Use common sessioner for API and web routes (#18114)

* Use common sessioner for API and web routes

Since the regenerate session ID PR some users of the memory session provider have been
reporting difficulties with getting API results.

I am uncertain as to why this is happening - but I think that the sessioner being
created twice may be a potential cause for this. Therefore this PR attempts to move
this out to a common sessioner as it is in 1.16.

Fix #18070

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update routers/init.go
This commit is contained in:
zeripath 2021-12-28 22:15:01 +00:00 committed by GitHub
parent 353d88a42e
commit de3216ee55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 28 deletions

View File

@ -87,7 +87,6 @@ import (
"code.gitea.io/gitea/services/forms" "code.gitea.io/gitea/services/forms"
"gitea.com/go-chi/binding" "gitea.com/go-chi/binding"
"gitea.com/go-chi/session"
"github.com/go-chi/cors" "github.com/go-chi/cors"
) )
@ -547,20 +546,10 @@ func bind(obj interface{}) http.HandlerFunc {
} }
// Routes registers all v1 APIs routes to web application. // Routes registers all v1 APIs routes to web application.
func Routes() *web.Route { func Routes(sessioner func(next http.Handler) http.Handler) *web.Route {
var m = web.NewRoute() var m = web.NewRoute()
m.Use(session.Sessioner(session.Options{ m.Use(sessioner)
Provider: setting.SessionConfig.Provider,
ProviderConfig: setting.SessionConfig.ProviderConfig,
CookieName: setting.SessionConfig.CookieName,
CookiePath: setting.SessionConfig.CookiePath,
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
}))
m.Use(securityHeaders()) m.Use(securityHeaders())
if setting.CORSConfig.Enabled { if setting.CORSConfig.Enabled {
m.Use(cors.Handler(cors.Options{ m.Use(cors.Handler(cors.Options{

View File

@ -40,6 +40,8 @@ import (
pull_service "code.gitea.io/gitea/services/pull" pull_service "code.gitea.io/gitea/services/pull"
"code.gitea.io/gitea/services/repository" "code.gitea.io/gitea/services/repository"
"code.gitea.io/gitea/services/webhook" "code.gitea.io/gitea/services/webhook"
"gitea.com/go-chi/session"
) )
// NewServices init new services // NewServices init new services
@ -144,8 +146,20 @@ func NormalRoutes() *web.Route {
r.Use(middle) r.Use(middle)
} }
r.Mount("/", web_routers.Routes()) sessioner := session.Sessioner(session.Options{
r.Mount("/api/v1", apiv1.Routes()) Provider: setting.SessionConfig.Provider,
ProviderConfig: setting.SessionConfig.ProviderConfig,
CookieName: setting.SessionConfig.CookieName,
CookiePath: setting.SessionConfig.CookiePath,
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
})
r.Mount("/", web_routers.Routes(sessioner))
r.Mount("/api/v1", apiv1.Routes(sessioner))
r.Mount("/api/internal", private.Routes()) r.Mount("/api/internal", private.Routes())
return r return r
} }

View File

@ -39,7 +39,6 @@ import (
_ "code.gitea.io/gitea/modules/session" _ "code.gitea.io/gitea/modules/session"
"gitea.com/go-chi/captcha" "gitea.com/go-chi/captcha"
"gitea.com/go-chi/session"
"github.com/NYTimes/gziphandler" "github.com/NYTimes/gziphandler"
"github.com/go-chi/chi/middleware" "github.com/go-chi/chi/middleware"
"github.com/go-chi/cors" "github.com/go-chi/cors"
@ -71,7 +70,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
} }
// Routes returns all web routes // Routes returns all web routes
func Routes() *web.Route { func Routes(sessioner func(next http.Handler) http.Handler) *web.Route {
routes := web.NewRoute() routes := web.NewRoute()
routes.Use(public.AssetsHandler(&public.Options{ routes.Use(public.AssetsHandler(&public.Options{
@ -80,17 +79,7 @@ func Routes() *web.Route {
CorsHandler: CorsHandler(), CorsHandler: CorsHandler(),
})) }))
routes.Use(session.Sessioner(session.Options{ routes.Use(sessioner)
Provider: setting.SessionConfig.Provider,
ProviderConfig: setting.SessionConfig.ProviderConfig,
CookieName: setting.SessionConfig.CookieName,
CookiePath: setting.SessionConfig.CookiePath,
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
}))
routes.Use(Recovery()) routes.Use(Recovery())