Fix session bug when introduce chi (#14287)

* Update go-chi session
4 years ago · ce43d38b4f
parent 461406070c
commit ce43d38b4f
6 changed files with 30 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.14
 require (
 	code.gitea.io/gitea-vet v0.2.1
 	code.gitea.io/sdk/gitea v0.13.1
-	gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27
+	gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
 	gitea.com/lunny/levelqueue v0.3.0
 	gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b
 	gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b
--- a/go.sum
+++ b/go.sum
@ -40,8 +40,8 @@ code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFj
 code.gitea.io/sdk/gitea v0.13.1 h1:Y7bpH2iO6Q0KhhMJfjP/LZ0AmiYITeRQlCD8b0oYqhk=
 code.gitea.io/sdk/gitea v0.13.1/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27 h1:cdb1OTNXGLwQ55gg+9tIPWufdsnrHWcIq8Qs+j/E8JU=
-gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0=
+gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee h1:9U6HuKUBt/cGK6T/64dEuz0r7Yp97WAAEJvXHDlY3ws=
+gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0=
 gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I=
 gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/lunny/log v0.0.0-20190322053110-01b5df579c4e h1:r1en/D7xJmcY24VkHkjkcJFa+7ZWubVWPBrvsHkmHxk=
--- a/routers/routes/chi.go
+++ b/routers/routes/chi.go
@ -176,6 +176,10 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
 	}
 }

+var (
+	sessionManager *session.Manager
+)
+
 // NewChi creates a chi Router
 func NewChi() chi.Router {
 	c := chi.NewRouter()
@ -185,7 +189,8 @@ func NewChi() chi.Router {
 			c.Use(LoggerHandler(setting.RouterLogLevel))
 		}
 	}
-	c.Use(session.Sessioner(session.Options{
+
+	var opt = session.Options{
 		Provider:       setting.SessionConfig.Provider,
 		ProviderConfig: setting.SessionConfig.ProviderConfig,
 		CookieName:     setting.SessionConfig.CookieName,
@ -194,7 +199,14 @@ func NewChi() chi.Router {
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
 		Domain:         setting.SessionConfig.Domain,
-	}))
+	}
+	opt = session.PrepareOptions([]session.Options{opt})
+
+	var err error
+	sessionManager, err = session.NewManager(opt.Provider, opt)
+	if err != nil {
+		panic(err)
+	}

 	c.Use(Recovery())
 	if setting.EnableAccessLog {
--- a/routers/routes/recovery.go
+++ b/routers/routes/recovery.go
@ -14,7 +14,6 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"

-	"gitea.com/go-chi/session"
 	"github.com/unrolled/render"
 )

@ -64,7 +63,13 @@ func Recovery() func(next http.Handler) http.Handler {
 					log.Error("%v", combinedErr)

 					lc := middlewares.Locale(w, req)
-					sess := session.GetSession(req)
+
+					// TODO: this should be replaced by real session after macaron removed totally
+					sessionStore, err := sessionManager.Start(w, req)
+					if err != nil {
+						// Just invoke the above recover catch
+						panic("session(start): " + err.Error())
+					}

 					var store = dataStore{
 						Data: templates.Vars{
@ -75,7 +80,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					}

 					// Get user from session if logged in.
-					user, _ := sso.SignedInUser(req, w, &store, sess)
+					user, _ := sso.SignedInUser(req, w, &store, sessionStore)
 					if user != nil {
 						store.Data["IsSigned"] = true
 						store.Data["SignedUser"] = user
@ -92,7 +97,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					if setting.RunMode != "prod" {
 						store.Data["ErrMsg"] = combinedErr
 					}
-					err := rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
+					err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
 					if err != nil {
 						log.Error("%v", err)
 					}
--- a/vendor/gitea.com/go-chi/session/session.go
+++ b/vendor/gitea.com/go-chi/session/session.go
@ -101,7 +101,8 @@ type Options struct {
 	FlashEncryptionKey string
 }

-func prepareOptions(options []Options) Options {
+// PrepareOptions gives some default values for options
+func PrepareOptions(options []Options) Options {
 	var opt Options
 	if len(options) > 0 {
 		opt = options[0]
@ -231,7 +232,7 @@ func NewCookie(name string, value string, others ...interface{}) *http.Cookie {
 // Sessioner is a middleware that maps a session.SessionStore service into the Macaron handler chain.
 // An single variadic session.Options struct can be optionally provided to configure.
 func Sessioner(options ...Options) func(next http.Handler) http.Handler {
-	opt := prepareOptions(options)
+	opt := PrepareOptions(options)
 	manager, err := NewManager(opt.Provider, opt)
 	if err != nil {
 		panic(err)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -7,7 +7,7 @@ code.gitea.io/gitea-vet/checks
 # code.gitea.io/sdk/gitea v0.13.1
 ## explicit
 code.gitea.io/sdk/gitea
-# gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27
+# gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
 ## explicit
 gitea.com/go-chi/session
 gitea.com/go-chi/session/couchbase