初始提交: Gitea 项目代码

modules/base/natural_sort.go

@@ -0,0 +1,70 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"unicode/utf8"
+
+	"golang.org/x/text/collate"
+	"golang.org/x/text/language"
+)
+
+func naturalSortGetRune(str string, pos int) (r rune, size int, has bool) {
+	if pos >= len(str) {
+		return 0, 0, false
+	}
+	r, size = utf8.DecodeRuneInString(str[pos:])
+	if r == utf8.RuneError {
+		r, size = rune(str[pos]), 1 // if invalid input, treat it as a single byte ascii
+	}
+	return r, size, true
+}
+
+func naturalSortAdvance(str string, pos int) (end int, isNumber bool) {
+	end = pos
+	for {
+		r, size, has := naturalSortGetRune(str, end)
+		if !has {
+			break
+		}
+		isCurRuneNum := '0' <= r && r <= '9'
+		if end == pos {
+			isNumber = isCurRuneNum
+			end += size
+		} else if isCurRuneNum == isNumber {
+			end += size
+		} else {
+			break
+		}
+	}
+	return end, isNumber
+}
+
+// NaturalSortCompare compares two strings so that they could be sorted in natural order
+func NaturalSortCompare(s1, s2 string) int {
+	// There is a bug in Golang's collate package: https://github.com/golang/go/issues/67997
+	// text/collate: CompareString(collate.Numeric) returns wrong result for "0.0" vs "1.0" #67997
+	// So we need to handle the number parts by ourselves
+	c := collate.New(language.English, collate.Numeric)
+	pos1, pos2 := 0, 0
+	for pos1 < len(s1) && pos2 < len(s2) {
+		end1, isNum1 := naturalSortAdvance(s1, pos1)
+		end2, isNum2 := naturalSortAdvance(s2, pos2)
+		part1, part2 := s1[pos1:end1], s2[pos2:end2]
+		if isNum1 && isNum2 {
+			if part1 != part2 {
+				if len(part1) != len(part2) {
+					return len(part1) - len(part2)
+				}
+				return c.CompareString(part1, part2)
+			}
+		} else {
+			if cmp := c.CompareString(part1, part2); cmp != 0 {
+				return cmp
+			}
+		}
+		pos1, pos2 = end1, end2
+	}
+	return len(s1) - len(s2)
+}

modules/base/natural_sort_test.go

@@ -0,0 +1,43 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNaturalSortLess(t *testing.T) {
+	testLess := func(s1, s2 string) {
+		assert.Negative(t, NaturalSortCompare(s1, s2), "s1<s2 should be true: s1=%q, s2=%q", s1, s2)
+	}
+	testEqual := func(s1, s2 string) {
+		assert.Zero(t, NaturalSortCompare(s1, s2), "s1<s2 should be false: s1=%q, s2=%q", s1, s2)
+	}
+
+	testEqual("", "")
+	testLess("", "a")
+	testLess("", "1")
+
+	testLess("v1.2", "v1.2.0")
+	testLess("v1.2.0", "v1.10.0")
+	testLess("v1.20.0", "v1.29.0")
+	testEqual("v1.20.0", "v1.20.0")
+
+	testLess("a", "A")
+	testLess("a", "B")
+	testLess("A", "b")
+	testLess("A", "ab")
+
+	testLess("abc", "bcd")
+	testLess("a-1-a", "a-1-b")
+	testLess("2", "12")
+
+	testLess("cafe", "café")
+	testLess("café", "caff")
+
+	testLess("A-2", "A-11")
+	testLess("0.txt", "1.txt")
+}

