mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Improve template system and panic recovery (#24461)
Partially for #24457 Major changes: 1. The old `signedUserNameStringPointerKey` is quite hacky, use `ctx.Data[SignedUser]` instead 2. Move duplicate code from `Contexter` to `CommonTemplateContextData` 3. Remove incorrect copying&pasting code `ctx.Data["Err_Password"] = true` in API handlers 4. Use one unique `RenderPanicErrorPage` for panic error page rendering 5. Move `stripSlashesMiddleware` to be the first middleware 6. Install global panic recovery handler, it works for both `install` and `web` 7. Make `500.tmpl` only depend minimal template functions/variables, avoid triggering new panics Screenshot: <details>  </details>
This commit is contained in:
wxiaoguang
GitHub
@@ -4,7 +4,6 @@
|
||||
package web
|
||||
|
||||
import (
|
||||
goctx "context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
@@ -13,18 +12,12 @@ import (
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/httpcache"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/storage"
|
||||
"code.gitea.io/gitea/modules/templates"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
"code.gitea.io/gitea/modules/web/routing"
|
||||
"code.gitea.io/gitea/services/auth"
|
||||
|
||||
"gitea.com/go-chi/session"
|
||||
)
|
||||
|
||||
func storageHandler(storageSetting setting.Storage, prefix string, objStore storage.ObjectStorage) func(next http.Handler) http.Handler {
|
||||
@@ -110,62 +103,3 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
type dataStore map[string]interface{}
|
||||
|
||||
func (d *dataStore) GetData() map[string]interface{} {
|
||||
return *d
|
||||
}
|
||||
|
||||
// RecoveryWith500Page returns a middleware that recovers from any panics and writes a 500 and a log if so.
|
||||
// This error will be created with the gitea 500 page.
|
||||
func RecoveryWith500Page(ctx goctx.Context) func(next http.Handler) http.Handler {
|
||||
rnd := templates.HTMLRenderer()
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
routing.UpdatePanicError(req.Context(), err)
|
||||
combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2))
|
||||
log.Error("%s", combinedErr)
|
||||
|
||||
sessionStore := session.GetSession(req)
|
||||
|
||||
lc := middleware.Locale(w, req)
|
||||
store := dataStore{
|
||||
"Language": lc.Language(),
|
||||
"CurrentURL": setting.AppSubURL + req.URL.RequestURI(),
|
||||
"locale": lc,
|
||||
}
|
||||
|
||||
// TODO: this recovery handler is usually called without Gitea's web context, so we shouldn't touch that context too much
|
||||
// Otherwise, the 500 page may cause new panics, eg: cache.GetContextWithData, it makes the developer&users couldn't find the original panic
|
||||
user := context.GetContextUser(req) // almost always nil
|
||||
if user == nil {
|
||||
// Get user from session if logged in - do not attempt to sign-in
|
||||
user = auth.SessionUser(sessionStore)
|
||||
}
|
||||
|
||||
httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
|
||||
w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||
|
||||
if !setting.IsProd || (user != nil && user.IsAdmin) {
|
||||
store["ErrorMsg"] = combinedErr
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
log.Error("HTML render in Recovery handler panics again: %v", err)
|
||||
}
|
||||
}()
|
||||
err = rnd.HTML(w, http.StatusInternalServerError, "status/500", templates.BaseVars().Merge(store))
|
||||
if err != nil {
|
||||
log.Error("HTML render in Recovery handler fails again: %v", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
next.ServeHTTP(w, req)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,38 +116,34 @@ func Routes(ctx gocontext.Context) *web.Route {
|
||||
|
||||
_ = templates.HTMLRenderer()
|
||||
|
||||
common := []any{
|
||||
common.Sessioner(),
|
||||
RecoveryWith500Page(ctx),
|
||||
}
|
||||
var mid []any
|
||||
|
||||
if setting.EnableGzip {
|
||||
h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize))
|
||||
if err != nil {
|
||||
log.Fatal("GzipHandlerWithOpts failed: %v", err)
|
||||
}
|
||||
common = append(common, h)
|
||||
mid = append(mid, h)
|
||||
}
|
||||
|
||||
if setting.Service.EnableCaptcha {
|
||||
// The captcha http.Handler should only fire on /captcha/* so we can just mount this on that url
|
||||
routes.RouteMethods("/captcha/*", "GET,HEAD", append(common, captcha.Captchaer(context.GetImageCaptcha()))...)
|
||||
routes.RouteMethods("/captcha/*", "GET,HEAD", append(mid, captcha.Captchaer(context.GetImageCaptcha()))...)
|
||||
}
|
||||
|
||||
if setting.HasRobotsTxt {
|
||||
routes.Get("/robots.txt", append(common, misc.RobotsTxt)...)
|
||||
routes.Get("/robots.txt", append(mid, misc.RobotsTxt)...)
|
||||
}
|
||||
|
||||
// prometheus metrics endpoint - do not need to go through contexter
|
||||
if setting.Metrics.Enabled {
|
||||
prometheus.MustRegister(metrics.NewCollector())
|
||||
routes.Get("/metrics", append(common, Metrics)...)
|
||||
routes.Get("/metrics", append(mid, Metrics)...)
|
||||
}
|
||||
|
||||
routes.Get("/ssh_info", misc.SSHInfo)
|
||||
routes.Get("/api/healthz", healthcheck.Check)
|
||||
|
||||
common = append(common, context.Contexter(ctx))
|
||||
mid = append(mid, common.Sessioner(), context.Contexter())
|
||||
|
||||
group := buildAuthGroup()
|
||||
if err := group.Init(ctx); err != nil {
|
||||
@@ -155,23 +151,23 @@ func Routes(ctx gocontext.Context) *web.Route {
|
||||
}
|
||||
|
||||
// Get user from session if logged in.
|
||||
common = append(common, auth_service.Auth(group))
|
||||
mid = append(mid, auth_service.Auth(group))
|
||||
|
||||
// GetHead allows a HEAD request redirect to GET if HEAD method is not defined for that route
|
||||
common = append(common, middleware.GetHead)
|
||||
mid = append(mid, middleware.GetHead)
|
||||
|
||||
if setting.API.EnableSwagger {
|
||||
// Note: The route is here but no in API routes because it renders a web page
|
||||
routes.Get("/api/swagger", append(common, misc.Swagger)...) // Render V1 by default
|
||||
routes.Get("/api/swagger", append(mid, misc.Swagger)...) // Render V1 by default
|
||||
}
|
||||
|
||||
// TODO: These really seem like things that could be folded into Contexter or as helper functions
|
||||
common = append(common, user.GetNotificationCount)
|
||||
common = append(common, repo.GetActiveStopwatch)
|
||||
common = append(common, goGet)
|
||||
mid = append(mid, user.GetNotificationCount)
|
||||
mid = append(mid, repo.GetActiveStopwatch)
|
||||
mid = append(mid, goGet)
|
||||
|
||||
others := web.NewRoute()
|
||||
others.Use(common...)
|
||||
others.Use(mid...)
|
||||
registerRoutes(others)
|
||||
routes.Mount("", others)
|
||||
return routes
|
||||
|
||||
Reference in New Issue
Block a user