)
208208
Cfg.Section("log").Key("ACCESS").MustString("file")
209209
if EnableAccessLog {
210210
options := newDefaultLogOptions()

routers/home.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ func Home(ctx *context.Context) {
4545
} else if ctx.User.MustChangePassword {
4646
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
4747
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
48-
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
48+
ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
4949
ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
5050
} else {
5151
user.Dashboard(ctx)

routers/private/internal.go

+2
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
"strings"
1010

1111
"code.gitea.io/gitea/models"
12+
"code.gitea.io/gitea/modules/log"
1213
"code.gitea.io/gitea/modules/setting"
1314

1415
"gitea.com/macaron/macaron"
@@ -19,6 +20,7 @@ func CheckInternalToken(ctx *macaron.Context) {
1920
tokens := ctx.Req.Header.Get("Authorization")
2021
fields := strings.Fields(tokens)
2122
if len(fields) != 2 || fields[0] != "Bearer" || fields[1] != setting.InternalToken {
23+
log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens)
2224
ctx.Error(403)
2325
}
2426
}

routers/routes/routes.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -97,13 +97,13 @@ func RouterHandler(level log.Level) func(ctx *macaron.Context) {
9797
return func(ctx *macaron.Context) {
9898
start := time.Now()
9999

100-
_ = log.GetLogger("router").Log(0, level, "Started %s %s for %s", log.ColoredMethod(ctx.Req.Method), ctx.Req.RequestURI, ctx.RemoteAddr())
100+
_ = log.GetLogger("router").Log(0, level, "Started %s %s for %s", log.ColoredMethod(ctx.Req.Method), ctx.Req.URL.RequestURI(), ctx.RemoteAddr())
101101

102102
rw := ctx.Resp.(macaron.ResponseWriter)
103103
ctx.Next()
104104

105105
status := rw.Status()
106-
_ = log.GetLogger("router").Log(0, level, "Completed %s %s %v %s in %v", log.ColoredMethod(ctx.Req.Method), ctx.Req.RequestURI, log.ColoredStatus(status), log.ColoredStatus(status, http.StatusText(rw.Status())), log.ColoredTime(time.Since(start)))
106+
_ = log.GetLogger("router").Log(0, level, "Completed %s %s %v %s in %v", log.ColoredMethod(ctx.Req.Method), ctx.Req.URL.RequestURI(), log.ColoredStatus(status), log.ColoredStatus(status, http.StatusText(rw.Status())), log.ColoredTime(time.Since(start)))
107107
}
108108
}
109109

0 commit comments

Comments
 (0)