modules/base/tool.go

@@ -0,0 +1,124 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/hex"
+	"fmt"
+	"hash"
+	"strconv"
+	"time"
+
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"
+
+	"github.com/dustin/go-humanize"
+)
+
+// EncodeSha256 string to sha256 hex value.
+func EncodeSha256(str string) string {
+	h := sha256.New()
+	_, _ = h.Write([]byte(str))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+// ShortSha is basically just truncating.
+// It is DEPRECATED and will be removed in the future.
+func ShortSha(sha1 string) string {
+	return util.TruncateRunes(sha1, 10)
+}
+
+// VerifyTimeLimitCode verify time limit code
+func VerifyTimeLimitCode(now time.Time, data string, minutes int, code string) bool {
+	if len(code) <= 18 {
+		return false
+	}
+
+	startTimeStr := code[:12]
+	aliveTimeStr := code[12:18]
+	aliveTime, _ := strconv.Atoi(aliveTimeStr) // no need to check err, if anything wrong, the following code check will fail soon
+
+	// check code
+	retCode := CreateTimeLimitCode(data, aliveTime, startTimeStr, nil)
+	if subtle.ConstantTimeCompare([]byte(retCode), []byte(code)) != 1 {
+		return false
+	}
+
+	// check time is expired or not: startTime <= now && now < startTime + minutes
+	startTime, _ := time.ParseInLocation("200601021504", startTimeStr, time.Local)
+	return (startTime.Before(now) || startTime.Equal(now)) && now.Before(startTime.Add(time.Minute*time.Duration(minutes)))
+}
+
+// TimeLimitCodeLength default value for time limit code
+const TimeLimitCodeLength = 12 + 6 + 40
+
+// CreateTimeLimitCode create a time-limited code.
+// Format: 12 length date time string + 6 minutes string (not used) + 40 hash string, some other code depends on this fixed length
+// If h is nil, then use the default hmac hash.
+func CreateTimeLimitCode[T time.Time | string](data string, minutes int, startTimeGeneric T, h hash.Hash) string {
+	const format = "200601021504"
+
+	var start time.Time
+	var startTimeAny any = startTimeGeneric
+	if t, ok := startTimeAny.(time.Time); ok {
+		start = t
+	} else {
+		var err error
+		start, err = time.ParseInLocation(format, startTimeAny.(string), time.Local)
+		if err != nil {
+			return "" // return an invalid code because the "parse" failed
+		}
+	}
+	startStr := start.Format(format)
+	end := start.Add(time.Minute * time.Duration(minutes))
+
+	if h == nil {
+		h = hmac.New(sha1.New, setting.GetGeneralTokenSigningSecret())
+	}
+	_, _ = fmt.Fprintf(h, "%s%s%s%s%d", data, hex.EncodeToString(setting.GetGeneralTokenSigningSecret()), startStr, end.Format(format), minutes)
+	encoded := hex.EncodeToString(h.Sum(nil))
+
+	code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)
+	if len(code) != TimeLimitCodeLength {
+		panic("there is a hard requirement for the length of time-limited code") // it shouldn't happen
+	}
+	return code
+}
+
+// FileSize calculates the file size and generate user-friendly string.
+func FileSize(s int64) string {
+	return humanize.IBytes(uint64(s))
+}
+
+// StringsToInt64s converts a slice of string to a slice of int64.
+func StringsToInt64s(strs []string) ([]int64, error) {
+	if strs == nil {
+		return nil, nil
+	}
+	ints := make([]int64, 0, len(strs))
+	for _, s := range strs {
+		if s == "" {
+			continue
+		}
+		n, err := strconv.ParseInt(s, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		ints = append(ints, n)
+	}
+	return ints, nil
+}
+
+// Int64sToStrings converts a slice of int64 to a slice of string.
+func Int64sToStrings(ints []int64) []string {
+	strs := make([]string, len(ints))
+	for i := range ints {
+		strs[i] = strconv.FormatInt(ints[i], 10)
+	}
+	return strs
+}

