aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-09-12 18:35:38 +0100
committerGitHub <noreply@github.com>2021-09-12 19:35:38 +0200
commita334a95a3c7f97b2a60fc87f5ada5ce139b07ffe (patch)
tree2ed19779dd010ddd8bfda8598460ff46c0dd3865 /routers
parentaac7f68af1a145fc772c018ed98f34b1af34b637 (diff)
downloadgitea-a334a95a3c7f97b2a60fc87f5ada5ce139b07ffe.tar.gz
gitea-a334a95a3c7f97b2a60fc87f5ada5ce139b07ffe.zip
Use common sessioner for API and Web (#17027)
* Use common sessioner for API and Web Instead of creating separate sessioner and doubly initialising the provider just use the same sessioner for the API and Web routes. Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/api.go16
-rw-r--r--routers/init.go18
-rw-r--r--routers/web/web.go15
3 files changed, 21 insertions, 28 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index e74ff40995..d859642c42 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -87,7 +87,6 @@ import (
"code.gitea.io/gitea/services/forms"
"gitea.com/go-chi/binding"
- "gitea.com/go-chi/session"
"github.com/go-chi/cors"
)
@@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc {
}
// Routes registers all v1 APIs routes to web application.
-func Routes() *web.Route {
+func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
var m = web.NewRoute()
- m.Use(session.Sessioner(session.Options{
- Provider: setting.SessionConfig.Provider,
- ProviderConfig: setting.SessionConfig.ProviderConfig,
- CookieName: setting.SessionConfig.CookieName,
- CookiePath: setting.SessionConfig.CookiePath,
- Gclifetime: setting.SessionConfig.Gclifetime,
- Maxlifetime: setting.SessionConfig.Maxlifetime,
- Secure: setting.SessionConfig.Secure,
- SameSite: setting.SessionConfig.SameSite,
- Domain: setting.SessionConfig.Domain,
- }))
+ m.Use(sessioner)
+
m.Use(securityHeaders())
if setting.CORSConfig.Enabled {
m.Use(cors.Handler(cors.Options{
diff --git a/routers/init.go b/routers/init.go
index 27cd066b73..fe89c738ef 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -41,6 +41,8 @@ import (
pull_service "code.gitea.io/gitea/services/pull"
"code.gitea.io/gitea/services/repository"
"code.gitea.io/gitea/services/webhook"
+
+ "gitea.com/go-chi/session"
)
// NewServices init new services
@@ -145,8 +147,20 @@ func NormalRoutes() *web.Route {
r.Use(middle)
}
- r.Mount("/", web_routers.Routes())
- r.Mount("/api/v1", apiv1.Routes())
+ sessioner := session.Sessioner(session.Options{
+ Provider: setting.SessionConfig.Provider,
+ ProviderConfig: setting.SessionConfig.ProviderConfig,
+ CookieName: setting.SessionConfig.CookieName,
+ CookiePath: setting.SessionConfig.CookiePath,
+ Gclifetime: setting.SessionConfig.Gclifetime,
+ Maxlifetime: setting.SessionConfig.Maxlifetime,
+ Secure: setting.SessionConfig.Secure,
+ SameSite: setting.SessionConfig.SameSite,
+ Domain: setting.SessionConfig.Domain,
+ })
+
+ r.Mount("/", web_routers.Routes(sessioner))
+ r.Mount("/api/v1", apiv1.Routes(sessioner))
r.Mount("/api/internal", private.Routes())
return r
}
diff --git a/routers/web/web.go b/routers/web/web.go
index a88b66726a..8d984abcf2 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -40,7 +40,6 @@ import (
_ "code.gitea.io/gitea/modules/session"
"gitea.com/go-chi/captcha"
- "gitea.com/go-chi/session"
"github.com/NYTimes/gziphandler"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/cors"
@@ -72,7 +71,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
}
// Routes returns all web routes
-func Routes() *web.Route {
+func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
routes := web.NewRoute()
routes.Use(public.AssetsHandler(&public.Options{
@@ -81,17 +80,7 @@ func Routes() *web.Route {
CorsHandler: CorsHandler(),
}))
- routes.Use(session.Sessioner(session.Options{
- Provider: setting.SessionConfig.Provider,
- ProviderConfig: setting.SessionConfig.ProviderConfig,
- CookieName: setting.SessionConfig.CookieName,
- CookiePath: setting.SessionConfig.CookiePath,
- Gclifetime: setting.SessionConfig.Gclifetime,
- Maxlifetime: setting.SessionConfig.Maxlifetime,
- Secure: setting.SessionConfig.Secure,
- SameSite: setting.SessionConfig.SameSite,
- Domain: setting.SessionConfig.Domain,
- }))
+ routes.Use(sessioner)
routes.Use(Recovery())