Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-01 19:15:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve authentication for H2 console.

Browse Source
This commit is contained in:
takezoe
2013-07-25 03:16:34 +09:00
parent 34e2663492
commit 07ef06ad95
1 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/scala/app/ControllerBase.scala
View File

@@ -1,7 +1,7 @@
package app package app
import _root_.util.Directory._ import _root_.util.Directory._
import _root_.util.{FileUtil, Validations} import _root_.util.{StringUtil, FileUtil, Validations}
import org.scalatra._ import org.scalatra._
import org.scalatra.json._ import org.scalatra.json._
import org.json4s._ import org.json4s._
@@ -10,7 +10,7 @@ import org.apache.commons.io.FileUtils
import model.Account import model.Account
import scala.Some import scala.Some
import service.AccountService import service.AccountService
import javax.servlet.http.{HttpSession, HttpServletRequest} import javax.servlet.http.{HttpServletResponse, HttpSession, HttpServletRequest}
import java.text.SimpleDateFormat import java.text.SimpleDateFormat
import javax.servlet.{FilterChain, ServletResponse, ServletRequest} import javax.servlet.{FilterChain, ServletResponse, ServletRequest}
@@ -23,16 +23,28 @@ abstract class ControllerBase extends ScalatraFilter
implicit val jsonFormats = DefaultFormats implicit val jsonFormats = DefaultFormats
override def doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) { override def doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) {
val httpRequest = request.asInstanceOf[HttpServletRequest] val httpRequest = request.asInstanceOf[HttpServletRequest]
val path = httpRequest.getRequestURI.substring(request.getServletContext.getContextPath.length) val httpResponse = response.asInstanceOf[HttpServletResponse]
val context = request.getServletContext.getContextPath
val path = httpRequest.getRequestURI.substring(context.length)
if(path.startsWith("/console/")){ if(path.startsWith("/console/")){
Option(httpRequest.getSession.getAttribute("LOGIN_ACCOUNT").asInstanceOf[Account]).collect { val account = httpRequest.getSession.getAttribute("LOGIN_ACCOUNT").asInstanceOf[Account]
case account if(account.isAdmin) => chain.doFilter(request, response) if(account == null){
// Redirect to login form
httpResponse.sendRedirect(context + "/signin?" + path)
} else if(account.isAdmin){
// H2 Console (administrators only)
chain.doFilter(request, response)
} else {
// Redirect to dashboard
httpResponse.sendRedirect(context + "/")
} }
} else if(path.startsWith("/git/")){ } else if(path.startsWith("/git/")){
// Git repository
chain.doFilter(request, response) chain.doFilter(request, response)
} else { } else {
// Scalatra actions
super.doFilter(request, response, chain) super.doFilter(request, response, chain)
} }
} }