Fix session bug when introduce chi (#14287)

* Update go-chi session

6 files changed, 30 insertions, 12 deletions

diff --git a/go.mod b/go.mod
index 0d1ebc1915..b736a73023 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.14
 require (
 	code.gitea.io/gitea-vet v0.2.1
 	code.gitea.io/sdk/gitea v0.13.1
-	gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27
+	gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
 	gitea.com/lunny/levelqueue v0.3.0
 	gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b
 	gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b
diff --git a/go.sum b/go.sum
index ad51f4c67a..d90bdc20bb 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFj
 code.gitea.io/sdk/gitea v0.13.1 h1:Y7bpH2iO6Q0KhhMJfjP/LZ0AmiYITeRQlCD8b0oYqhk=
 code.gitea.io/sdk/gitea v0.13.1/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27 h1:cdb1OTNXGLwQ55gg+9tIPWufdsnrHWcIq8Qs+j/E8JU=
-gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0=
+gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee h1:9U6HuKUBt/cGK6T/64dEuz0r7Yp97WAAEJvXHDlY3ws=
+gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0=
 gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I=
 gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/lunny/log v0.0.0-20190322053110-01b5df579c4e h1:r1en/D7xJmcY24VkHkjkcJFa+7ZWubVWPBrvsHkmHxk=
diff --git a/routers/routes/chi.go b/routers/routes/chi.go
index c0ac88957e..6e609fc2f8 100644
--- a/routers/routes/chi.go
+++ b/routers/routes/chi.go
@@ -176,6 +176,10 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
 	}
 }
 
+var (
+	sessionManager *session.Manager
+)
+
 // NewChi creates a chi Router
 func NewChi() chi.Router {
 	c := chi.NewRouter()
@@ -185,7 +189,8 @@ func NewChi() chi.Router {
 			c.Use(LoggerHandler(setting.RouterLogLevel))
 		}
 	}
-	c.Use(session.Sessioner(session.Options{
+
+	var opt = session.Options{
 		Provider:       setting.SessionConfig.Provider,
 		ProviderConfig: setting.SessionConfig.ProviderConfig,
 		CookieName:     setting.SessionConfig.CookieName,
@@ -194,7 +199,14 @@ func NewChi() chi.Router {
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
 		Domain:         setting.SessionConfig.Domain,
-	}))
+	}
+	opt = session.PrepareOptions([]session.Options{opt})
+
+	var err error
+	sessionManager, err = session.NewManager(opt.Provider, opt)
+	if err != nil {
+		panic(err)
+	}
 
 	c.Use(Recovery())
 	if setting.EnableAccessLog {
diff --git a/routers/routes/recovery.go b/routers/routes/recovery.go
index cf4b1a8d84..f392d1d553 100644
--- a/routers/routes/recovery.go
+++ b/routers/routes/recovery.go
@@ -14,7 +14,6 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 
-	"gitea.com/go-chi/session"
 	"github.com/unrolled/render"
 )
 
@@ -64,7 +63,13 @@ func Recovery() func(next http.Handler) http.Handler {
 					log.Error("%v", combinedErr)
 
 					lc := middlewares.Locale(w, req)
-					sess := session.GetSession(req)
+
+					// TODO: this should be replaced by real session after macaron removed totally
+					sessionStore, err := sessionManager.Start(w, req)
+					if err != nil {
+						// Just invoke the above recover catch
+						panic("session(start): " + err.Error())
+					}
 
 					var store = dataStore{
 						Data: templates.Vars{
@@ -75,7 +80,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					}
 
 					// Get user from session if logged in.
-					user, _ := sso.SignedInUser(req, w, &store, sess)
+					user, _ := sso.SignedInUser(req, w, &store, sessionStore)
 					if user != nil {
 						store.Data["IsSigned"] = true
 						store.Data["SignedUser"] = user
@@ -92,7 +97,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					if setting.RunMode != "prod" {
 						store.Data["ErrMsg"] = combinedErr
 					}
-					err := rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
+					err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
 					if err != nil {
 						log.Error("%v", err)
 					}
diff --git a/vendor/gitea.com/go-chi/session/session.go b/vendor/gitea.com/go-chi/session/session.go
index 97eb5ad365..475612ffb1 100644
--- a/vendor/gitea.com/go-chi/session/session.go
+++ b/vendor/gitea.com/go-chi/session/session.go
@@ -101,7 +101,8 @@ type Options struct {
 	FlashEncryptionKey string
 }
 
-func prepareOptions(options []Options) Options {
+// PrepareOptions gives some default values for options
+func PrepareOptions(options []Options) Options {
 	var opt Options
 	if len(options) > 0 {
 		opt = options[0]
@@ -231,7 +232,7 @@ func NewCookie(name string, value string, others ...interface{}) *http.Cookie {
 // Sessioner is a middleware that maps a session.SessionStore service into the Macaron handler chain.
 // An single variadic session.Options struct can be optionally provided to configure.
 func Sessioner(options ...Options) func(next http.Handler) http.Handler {
-	opt := prepareOptions(options)
+	opt := PrepareOptions(options)
 	manager, err := NewManager(opt.Provider, opt)
 	if err != nil {
 		panic(err)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 426b0dc947..5dffe2e52e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -7,7 +7,7 @@ code.gitea.io/gitea-vet/checks
 # code.gitea.io/sdk/gitea v0.13.1
 ## explicit
 code.gitea.io/sdk/gitea
-# gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27
+# gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
 ## explicit
 gitea.com/go-chi/session
 gitea.com/go-chi/session/couchbase