Use common sessioner for API and web routes (#18114)

* Use common sessioner for API and web routes Since the regenerate session ID PR some users of the memory session provider have been reporting difficulties with getting API results. I am uncertain as to why this is happening - but I think that the sessioner being created twice may be a potential cause for this. Therefore this PR attempts to move this out to a common sessioner as it is in 1.16. Fix #18070 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update routers/init.go
2025-08-13 13:08:19 +00:00 · 2021-12-28 22:15:01 +00:00
parent 353d88a42e
commit de3216ee55
3 changed files with 20 additions and 28 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -87,7 +87,6 @@ import (
 	"code.gitea.io/gitea/services/forms"

 	"gitea.com/go-chi/binding"
-	"gitea.com/go-chi/session"
 	"github.com/go-chi/cors"
 )

@@ -547,20 +546,10 @@ func bind(obj interface{}) http.HandlerFunc {
 }

 // Routes registers all v1 APIs routes to web application.
-func Routes() *web.Route {
+func Routes(sessioner func(next http.Handler) http.Handler) *web.Route {
 	var m = web.NewRoute()

-	m.Use(session.Sessioner(session.Options{
-		Provider:       setting.SessionConfig.Provider,
-		ProviderConfig: setting.SessionConfig.ProviderConfig,
-		CookieName:     setting.SessionConfig.CookieName,
-		CookiePath:     setting.SessionConfig.CookiePath,
-		Gclifetime:     setting.SessionConfig.Gclifetime,
-		Maxlifetime:    setting.SessionConfig.Maxlifetime,
-		Secure:         setting.SessionConfig.Secure,
-		SameSite:       setting.SessionConfig.SameSite,
-		Domain:         setting.SessionConfig.Domain,
-	}))
+	m.Use(sessioner)
 	m.Use(securityHeaders())
 	if setting.CORSConfig.Enabled {
 		m.Use(cors.Handler(cors.Options{