From e68b9d00a6e05b3a941f63ffb696f91e554ac5ec Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 18 Oct 2024 20:33:49 +0200 Subject: Adding upstream version 9.0.3. Signed-off-by: Daniel Baumann --- modules/validation/helpers.go | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 modules/validation/helpers.go (limited to 'modules/validation/helpers.go') diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go new file mode 100644 index 0000000..567ad86 --- /dev/null +++ b/modules/validation/helpers.go @@ -0,0 +1,136 @@ +// Copyright 2018 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package validation + +import ( + "net" + "net/url" + "regexp" + "strings" + + "code.gitea.io/gitea/modules/setting" + + "github.com/gobwas/glob" +) + +var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`) + +func isLoopbackIP(ip string) bool { + return net.ParseIP(ip).IsLoopback() +} + +// IsValidURL checks if URL is valid +func IsValidURL(uri string) bool { + if u, err := url.ParseRequestURI(uri); err != nil || + (u.Scheme != "http" && u.Scheme != "https") || + !validPort(portOnly(u.Host)) { + return false + } + + return true +} + +// IsValidSiteURL checks if URL is valid +func IsValidSiteURL(uri string) bool { + u, err := url.ParseRequestURI(uri) + if err != nil { + return false + } + + if !validPort(portOnly(u.Host)) { + return false + } + + for _, scheme := range setting.Service.ValidSiteURLSchemes { + if scheme == u.Scheme { + return true + } + } + return false +} + +// IsEmailDomainListed checks whether the domain of an email address +// matches a list of domains +func IsEmailDomainListed(globs []glob.Glob, email string) bool { + if len(globs) == 0 { + return false + } + + n := strings.LastIndex(email, "@") + if n <= 0 { + return false + } + + domain := strings.ToLower(email[n+1:]) + + for _, g := range globs { + if g.Match(domain) { + return true + } + } + + return false +} + +// IsAPIURL checks if URL is current Gitea instance API URL +func IsAPIURL(uri string) bool { + return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api")) +} + +// IsValidExternalURL checks if URL is valid external URL +func IsValidExternalURL(uri string) bool { + if !IsValidURL(uri) || IsAPIURL(uri) { + return false + } + + u, err := url.ParseRequestURI(uri) + if err != nil { + return false + } + + // Currently check only if not loopback IP is provided to keep compatibility + if isLoopbackIP(u.Hostname()) || strings.ToLower(u.Hostname()) == "localhost" { + return false + } + + // TODO: Later it should be added to allow local network IP addresses + // only if allowed by special setting + + return true +} + +// IsValidExternalTrackerURLFormat checks if URL matches required syntax for external trackers +func IsValidExternalTrackerURLFormat(uri string) bool { + if !IsValidExternalURL(uri) { + return false + } + + // check for typoed variables like /{index/ or /[repo} + for _, match := range externalTrackerRegex.FindAllStringSubmatch(uri, -1) { + if (match[1] == "{" || match[2] == "}") && (match[1] != "{" || match[2] != "}") { + return false + } + } + + return true +} + +var ( + validUsernamePatternWithDots = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`) + validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`) + + // No consecutive or trailing non-alphanumeric chars, catches both cases + invalidUsernamePattern = regexp.MustCompile(`[-._]{2,}|[-._]$`) +) + +// IsValidUsername checks if username is valid +func IsValidUsername(name string) bool { + // It is difficult to find a single pattern that is both readable and effective, + // but it's easier to use positive and negative checks. + if setting.Service.AllowDotsInUsernames { + return validUsernamePatternWithDots.MatchString(name) && !invalidUsernamePattern.MatchString(name) + } + + return validUsernamePatternWithoutDots.MatchString(name) && !invalidUsernamePattern.MatchString(name) +} -- cgit v1.2.3