Affected by GO-2022-0540 and 133 other vulnerabilities

GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server

GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server

GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server

GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server

GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server

GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server

GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server

GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server

GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server

GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server

GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server

GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server

GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server

GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server

GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server

GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server

GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server

GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server

GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server

GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server

GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server

GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server

GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server

GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server

GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server

GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server

GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server

GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server

GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server

GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server

GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server

GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server

GO-2025-3377: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3379: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server

GO-2025-3380: Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server

GO-2025-3392: Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

GO-2025-3393: Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server

GO-2025-3394: Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

GO-2025-3407: Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server

GO-2025-3480: Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server

GO-2025-3481: Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server

GO-2025-3482: Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server

GO-2025-3483: Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server

GO-2025-3534: Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server

GO-2025-3549: Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server

GO-2025-3550: Mattermost Fails to Restrict Command Execution in Archived Channels in github.com/mattermost/mattermost-server

GO-2025-3551: Mattermost Fails to Enforce MFA on Plugin Endpoints in github.com/mattermost/mattermost-server

GO-2025-3552: Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server

GO-2025-3555: Mattermost fail to prompt for explicit approval before adding a team admin to a private channel in github.com/mattermost/mattermost-server

GO-2025-3556: Mattermost allows members with permission to convert public channels to private and convert private to public in github.com/mattermost/mattermost-server

GO-2025-3604: Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server

GO-2025-3609: Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server

GO-2025-3610: Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-server

GO-2025-3611: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3618: Mattermost vulnerable to Observable Timing Discrepancy in github.com/mattermost/mattermost-plugin-msteams

GO-2025-3619: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3620: Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server

GO-2025-3621: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3622: Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server

GO-2025-3623: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3642: Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks

GO-2025-3643: Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks

GO-2025-3644: Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks

GO-2025-3691: Mattermost Fails to Verify User's Permissions When Accessing Groups in github.com/mattermost/mattermost-server

GO-2025-3692: Mattermost Fails to Lockout LDAP Users After Repeated Login Failures in github.com/mattermost/mattermost-server

GO-2025-3693: Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server

GO-2025-3694: Mattermost Fails to Check User Access to `ExperimentalSettings` in github.com/mattermost/mattermost-server

GO-2025-3724: Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

GO-2025-3728: Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server

GO-2025-3729: Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server

GO-2025-3730: Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server

GO-2025-3731: Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server

GO-2025-3756: Mattermost allows authenticated administrator to execute LDAP search filter injection in github.com/mattermost/mattermost-server

GO-2025-3757: Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server

GO-2025-3769: Mattermost allows authenticated users to write files to arbitrary locations in github.com/mattermost/mattermost-server

GO-2025-3771: Mattermost allows an unauthorized Guest user access to Playbook in github.com/mattermost/mattermost-server

GO-2025-3772: Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server

GO-2025-3796: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3797: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3818: Mattermost has Insufficiently Protected Credentials in github.com/mattermost/mattermost-server

GO-2025-3819: Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server

GO-2025-3820: Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server

GO-2025-3901: Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server

GO-2025-3902: Mattermost Fails to Properly Validate Team Role Modification in github.com/mattermost/mattermost-server

GO-2025-3903: Mattermost Lack of Access Control Validation in github.com/mattermost/mattermost-server

GO-2025-3904: Mattermost Fails to Validate Remote Cluster Upload Sessions in github.com/mattermost/mattermost-server

GO-2025-3905: Mattermost Does Not Sanitize the Team Invite ID in github.com/mattermost/mattermost-server

GO-2025-3906: Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server

GO-2025-3907: Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server

GO-2025-3910: Mattermost Fails to Sanitize File Names in github.com/mattermost/mattermost-server

GO-2025-3911: Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server

GO-2025-3950: Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3958: Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server

GO-2025-3959: Mattermost makes Use of Weak Hash in github.com/mattermost/mattermost-server

GO-2025-3960: Mattermost Open Redirect vulnerability in github.com/mattermost/mattermost-server

GO-2025-3977: Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server

GO-2025-3978: Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards

GO-2025-4029: Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-4030: Mattermost has an Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-4032: Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-4035: Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-4036: Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server

GO-2025-4122: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost

GO-2025-4126: Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost

GO-2025-4128: Mattermost does not enforce MFA on WebSocket connections in github.com/mattermost/mattermost-server

