aboutsummaryrefslogtreecommitdiffstats
path: root/modules/session
Commit message (Collapse)AuthorAgeFilesLines
* Update redis library to support redis v7 (#24114)techknowlogick2023-04-131-1/+1
|
* Use Get/Set instead of Rename when Regenerate session id (#23975)wxiaoguang2023-04-071-4/+9
| | | | | | Do not use Rename here, because the old sid and new sid may be in different redis cluster slot. Fix #23869
* Update gitea-vet to check FSFE REUSE (#22004)Jason Song2022-12-021-0/+1
| | | | | | | | | | | | | Related to: - #21840 - https://gitea.com/gitea/gitea-vet/pulls/21 What it looks like when it's working: https://drone.gitea.io/go-gitea/gitea/64040/1/5 All available SPDX license identifiers: [SPDX License List](https://spdx.org/licenses/). Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Implement FSFE REUSE for golang files (#21840)flynnnnnnnnnn2022-11-273-6/+3
| | | | | | | | | Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* format with gofumpt (#18184)65432022-01-201-1/+0
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Refactor auth package (#17962)Lunny Xiao2022-01-021-8/+8
|
* Reset Session ID on login (#18018)zeripath2021-12-201-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Reset Session ID on login When logging in the SessionID should be reset and the session cleaned up. Signed-off-by: Andrew Thornton <art27@cantab.net> * with new session.RegenerateID function Signed-off-by: Andrew Thornton <art27@cantab.net> * update go-chi/session Signed-off-by: Andrew Thornton <art27@cantab.net> * Ensure that session id is changed after oauth data is set and between account linking pages too Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move session to models/login (#17338)Lunny Xiao2021-10-171-8/+8
| | | Move model/session.go to models/login
* Add an abstract json layout to make it's easier to change json library (#16528)Lunny Xiao2021-07-241-2/+2
| | | | | | | | | | | * Add an abstract json layout to make it's easier to change json library * Fix import * Fix import sequence * Fix blank lines * Fix blank lines
* Migrate to use jsoniter instead of encoding/json (#14841)zeripath2021-03-011-1/+2
| | | | | | | | | | * Migrate to use jsoniter * fix tests * update gitea.com/go-chi/binding Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Create DB session provider(based on xorm) (#13031)zeripath2021-02-152-0/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create Xorm session provider This PR creates a Xorm session provider which creates the appropriate Session table for macaron/session. Fix #7137 Signed-off-by: Andrew Thornton <art27@cantab.net> * extraneous l Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * use key instead of ID to be compatible with go-macaron/session Signed-off-by: Andrew Thornton <art27@cantab.net> * And change the migration too. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update spacing of imports Co-authored-by: 6543 <6543@obermui.de> * Update modules/session/xorm.go Co-authored-by: techknowlogick <matti@mdranta.net> * add xorm provider to the virtual provider Signed-off-by: Andrew Thornton <art27@cantab.net> * prep for master merge * prep for merge master * As per @lunny * move migration out of the way * Move to call this db session as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* [Vendor] Update go-redis to v8.5.0 (#13749)65432021-02-101-11/+16
| | | | | | | | | | | | | | | | | | | | | * Update go-redis to v8.4.0 * github.com/go-redis/redis/v8 v8.4.0 -> v8.5.0 * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * TODO * Use the Queue termination channel as the default context for pushes Signed-off-by: Andrew Thornton <art27@cantab.net> * missed one Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Move macaron to chi (#14293)Lunny Xiao2021-01-263-9/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Allow common redis and leveldb connections (#12385)zeripath2020-09-282-2/+217
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow common redis and leveldb connections Prevents multiple reopening of redis and leveldb connections to the same place by sharing connections. Further allows for more configurable redis connection type using the redisURI and a leveldbURI scheme. Signed-off-by: Andrew Thornton <art27@cantab.net> * add unit-test Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> * add test Signed-off-by: Andrew Thornton <art27@cantab.net> * Update modules/cache/cache_redis.go * Update modules/queue/queue_disk.go * Update modules/cache/cache_redis.go * Update modules/cache/cache_redis.go * Update modules/queue/unique_queue_disk.go * Update modules/queue/queue_disk.go * Update modules/queue/unique_queue_disk.go * Update modules/session/redis.go Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* When reading expired sessions - expire them (#12686)zeripath2020-09-022-218/+1
| | | | | | | | | | | | | | | * When reading expired sessions - expire them Update to latest macaron/session following merge of https://gitea.com/macaron/session/pulls/11 Also remove old memory provider as 11 updates the memory provider to make it unnecessary. Signed-off-by: Andrew Thornton <art27@cantab.net> * and macaron/session/pulls/12 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent (caught) panic on login (#11590)zeripath2020-05-231-6/+14
| | | | | | | | | | | | | | | | Unfortunately when the virtual session is released it requires that the real session does not exist. This worked fine when sessions were only saved at the end of request/response cycle however, now sessions are saved proactively this does not hold. The result is a caught panic in the logs during every log-in. This panic has no significant side-effects but should not occur. This PR marks the virtual session as released when released and updates it if the same session is released again. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Use gitea forked macaron (#7933)Tamal Saha2019-08-232-14/+14
| | | Signed-off-by: Tamal Saha <tamal@appscode.com>
* Add golangci (#6418)kolaente2019-06-121-4/+2
|
* Unfortunately MemProvider Init does not actually Init properly (#6692)zeripath2019-04-202-1/+218
| | | | | | | | | | | * Unfortunately MemProvider Init does not actually Init properly Worse all of its members are private and you cannot update them. Simple fix copy it in to modules session. Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix misspelling
* Prevent creating empty sessions (#6677)zeripath2019-04-201-0/+193
* Prevent creating empty sessions Signed-off-by: Andrew Thornton <art27@cantab.net> * Update modules/setting/session.go * Remove unnecessary option Signed-off-by: Andrew Thornton <art27@cantab.net> * Add destory to list of ignored misspellings * rename cookie.go -> virtual.go * Delete old file * Add test to ensure that sessions are not created without being logged in Signed-off-by: Andrew Thornton <art27@cantab.net> * fix tests Signed-off-by: Andrew Thornton <art27@cantab.net> * Update integrations/create_no_session_test.go