forked from Shiloh/githaven
Use common sessioner for API and Web (#17027)
* Use common sessioner for API and Web Instead of creating separate sessioner and doubly initialising the provider just use the same sessioner for the API and Web routes. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
aac7f68af1
commit
a334a95a3c
@ -87,7 +87,6 @@ import (
|
||||
"code.gitea.io/gitea/services/forms"
|
||||
|
||||
"gitea.com/go-chi/binding"
|
||||
"gitea.com/go-chi/session"
|
||||
"github.com/go-chi/cors"
|
||||
)
|
||||
|
||||
@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc {
|
||||
}
|
||||
|
||||
// Routes registers all v1 APIs routes to web application.
|
||||
func Routes() *web.Route {
|
||||
func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
|
||||
var m = web.NewRoute()
|
||||
|
||||
m.Use(session.Sessioner(session.Options{
|
||||
Provider: setting.SessionConfig.Provider,
|
||||
ProviderConfig: setting.SessionConfig.ProviderConfig,
|
||||
CookieName: setting.SessionConfig.CookieName,
|
||||
CookiePath: setting.SessionConfig.CookiePath,
|
||||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
}))
|
||||
m.Use(sessioner)
|
||||
|
||||
m.Use(securityHeaders())
|
||||
if setting.CORSConfig.Enabled {
|
||||
m.Use(cors.Handler(cors.Options{
|
||||
|
@ -41,6 +41,8 @@ import (
|
||||
pull_service "code.gitea.io/gitea/services/pull"
|
||||
"code.gitea.io/gitea/services/repository"
|
||||
"code.gitea.io/gitea/services/webhook"
|
||||
|
||||
"gitea.com/go-chi/session"
|
||||
)
|
||||
|
||||
// NewServices init new services
|
||||
@ -145,8 +147,20 @@ func NormalRoutes() *web.Route {
|
||||
r.Use(middle)
|
||||
}
|
||||
|
||||
r.Mount("/", web_routers.Routes())
|
||||
r.Mount("/api/v1", apiv1.Routes())
|
||||
sessioner := session.Sessioner(session.Options{
|
||||
Provider: setting.SessionConfig.Provider,
|
||||
ProviderConfig: setting.SessionConfig.ProviderConfig,
|
||||
CookieName: setting.SessionConfig.CookieName,
|
||||
CookiePath: setting.SessionConfig.CookiePath,
|
||||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
})
|
||||
|
||||
r.Mount("/", web_routers.Routes(sessioner))
|
||||
r.Mount("/api/v1", apiv1.Routes(sessioner))
|
||||
r.Mount("/api/internal", private.Routes())
|
||||
return r
|
||||
}
|
||||
|
@ -40,7 +40,6 @@ import (
|
||||
_ "code.gitea.io/gitea/modules/session"
|
||||
|
||||
"gitea.com/go-chi/captcha"
|
||||
"gitea.com/go-chi/session"
|
||||
"github.com/NYTimes/gziphandler"
|
||||
"github.com/go-chi/chi/middleware"
|
||||
"github.com/go-chi/cors"
|
||||
@ -72,7 +71,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
|
||||
}
|
||||
|
||||
// Routes returns all web routes
|
||||
func Routes() *web.Route {
|
||||
func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
|
||||
routes := web.NewRoute()
|
||||
|
||||
routes.Use(public.AssetsHandler(&public.Options{
|
||||
@ -81,17 +80,7 @@ func Routes() *web.Route {
|
||||
CorsHandler: CorsHandler(),
|
||||
}))
|
||||
|
||||
routes.Use(session.Sessioner(session.Options{
|
||||
Provider: setting.SessionConfig.Provider,
|
||||
ProviderConfig: setting.SessionConfig.ProviderConfig,
|
||||
CookieName: setting.SessionConfig.CookieName,
|
||||
CookiePath: setting.SessionConfig.CookiePath,
|
||||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
}))
|
||||
routes.Use(sessioner)
|
||||
|
||||
routes.Use(Recovery())
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user