GO-2025-4129: Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server

GO-2025-4130: Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server

GO-2025-4131: Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server

GO-2025-4133: Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server

GO-2025-4168: Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server

GO-2025-4169: Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server

GO-2025-4170: Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server

GO-2025-4172: Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost

GO-2025-4178: Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost

GO-2025-4247: Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost

GO-2025-4256: Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost

web

package

v6.2.2 Latest Latest Go to latest Published: Jan 17, 2022 License: AGPL-3.0, Apache-2.0 Imports: 40 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mattermost/mattermost-server

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckClientCompatibility(agentString string) bool
func GetHandlerName(h func(*Context, http.ResponseWriter, *http.Request)) string
func Handle404(a app.AppIface, w http.ResponseWriter, r *http.Request)
func IsAPICall(a app.AppIface, r *http.Request) bool
func IsOAuthAPICall(a app.AppIface, r *http.Request) bool
func IsWebhookCall(a app.AppIface, r *http.Request) bool
func NewInvalidParamError(parameter string) *model.AppError
func NewInvalidRemoteClusterTokenError() *model.AppError
func NewInvalidRemoteIdError(parameter string) *model.AppError
func NewInvalidURLParamError(parameter string) *model.AppError
func NewJSONEncodingError() *model.AppError
func NewServerBusyError() *model.AppError
func ReturnStatusOK(w http.ResponseWriter)
type Browser
type Context
- func (c *Context) CloudKeyRequired()
- func (c *Context) ExtendSessionExpiryIfNeeded(w http.ResponseWriter, r *http.Request)
- func (c *Context) GetRemoteID(r *http.Request) string
- func (c *Context) GetSiteURLHeader() string
- func (c *Context) HandleEtag(etag string, routeName string, w http.ResponseWriter, r *http.Request) bool
- func (c *Context) IsSystemAdmin() bool
- func (c *Context) LogAudit(extraInfo string)
- func (c *Context) LogAuditRec(rec *audit.Record)
- func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level)
- func (c *Context) LogAuditWithUserId(userId, extraInfo string)
- func (c *Context) LogErrorByCode(err *model.AppError)
- func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Record
- func (c *Context) MfaRequired()
- func (c *Context) RemoteClusterTokenRequired()
- func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request)
- func (c *Context) RequireAppId() *Context
- func (c *Context) RequireBotUserId() *Context
- func (c *Context) RequireCategory() *Context
- func (c *Context) RequireCategoryId() *Context
- func (c *Context) RequireChannelId() *Context
- func (c *Context) RequireChannelName() *Context
- func (c *Context) RequireCommandId() *Context
- func (c *Context) RequireEmojiId() *Context
- func (c *Context) RequireEmojiName() *Context
- func (c *Context) RequireFileId() *Context
- func (c *Context) RequireFilename() *Context
- func (c *Context) RequireGroupId() *Context
- func (c *Context) RequireHookId() *Context
- func (c *Context) RequireInviteId() *Context
- func (c *Context) RequireInvoiceId() *Context
- func (c *Context) RequireJobId() *Context
- func (c *Context) RequireJobType() *Context
- func (c *Context) RequirePluginId() *Context
- func (c *Context) RequirePolicyId() *Context
- func (c *Context) RequirePostId() *Context
- func (c *Context) RequirePreferenceName() *Context
- func (c *Context) RequireRemoteId() *Context
- func (c *Context) RequireReportId() *Context
- func (c *Context) RequireRoleId() *Context
- func (c *Context) RequireRoleName() *Context
- func (c *Context) RequireSchemeId() *Context
- func (c *Context) RequireService() *Context
- func (c *Context) RequireSyncableId() *Context
- func (c *Context) RequireSyncableType() *Context
- func (c *Context) RequireTeamId() *Context
- func (c *Context) RequireTeamName() *Context
- func (c *Context) RequireThreadId() *Context
- func (c *Context) RequireTimestamp() *Context
- func (c *Context) RequireTokenId() *Context
- func (c *Context) RequireUploadId() *Context
- func (c *Context) RequireUserId() *Context
- func (c *Context) RequireUsername() *Context
- func (c *Context) SanitizeEmail() *Context
- func (c *Context) SessionRequired()
- func (c *Context) SetCommandNotFoundError()
- func (c *Context) SetInvalidParam(parameter string)
- func (c *Context) SetInvalidRemoteClusterTokenError()
- func (c *Context) SetInvalidRemoteIdError(id string)
- func (c *Context) SetInvalidURLParam(parameter string)
- func (c *Context) SetJSONEncodingError()
- func (c *Context) SetPermissionError(permissions ...*model.Permission)
- func (c *Context) SetServerBusyError()
- func (c *Context) SetSiteURLHeader(url string)
type Handler
- func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type MattermostApp
type Params
- func ParamsFromRequest(r *http.Request) *Params
type SystemBrowser
type Web
- func New(srv *app.Server) *Web
- func (w *Web) APIHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler
- func (w *Web) APIHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler
- func (w *Web) APISessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler
- func (w *Web) InitOAuth()
- func (w *Web) InitSaml()
- func (w *Web) InitStatic()
- func (w *Web) InitWebhooks()
- func (w *Web) NewHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler
- func (w *Web) NewStaticHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

