diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-04-08 12:22:10 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-08 06:22:10 +0200 |
| commit | 3c3d49899f0f7206e190bdeecdc4da248cc7e686 (patch) | |
| tree | 7d1f57f7655142b47b5adeb197943c74c1e6f8c9 /routers/web/web.go | |
| parent | 75f8534c3a8678f4b55e557960450230cf909b93 (diff) | |
| download | gitea-3c3d49899f0f7206e190bdeecdc4da248cc7e686.tar.gz gitea-3c3d49899f0f7206e190bdeecdc4da248cc7e686.zip | |
Remove dependent on session auth for api/v1 routers (#19321)
* Remove dependent on session auth for api/v1 routers
* Remove unnecessary session on API context
* remove missed header
* fix test
* fix missed api/v1
Diffstat (limited to 'routers/web/web.go')
| -rw-r--r-- | routers/web/web.go | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/routers/web/web.go b/routers/web/web.go index 9a2e96aeec..190ab099e0 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -25,13 +25,13 @@ import ( "code.gitea.io/gitea/modules/validation" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web/routing" - "code.gitea.io/gitea/routers/api/v1/misc" "code.gitea.io/gitea/routers/web/admin" "code.gitea.io/gitea/routers/web/auth" "code.gitea.io/gitea/routers/web/dev" "code.gitea.io/gitea/routers/web/events" "code.gitea.io/gitea/routers/web/explore" "code.gitea.io/gitea/routers/web/feed" + "code.gitea.io/gitea/routers/web/misc" "code.gitea.io/gitea/routers/web/org" "code.gitea.io/gitea/routers/web/repo" "code.gitea.io/gitea/routers/web/user" @@ -46,6 +46,7 @@ import ( _ "code.gitea.io/gitea/modules/session" // to registers all internal adapters "gitea.com/go-chi/captcha" + "gitea.com/go-chi/session" "github.com/NYTimes/gziphandler" "github.com/go-chi/chi/v5/middleware" "github.com/go-chi/cors" @@ -85,7 +86,7 @@ func buildAuthGroup() *auth_service.Group { group := auth_service.NewGroup( &auth_service.OAuth2{}, // FIXME: this should be removed and only applied in download and oauth realted routers &auth_service.Basic{}, // FIXME: this should be removed and only applied in download and git/lfs routers - auth_service.SharedSession, + &auth_service.Session{}, ) if setting.Service.EnableReverseProxyAuth { group.Add(&auth_service.ReverseProxy{}) @@ -96,7 +97,7 @@ func buildAuthGroup() *auth_service.Group { } // Routes returns all web routes -func Routes(sessioner func(http.Handler) http.Handler) *web.Route { +func Routes() *web.Route { routes := web.NewRoute() routes.Use(web.WrapWithPrefix(public.AssetsURLPathPrefix, public.AssetsHandlerFunc(&public.Options{ @@ -105,6 +106,17 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route { CorsHandler: CorsHandler(), }), "AssetsHandler")) + sessioner := session.Sessioner(session.Options{ + Provider: setting.SessionConfig.Provider, + ProviderConfig: setting.SessionConfig.ProviderConfig, + CookieName: setting.SessionConfig.CookieName, + CookiePath: setting.SessionConfig.CookiePath, + Gclifetime: setting.SessionConfig.Gclifetime, + Maxlifetime: setting.SessionConfig.Maxlifetime, + Secure: setting.SessionConfig.Secure, + SameSite: setting.SessionConfig.SameSite, + Domain: setting.SessionConfig.Domain, + }) routes.Use(sessioner) routes.Use(Recovery()) @@ -878,6 +890,7 @@ func RegisterRoutes(m *web.Route) { m.Group("/comments/{id}", func() { m.Get("/attachments", repo.GetCommentAttachments) }) + m.Post("/markdown", bindIgnErr(structs.MarkdownOption{}), misc.Markdown) m.Group("/labels", func() { m.Post("/new", bindIgnErr(forms.CreateLabelForm{}), repo.NewLabel) m.Post("/edit", bindIgnErr(forms.CreateLabelForm{}), repo.UpdateLabel) |