modules/base/tool_test.go

@@ -0,0 +1,119 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package base
+
+import (
+	"crypto/sha1"
+	"fmt"
+	"testing"
+	"time"
+
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEncodeSha256(t *testing.T) {
+	assert.Equal(t,
+		"c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
+		EncodeSha256("foobar"),
+	)
+}
+
+func TestShortSha(t *testing.T) {
+	assert.Equal(t, "veryverylo", ShortSha("veryverylong"))
+}
+
+func TestVerifyTimeLimitCode(t *testing.T) {
+	defer test.MockVariableValue(&setting.InstallLock, true)()
+	initGeneralSecret := func(secret string) {
+		setting.CfgProvider, _ = setting.NewConfigProviderFromData(fmt.Sprintf(`
+[security]
+INTERNAL_TOKEN = dummy
+INSTALL_LOCK = true
+[oauth2]
+JWT_SECRET = %s
+`, secret))
+		setting.LoadCommonSettings()
+	}
+
+	initGeneralSecret("KZb_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko")
+	now := time.Now()
+
+	t.Run("TestGenericParameter", func(t *testing.T) {
+		time2000 := time.Date(2000, 1, 2, 3, 4, 5, 0, time.Local)
+		assert.Equal(t, "2000010203040000026fa5221b2731b7cf80b1b506f5e39e38c115fee5", CreateTimeLimitCode("test-sha1", 2, time2000, sha1.New()))
+		assert.Equal(t, "2000010203040000026fa5221b2731b7cf80b1b506f5e39e38c115fee5", CreateTimeLimitCode("test-sha1", 2, "200001020304", sha1.New()))
+		assert.Equal(t, "2000010203040000024842227a2f87041ff82025199c0187410a9297bf", CreateTimeLimitCode("test-hmac", 2, time2000, nil))
+		assert.Equal(t, "2000010203040000024842227a2f87041ff82025199c0187410a9297bf", CreateTimeLimitCode("test-hmac", 2, "200001020304", nil))
+	})
+
+	t.Run("TestInvalidCode", func(t *testing.T) {
+		assert.False(t, VerifyTimeLimitCode(now, "data", 2, ""))
+		assert.False(t, VerifyTimeLimitCode(now, "data", 2, "invalid code"))
+	})
+
+	t.Run("TestCreateAndVerify", func(t *testing.T) {
+		code := CreateTimeLimitCode("data", 2, now, nil)
+		assert.False(t, VerifyTimeLimitCode(now.Add(-time.Minute), "data", 2, code)) // not started yet
+		assert.True(t, VerifyTimeLimitCode(now, "data", 2, code))
+		assert.True(t, VerifyTimeLimitCode(now.Add(time.Minute), "data", 2, code))
+		assert.False(t, VerifyTimeLimitCode(now.Add(time.Minute), "DATA", 2, code))   // invalid data
+		assert.False(t, VerifyTimeLimitCode(now.Add(2*time.Minute), "data", 2, code)) // expired
+	})
+
+	t.Run("TestDifferentSecret", func(t *testing.T) {
+		// use another secret to ensure the code is invalid for different secret
+		verifyDataCode := func(c string) bool {
+			return VerifyTimeLimitCode(now, "data", 2, c)
+		}
+		code := CreateTimeLimitCode("data", 2, now, nil)
+		assert.True(t, verifyDataCode(code))
+		initGeneralSecret("000_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko")
+		assert.False(t, verifyDataCode(code))
+	})
+}
+
+func TestFileSize(t *testing.T) {
+	var size int64 = 512
+	assert.Equal(t, "512 B", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 KiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 MiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 GiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 TiB", FileSize(size))
+	size *= 1024
+	assert.Equal(t, "512 PiB", FileSize(size))
+	size *= 4
+	assert.Equal(t, "2.0 EiB", FileSize(size))
+}
+
+func TestStringsToInt64s(t *testing.T) {
+	testSuccess := func(input []string, expected []int64) {
+		result, err := StringsToInt64s(input)
+		assert.NoError(t, err)
+		assert.Equal(t, expected, result)
+	}
+	testSuccess(nil, nil)
+	testSuccess([]string{}, []int64{})
+	testSuccess([]string{""}, []int64{})
+	testSuccess([]string{"-1234"}, []int64{-1234})
+	testSuccess([]string{"1", "4", "16", "64", "256"}, []int64{1, 4, 16, 64, 256})
+
+	ints, err := StringsToInt64s([]string{"-1", "a"})
+	assert.Empty(t, ints)
+	assert.Error(t, err)
+}
+
+func TestInt64sToStrings(t *testing.T) {
+	assert.Equal(t, []string{}, Int64sToStrings([]int64{}))
+	assert.Equal(t,
+		[]string{"1", "4", "16", "64", "256"},
+		Int64sToStrings([]int64{1, 4, 16, 64, 256}),
+	)
+}