Constants ¶

View Source

const (
	PageDefault        = 0
	PerPageDefault     = 60
	PerPageMaximum     = 200
	LogsPerPageDefault = 10000
	LogsPerPageMaximum = 10000
	LimitDefault       = 60
	LimitMaximum       = 200
)

Variables ¶

This section is empty.

Functions ¶

func CheckClientCompatibility ¶

func CheckClientCompatibility(agentString string) bool

func GetHandlerName ¶

func GetHandlerName(h func(*Context, http.ResponseWriter, *http.Request)) string

func Handle404 ¶

func Handle404(a app.AppIface, w http.ResponseWriter, r *http.Request)

func IsAPICall ¶

func IsAPICall(a app.AppIface, r *http.Request) bool

func IsOAuthAPICall ¶

func IsOAuthAPICall(a app.AppIface, r *http.Request) bool

func IsWebhookCall ¶

func IsWebhookCall(a app.AppIface, r *http.Request) bool

func NewInvalidParamError ¶

func NewInvalidParamError(parameter string) *model.AppError

func NewInvalidRemoteClusterTokenError ¶

func NewInvalidRemoteClusterTokenError() *model.AppError

func NewInvalidRemoteIdError ¶

func NewInvalidRemoteIdError(parameter string) *model.AppError

func NewInvalidURLParamError ¶

func NewInvalidURLParamError(parameter string) *model.AppError

func NewJSONEncodingError ¶

func NewJSONEncodingError() *model.AppError

func NewServerBusyError ¶

func NewServerBusyError() *model.AppError

func ReturnStatusOK ¶

func ReturnStatusOK(w http.ResponseWriter)

Types ¶

type Browser ¶

type Browser struct {
	LogoSrc                string
	Title                  string
	SupportedVersionString string
	Src                    string
	GetLatestString        string
}

Browser describes a browser with a download link

type Context ¶

type Context struct {
	App        app.AppIface
	AppContext *request.Context
	Logger     *mlog.Logger
	Params     *Params
	Err        *model.AppError
	// contains filtered or unexported fields
}

func (*Context) CloudKeyRequired ¶

func (c *Context) CloudKeyRequired()

func (*Context) ExtendSessionExpiryIfNeeded ¶

func (c *Context) ExtendSessionExpiryIfNeeded(w http.ResponseWriter, r *http.Request)

ExtendSessionExpiryIfNeeded will update Session.ExpiresAt based on session lengths in config. Session cookies will be resent to the client with updated max age.

func (*Context) GetRemoteID ¶

func (c *Context) GetRemoteID(r *http.Request) string

func (*Context) GetSiteURLHeader ¶

func (c *Context) GetSiteURLHeader() string

func (*Context) HandleEtag ¶

func (c *Context) HandleEtag(etag string, routeName string, w http.ResponseWriter, r *http.Request) bool

func (*Context) IsSystemAdmin ¶

func (c *Context) IsSystemAdmin() bool

func (*Context) LogAudit ¶

func (c *Context) LogAudit(extraInfo string)

func (*Context) LogAuditRec ¶

func (c *Context) LogAuditRec(rec *audit.Record)

LogAuditRec logs an audit record using default LevelAPI.

func (*Context) LogAuditRecWithLevel ¶

func (c *Context) LogAuditRecWithLevel(rec *audit.Record, level mlog.Level)

LogAuditRec logs an audit record using specified Level. If the context is flagged with a permissions error then `level` is ignored and the audit record is emitted with `LevelPerms`.

func (*Context) LogAuditWithUserId ¶

func (c *Context) LogAuditWithUserId(userId, extraInfo string)

func (*Context) LogErrorByCode ¶

func (c *Context) LogErrorByCode(err *model.AppError)

func (*Context) MakeAuditRecord ¶

func (c *Context) MakeAuditRecord(event string, initialStatus string) *audit.Record

