mirror of
				https://github.com/go-gitea/gitea
				synced 2025-10-26 17:08:25 +00:00 
			
		
		
		
	Use common sessioner for API and Web (#17027)
* Use common sessioner for API and Web Instead of creating separate sessioner and doubly initialising the provider just use the same sessioner for the API and Web routes. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		| @@ -87,7 +87,6 @@ import ( | ||||
| 	"code.gitea.io/gitea/services/forms" | ||||
|  | ||||
| 	"gitea.com/go-chi/binding" | ||||
| 	"gitea.com/go-chi/session" | ||||
| 	"github.com/go-chi/cors" | ||||
| ) | ||||
|  | ||||
| @@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc { | ||||
| } | ||||
|  | ||||
| // Routes registers all v1 APIs routes to web application. | ||||
| func Routes() *web.Route { | ||||
| func Routes(sessioner func(http.Handler) http.Handler) *web.Route { | ||||
| 	var m = web.NewRoute() | ||||
|  | ||||
| 	m.Use(session.Sessioner(session.Options{ | ||||
| 		Provider:       setting.SessionConfig.Provider, | ||||
| 		ProviderConfig: setting.SessionConfig.ProviderConfig, | ||||
| 		CookieName:     setting.SessionConfig.CookieName, | ||||
| 		CookiePath:     setting.SessionConfig.CookiePath, | ||||
| 		Gclifetime:     setting.SessionConfig.Gclifetime, | ||||
| 		Maxlifetime:    setting.SessionConfig.Maxlifetime, | ||||
| 		Secure:         setting.SessionConfig.Secure, | ||||
| 		SameSite:       setting.SessionConfig.SameSite, | ||||
| 		Domain:         setting.SessionConfig.Domain, | ||||
| 	})) | ||||
| 	m.Use(sessioner) | ||||
|  | ||||
| 	m.Use(securityHeaders()) | ||||
| 	if setting.CORSConfig.Enabled { | ||||
| 		m.Use(cors.Handler(cors.Options{ | ||||
|   | ||||
| @@ -41,6 +41,8 @@ import ( | ||||
| 	pull_service "code.gitea.io/gitea/services/pull" | ||||
| 	"code.gitea.io/gitea/services/repository" | ||||
| 	"code.gitea.io/gitea/services/webhook" | ||||
|  | ||||
| 	"gitea.com/go-chi/session" | ||||
| ) | ||||
|  | ||||
| // NewServices init new services | ||||
| @@ -145,8 +147,20 @@ func NormalRoutes() *web.Route { | ||||
| 		r.Use(middle) | ||||
| 	} | ||||
|  | ||||
| 	r.Mount("/", web_routers.Routes()) | ||||
| 	r.Mount("/api/v1", apiv1.Routes()) | ||||
| 	sessioner := session.Sessioner(session.Options{ | ||||
| 		Provider:       setting.SessionConfig.Provider, | ||||
| 		ProviderConfig: setting.SessionConfig.ProviderConfig, | ||||
| 		CookieName:     setting.SessionConfig.CookieName, | ||||
| 		CookiePath:     setting.SessionConfig.CookiePath, | ||||
| 		Gclifetime:     setting.SessionConfig.Gclifetime, | ||||
| 		Maxlifetime:    setting.SessionConfig.Maxlifetime, | ||||
| 		Secure:         setting.SessionConfig.Secure, | ||||
| 		SameSite:       setting.SessionConfig.SameSite, | ||||
| 		Domain:         setting.SessionConfig.Domain, | ||||
| 	}) | ||||
|  | ||||
| 	r.Mount("/", web_routers.Routes(sessioner)) | ||||
| 	r.Mount("/api/v1", apiv1.Routes(sessioner)) | ||||
| 	r.Mount("/api/internal", private.Routes()) | ||||
| 	return r | ||||
| } | ||||
|   | ||||
| @@ -40,7 +40,6 @@ import ( | ||||
| 	_ "code.gitea.io/gitea/modules/session" | ||||
|  | ||||
| 	"gitea.com/go-chi/captcha" | ||||
| 	"gitea.com/go-chi/session" | ||||
| 	"github.com/NYTimes/gziphandler" | ||||
| 	"github.com/go-chi/chi/middleware" | ||||
| 	"github.com/go-chi/cors" | ||||
| @@ -72,7 +71,7 @@ func CorsHandler() func(next http.Handler) http.Handler { | ||||
| } | ||||
|  | ||||
| // Routes returns all web routes | ||||
| func Routes() *web.Route { | ||||
| func Routes(sessioner func(http.Handler) http.Handler) *web.Route { | ||||
| 	routes := web.NewRoute() | ||||
|  | ||||
| 	routes.Use(public.AssetsHandler(&public.Options{ | ||||
| @@ -81,17 +80,7 @@ func Routes() *web.Route { | ||||
| 		CorsHandler: CorsHandler(), | ||||
| 	})) | ||||
|  | ||||
| 	routes.Use(session.Sessioner(session.Options{ | ||||
| 		Provider:       setting.SessionConfig.Provider, | ||||
| 		ProviderConfig: setting.SessionConfig.ProviderConfig, | ||||
| 		CookieName:     setting.SessionConfig.CookieName, | ||||
| 		CookiePath:     setting.SessionConfig.CookiePath, | ||||
| 		Gclifetime:     setting.SessionConfig.Gclifetime, | ||||
| 		Maxlifetime:    setting.SessionConfig.Maxlifetime, | ||||
| 		Secure:         setting.SessionConfig.Secure, | ||||
| 		SameSite:       setting.SessionConfig.SameSite, | ||||
| 		Domain:         setting.SessionConfig.Domain, | ||||
| 	})) | ||||
| 	routes.Use(sessioner) | ||||
|  | ||||
| 	routes.Use(Recovery()) | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user