* Use common sessioner for API and Web Instead of creating separate sessioner and doubly initialising the provider just use the same sessioner for the API and Web routes. Signed-off-by: Andrew Thornton <art27@cantab.net>tags/v1.16.0-rc1
@@ -87,7 +87,6 @@ import ( | |||
"code.gitea.io/gitea/services/forms" | |||
"gitea.com/go-chi/binding" | |||
"gitea.com/go-chi/session" | |||
"github.com/go-chi/cors" | |||
) | |||
@@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc { | |||
} | |||
// Routes registers all v1 APIs routes to web application. | |||
func Routes() *web.Route { | |||
func Routes(sessioner func(http.Handler) http.Handler) *web.Route { | |||
var m = web.NewRoute() | |||
m.Use(session.Sessioner(session.Options{ | |||
Provider: setting.SessionConfig.Provider, | |||
ProviderConfig: setting.SessionConfig.ProviderConfig, | |||
CookieName: setting.SessionConfig.CookieName, | |||
CookiePath: setting.SessionConfig.CookiePath, | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
})) | |||
m.Use(sessioner) | |||
m.Use(securityHeaders()) | |||
if setting.CORSConfig.Enabled { | |||
m.Use(cors.Handler(cors.Options{ |
@@ -41,6 +41,8 @@ import ( | |||
pull_service "code.gitea.io/gitea/services/pull" | |||
"code.gitea.io/gitea/services/repository" | |||
"code.gitea.io/gitea/services/webhook" | |||
"gitea.com/go-chi/session" | |||
) | |||
// NewServices init new services | |||
@@ -145,8 +147,20 @@ func NormalRoutes() *web.Route { | |||
r.Use(middle) | |||
} | |||
r.Mount("/", web_routers.Routes()) | |||
r.Mount("/api/v1", apiv1.Routes()) | |||
sessioner := session.Sessioner(session.Options{ | |||
Provider: setting.SessionConfig.Provider, | |||
ProviderConfig: setting.SessionConfig.ProviderConfig, | |||
CookieName: setting.SessionConfig.CookieName, | |||
CookiePath: setting.SessionConfig.CookiePath, | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
}) | |||
r.Mount("/", web_routers.Routes(sessioner)) | |||
r.Mount("/api/v1", apiv1.Routes(sessioner)) | |||
r.Mount("/api/internal", private.Routes()) | |||
return r | |||
} |
@@ -40,7 +40,6 @@ import ( | |||
_ "code.gitea.io/gitea/modules/session" | |||
"gitea.com/go-chi/captcha" | |||
"gitea.com/go-chi/session" | |||
"github.com/NYTimes/gziphandler" | |||
"github.com/go-chi/chi/middleware" | |||
"github.com/go-chi/cors" | |||
@@ -72,7 +71,7 @@ func CorsHandler() func(next http.Handler) http.Handler { | |||
} | |||
// Routes returns all web routes | |||
func Routes() *web.Route { | |||
func Routes(sessioner func(http.Handler) http.Handler) *web.Route { | |||
routes := web.NewRoute() | |||
routes.Use(public.AssetsHandler(&public.Options{ | |||
@@ -81,17 +80,7 @@ func Routes() *web.Route { | |||
CorsHandler: CorsHandler(), | |||
})) | |||
routes.Use(session.Sessioner(session.Options{ | |||
Provider: setting.SessionConfig.Provider, | |||
ProviderConfig: setting.SessionConfig.ProviderConfig, | |||
CookieName: setting.SessionConfig.CookieName, | |||
CookiePath: setting.SessionConfig.CookiePath, | |||
Gclifetime: setting.SessionConfig.Gclifetime, | |||
Maxlifetime: setting.SessionConfig.Maxlifetime, | |||
Secure: setting.SessionConfig.Secure, | |||
SameSite: setting.SessionConfig.SameSite, | |||
Domain: setting.SessionConfig.Domain, | |||
})) | |||
routes.Use(sessioner) | |||
routes.Use(Recovery()) | |||