MakeAuditRecord creates a audit record pre-populated with data from this context.

func (*Context) MfaRequired ¶

func (c *Context) MfaRequired()

func (*Context) RemoteClusterTokenRequired ¶

func (c *Context) RemoteClusterTokenRequired()

func (*Context) RemoveSessionCookie ¶

func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request)

func (*Context) RequireAppId ¶

func (c *Context) RequireAppId() *Context

func (*Context) RequireBotUserId ¶

func (c *Context) RequireBotUserId() *Context

func (*Context) RequireCategory ¶

func (c *Context) RequireCategory() *Context

func (*Context) RequireCategoryId ¶

func (c *Context) RequireCategoryId() *Context

func (*Context) RequireChannelId ¶

func (c *Context) RequireChannelId() *Context

func (*Context) RequireChannelName ¶

func (c *Context) RequireChannelName() *Context

func (*Context) RequireCommandId ¶

func (c *Context) RequireCommandId() *Context

func (*Context) RequireEmojiId ¶

func (c *Context) RequireEmojiId() *Context

func (*Context) RequireEmojiName ¶

func (c *Context) RequireEmojiName() *Context

func (*Context) RequireFileId ¶

func (c *Context) RequireFileId() *Context

func (*Context) RequireFilename ¶

func (c *Context) RequireFilename() *Context

func (*Context) RequireGroupId ¶

func (c *Context) RequireGroupId() *Context

func (*Context) RequireHookId ¶

func (c *Context) RequireHookId() *Context

func (*Context) RequireInviteId ¶

func (c *Context) RequireInviteId() *Context

func (*Context) RequireInvoiceId ¶

func (c *Context) RequireInvoiceId() *Context

func (*Context) RequireJobId ¶

func (c *Context) RequireJobId() *Context

func (*Context) RequireJobType ¶

func (c *Context) RequireJobType() *Context

func (*Context) RequirePluginId ¶

func (c *Context) RequirePluginId() *Context

func (*Context) RequirePolicyId ¶

func (c *Context) RequirePolicyId() *Context

func (*Context) RequirePostId ¶

func (c *Context) RequirePostId() *Context

func (*Context) RequirePreferenceName ¶

func (c *Context) RequirePreferenceName() *Context

func (*Context) RequireRemoteId ¶

func (c *Context) RequireRemoteId() *Context

func (*Context) RequireReportId ¶

func (c *Context) RequireReportId() *Context

func (*Context) RequireRoleId ¶

func (c *Context) RequireRoleId() *Context

func (*Context) RequireRoleName ¶

func (c *Context) RequireRoleName() *Context

func (*Context) RequireSchemeId ¶

func (c *Context) RequireSchemeId() *Context

func (*Context) RequireService ¶

func (c *Context) RequireService() *Context

func (*Context) RequireSyncableId ¶

func (c *Context) RequireSyncableId() *Context

func (*Context) RequireSyncableType ¶

func (c *Context) RequireSyncableType() *Context

func (*Context) RequireTeamId ¶

func (c *Context) RequireTeamId() *Context

func (*Context) RequireTeamName ¶

func (c *Context) RequireTeamName() *Context

func (*Context) RequireThreadId ¶

func (c *Context) RequireThreadId() *Context

func (*Context) RequireTimestamp ¶

func (c *Context) RequireTimestamp() *Context

func (*Context) RequireTokenId ¶

func (c *Context) RequireTokenId() *Context

func (*Context) RequireUploadId ¶

func (c *Context) RequireUploadId() *Context

func (*Context) RequireUserId ¶

func (c *Context) RequireUserId() *Context

func (*Context) RequireUsername ¶

func (c *Context) RequireUsername() *Context

func (*Context) SanitizeEmail ¶

func (c *Context) SanitizeEmail() *Context

func (*Context) SessionRequired ¶

func (c *Context) SessionRequired()

func (*Context) SetCommandNotFoundError ¶

func (c *Context) SetCommandNotFoundError()

func (*Context) SetInvalidParam ¶

func (c *Context) SetInvalidParam(parameter string)

func (*Context) SetInvalidRemoteClusterTokenError ¶

func (c *Context) SetInvalidRemoteClusterTokenError()

func (*Context) SetInvalidRemoteIdError ¶

func (c *Context) SetInvalidRemoteIdError(id string)

func (*Context) SetInvalidURLParam ¶

func (c *Context) SetInvalidURLParam(parameter string)

func (*Context) SetJSONEncodingError ¶

func (c *Context) SetJSONEncodingError()

