From de3216ee5590636747ad3a7cd8b4c1a8837b5b40 Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 28 Dec 2021 22:15:01 +0000 Subject: [PATCH] Use common sessioner for API and web routes (#18114) * Use common sessioner for API and web routes Since the regenerate session ID PR some users of the memory session provider have been reporting difficulties with getting API results. I am uncertain as to why this is happening - but I think that the sessioner being created twice may be a potential cause for this. Therefore this PR attempts to move this out to a common sessioner as it is in 1.16. Fix #18070 Signed-off-by: Andrew Thornton * Update routers/init.go --- routers/api/v1/api.go | 15 ++------------- routers/init.go | 18 ++++++++++++++++-- routers/web/web.go | 15 ++------------- 3 files changed, 20 insertions(+), 28 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 62452f6580..6f6609be3c 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -87,7 +87,6 @@ import ( "code.gitea.io/gitea/services/forms" "gitea.com/go-chi/binding" - "gitea.com/go-chi/session" "github.com/go-chi/cors" ) @@ -547,20 +546,10 @@ func bind(obj interface{}) http.HandlerFunc { } // Routes registers all v1 APIs routes to web application. -func Routes() *web.Route { +func Routes(sessioner func(next http.Handler) http.Handler) *web.Route { var m = web.NewRoute() - m.Use(session.Sessioner(session.Options{ - Provider: setting.SessionConfig.Provider, - ProviderConfig: setting.SessionConfig.ProviderConfig, - CookieName: setting.SessionConfig.CookieName, - CookiePath: setting.SessionConfig.CookiePath, - Gclifetime: setting.SessionConfig.Gclifetime, - Maxlifetime: setting.SessionConfig.Maxlifetime, - Secure: setting.SessionConfig.Secure, - SameSite: setting.SessionConfig.SameSite, - Domain: setting.SessionConfig.Domain, - })) + m.Use(sessioner) m.Use(securityHeaders()) if setting.CORSConfig.Enabled { m.Use(cors.Handler(cors.Options{ diff --git a/routers/init.go b/routers/init.go index 3ee7c73572..9addd22261 100644 --- a/routers/init.go +++ b/routers/init.go @@ -40,6 +40,8 @@ import ( pull_service "code.gitea.io/gitea/services/pull" "code.gitea.io/gitea/services/repository" "code.gitea.io/gitea/services/webhook" + + "gitea.com/go-chi/session" ) // NewServices init new services @@ -144,8 +146,20 @@ func NormalRoutes() *web.Route { r.Use(middle) } - r.Mount("/", web_routers.Routes()) - r.Mount("/api/v1", apiv1.Routes()) + sessioner := session.Sessioner(session.Options{ + Provider: setting.SessionConfig.Provider, + ProviderConfig: setting.SessionConfig.ProviderConfig, + CookieName: setting.SessionConfig.CookieName, + CookiePath: setting.SessionConfig.CookiePath, + Gclifetime: setting.SessionConfig.Gclifetime, + Maxlifetime: setting.SessionConfig.Maxlifetime, + Secure: setting.SessionConfig.Secure, + SameSite: setting.SessionConfig.SameSite, + Domain: setting.SessionConfig.Domain, + }) + + r.Mount("/", web_routers.Routes(sessioner)) + r.Mount("/api/v1", apiv1.Routes(sessioner)) r.Mount("/api/internal", private.Routes()) return r } diff --git a/routers/web/web.go b/routers/web/web.go index 8403084bce..2ba7a44c11 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -39,7 +39,6 @@ import ( _ "code.gitea.io/gitea/modules/session" "gitea.com/go-chi/captcha" - "gitea.com/go-chi/session" "github.com/NYTimes/gziphandler" "github.com/go-chi/chi/middleware" "github.com/go-chi/cors" @@ -71,7 +70,7 @@ func CorsHandler() func(next http.Handler) http.Handler { } // Routes returns all web routes -func Routes() *web.Route { +func Routes(sessioner func(next http.Handler) http.Handler) *web.Route { routes := web.NewRoute() routes.Use(public.AssetsHandler(&public.Options{ @@ -80,17 +79,7 @@ func Routes() *web.Route { CorsHandler: CorsHandler(), })) - routes.Use(session.Sessioner(session.Options{ - Provider: setting.SessionConfig.Provider, - ProviderConfig: setting.SessionConfig.ProviderConfig, - CookieName: setting.SessionConfig.CookieName, - CookiePath: setting.SessionConfig.CookiePath, - Gclifetime: setting.SessionConfig.Gclifetime, - Maxlifetime: setting.SessionConfig.Maxlifetime, - Secure: setting.SessionConfig.Secure, - SameSite: setting.SessionConfig.SameSite, - Domain: setting.SessionConfig.Domain, - })) + routes.Use(sessioner) routes.Use(Recovery())