Use common sessioner for API and Web (#17027)

author zeripath <art27@cantab.net>

Sun, 12 Sep 2021 17:35:38 +0000 (18:35 +0100)

committer GitHub <noreply@github.com>

Sun, 12 Sep 2021 17:35:38 +0000 (19:35 +0200)
author zeripath <art27@cantab.net>
Sun, 12 Sep 2021 17:35:38 +0000 (18:35 +0100)
committer GitHub <noreply@github.com>
Sun, 12 Sep 2021 17:35:38 +0000 (19:35 +0200)
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go

index e74ff40995140e298fe9fed19f73aa9b5838166e..d859642c42a1fbfea9bf696eaf3c5a0748df9756 100644 (file)
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -87,7 +87,6 @@ import (
         "code.gitea.io/gitea/services/forms"
  
         "gitea.com/go-chi/binding"
-       "gitea.com/go-chi/session"
         "github.com/go-chi/cors"
  )
  
@@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc {
  }
  
  // Routes registers all v1 APIs routes to web application.
-func Routes() *web.Route {
+func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
         var m = web.NewRoute()
  
-       m.Use(session.Sessioner(session.Options{
-               Provider:       setting.SessionConfig.Provider,
-               ProviderConfig: setting.SessionConfig.ProviderConfig,
-               CookieName:     setting.SessionConfig.CookieName,
-               CookiePath:     setting.SessionConfig.CookiePath,
-               Gclifetime:     setting.SessionConfig.Gclifetime,
-               Maxlifetime:    setting.SessionConfig.Maxlifetime,
-               Secure:         setting.SessionConfig.Secure,
-               SameSite:       setting.SessionConfig.SameSite,
-               Domain:         setting.SessionConfig.Domain,
-       }))
+       m.Use(sessioner)
+
         m.Use(securityHeaders())
         if setting.CORSConfig.Enabled {
                 m.Use(cors.Handler(cors.Options{
diff --git a/routers/init.go b/routers/init.go

index 27cd066b73ae6212e5a72cf6e308c7c1adbd07b4..fe89c738effca4d14245d811d00e239893404835 100644 (file)
--- a/routers/init.go
+++ b/routers/init.go
@@ -41,6 +41,8 @@ import (
         pull_service "code.gitea.io/gitea/services/pull"
         "code.gitea.io/gitea/services/repository"
         "code.gitea.io/gitea/services/webhook"
+
+       "gitea.com/go-chi/session"
  )
  
  // NewServices init new services
@@ -145,8 +147,20 @@ func NormalRoutes() *web.Route {
                 r.Use(middle)
         }
  
-       r.Mount("/", web_routers.Routes())
-       r.Mount("/api/v1", apiv1.Routes())
+       sessioner := session.Sessioner(session.Options{
+               Provider:       setting.SessionConfig.Provider,
+               ProviderConfig: setting.SessionConfig.ProviderConfig,
+               CookieName:     setting.SessionConfig.CookieName,
+               CookiePath:     setting.SessionConfig.CookiePath,
+               Gclifetime:     setting.SessionConfig.Gclifetime,
+               Maxlifetime:    setting.SessionConfig.Maxlifetime,
+               Secure:         setting.SessionConfig.Secure,
+               SameSite:       setting.SessionConfig.SameSite,
+               Domain:         setting.SessionConfig.Domain,
+       })
+
+       r.Mount("/", web_routers.Routes(sessioner))
+       r.Mount("/api/v1", apiv1.Routes(sessioner))
         r.Mount("/api/internal", private.Routes())
         return r
  }
diff --git a/routers/web/web.go b/routers/web/web.go

index a88b66726a9b6ee1914cadf7efc1776255f2d123..8d984abcf2ed9b71cf1c4ffb2086c211760e7285 100644 (file)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -40,7 +40,6 @@ import (
         _ "code.gitea.io/gitea/modules/session"
  
         "gitea.com/go-chi/captcha"
-       "gitea.com/go-chi/session"
         "github.com/NYTimes/gziphandler"
         "github.com/go-chi/chi/middleware"
         "github.com/go-chi/cors"
@@ -72,7 +71,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
  }
  
  // Routes returns all web routes
-func Routes() *web.Route {
+func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
         routes := web.NewRoute()
  
         routes.Use(public.AssetsHandler(&public.Options{
@@ -81,17 +80,7 @@ func Routes() *web.Route {
                 CorsHandler: CorsHandler(),
         }))
  
-       routes.Use(session.Sessioner(session.Options{
-               Provider:       setting.SessionConfig.Provider,
-               ProviderConfig: setting.SessionConfig.ProviderConfig,
-               CookieName:     setting.SessionConfig.CookieName,
-               CookiePath:     setting.SessionConfig.CookiePath,
-               Gclifetime:     setting.SessionConfig.Gclifetime,
-               Maxlifetime:    setting.SessionConfig.Maxlifetime,
-               Secure:         setting.SessionConfig.Secure,
-               SameSite:       setting.SessionConfig.SameSite,
-               Domain:         setting.SessionConfig.Domain,
-       }))
+       routes.Use(sessioner)
  
         routes.Use(Recovery())
author	zeripath <art27@cantab.net>
	Sun, 12 Sep 2021 17:35:38 +0000 (18:35 +0100)
committer	GitHub <noreply@github.com>
	Sun, 12 Sep 2021 17:35:38 +0000 (19:35 +0200)
routers/api/v1/api.go		patch \| blob \| history
routers/init.go		patch \| blob \| history
routers/web/web.go		patch \| blob \| history