func (*Context) SetPermissionError ¶

func (c *Context) SetPermissionError(permissions ...*model.Permission)

func (*Context) SetServerBusyError ¶

func (c *Context) SetServerBusyError()

func (*Context) SetSiteURLHeader ¶

func (c *Context) SetSiteURLHeader(url string)

type Handler ¶

type Handler struct {
	Srv                       *app.Server
	HandleFunc                func(*Context, http.ResponseWriter, *http.Request)
	HandlerName               string
	RequireSession            bool
	RequireCloudKey           bool
	RequireRemoteClusterToken bool
	TrustRequester            bool
	RequireMfa                bool
	IsStatic                  bool
	IsLocal                   bool
	DisableWhenBusy           bool
	// contains filtered or unexported fields
}

func (Handler) ServeHTTP ¶

func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type MattermostApp ¶

type MattermostApp struct {
	LogoSrc                string
	Title                  string
	SupportedVersionString string
	Label                  string
	Link                   string
	InstallGuide           string
	InstallGuideLink       string
}

MattermostApp describes downloads for the Mattermost App

type Params ¶

type Params struct {
	UserId                    string
	TeamId                    string
	InviteId                  string
	TokenId                   string
	ThreadId                  string
	Timestamp                 int64
	ChannelId                 string
	PostId                    string
	PolicyId                  string
	FileId                    string
	Filename                  string
	UploadId                  string
	PluginId                  string
	CommandId                 string
	HookId                    string
	ReportId                  string
	EmojiId                   string
	AppId                     string
	Email                     string
	Username                  string
	TeamName                  string
	ChannelName               string
	PreferenceName            string
	EmojiName                 string
	Category                  string
	Service                   string
	JobId                     string
	JobType                   string
	ActionId                  string
	RoleId                    string
	RoleName                  string
	SchemeId                  string
	Scope                     string
	GroupId                   string
	Page                      int
	PerPage                   int
	LogsPerPage               int
	Permanent                 bool
	RemoteId                  string
	SyncableId                string
	SyncableType              model.GroupSyncableType
	BotUserId                 string
	Q                         string
	IsLinked                  *bool
	IsConfigured              *bool
	NotAssociatedToTeam       string
	NotAssociatedToChannel    string
	Paginate                  *bool
	IncludeMemberCount        bool
	NotAssociatedToGroup      string
	ExcludeDefaultChannels    bool
	LimitAfter                int
	LimitBefore               int
	GroupIDs                  string
	IncludeTotalCount         bool
	IncludeDeleted            bool
	FilterAllowReference      bool
	FilterParentTeamPermitted bool
	CategoryId                string
	WarnMetricId              string
	ExportName                string
	ExcludePolicyConstrained  bool

	// Cloud
	InvoiceId string
}

func ParamsFromRequest ¶

func ParamsFromRequest(r *http.Request) *Params

type SystemBrowser ¶

type SystemBrowser struct {
	LogoSrc                string
	Title                  string
	SupportedVersionString string
	LabelOpen              string
	LinkOpen               string
	LinkMakeDefault        string
	OrString               string
	MakeDefaultString      string
}

SystemBrowser describes a browser but includes 2 links: one to open the local browser, and one to make it default

type Web ¶

type Web struct {
	MainRouter *mux.Router
	// contains filtered or unexported fields
}

func New ¶

func New(srv *app.Server) *Web

func (*Web) APIHandler ¶

func (w *Web) APIHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

APIHandler provides a handler for API endpoints which do not require the user to be logged in order for access to be granted.

func (*Web) APIHandlerTrustRequester ¶

func (w *Web) APIHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

APIHandlerTrustRequester provides a handler for API endpoints which do not require the user to be logged in and are allowed to be requested directly rather than via javascript/XMLHttpRequest, such as site branding images or the websocket.

func (*Web) APISessionRequired ¶

func (w *Web) APISessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

APISessionRequired provides a handler for API endpoints which require the user to be logged in in order for access to be granted.

func (*Web) InitOAuth ¶

func (w *Web) InitOAuth()

func (*Web) InitSaml ¶

func (w *Web) InitSaml()

func (*Web) InitStatic ¶

func (w *Web) InitStatic()

func (*Web) InitWebhooks ¶

func (w *Web) InitWebhooks()

func (*Web) NewHandler ¶

func (w *Web) NewHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

func (*Web) NewStaticHandler ¶

func (w *Web) NewStaticHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL