From ce43d38b4ffa40255cc8f859c5b31f59351f827c Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 8 Jan 2021 20:15:06 +0800 Subject: [PATCH] Fix session bug when introduce chi (#14287) * Update go-chi session --- go.mod | 2 +- go.sum | 4 ++-- routers/routes/chi.go | 16 ++++++++++++++-- routers/routes/recovery.go | 13 +++++++++---- vendor/gitea.com/go-chi/session/session.go | 5 +++-- vendor/modules.txt | 2 +- 6 files changed, 30 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 0d1ebc19154..b736a730230 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.14 require ( code.gitea.io/gitea-vet v0.2.1 code.gitea.io/sdk/gitea v0.13.1 - gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27 + gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee gitea.com/lunny/levelqueue v0.3.0 gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b diff --git a/go.sum b/go.sum index ad51f4c67a8..d90bdc20bb6 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,8 @@ code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFj code.gitea.io/sdk/gitea v0.13.1 h1:Y7bpH2iO6Q0KhhMJfjP/LZ0AmiYITeRQlCD8b0oYqhk= code.gitea.io/sdk/gitea v0.13.1/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27 h1:cdb1OTNXGLwQ55gg+9tIPWufdsnrHWcIq8Qs+j/E8JU= -gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0= +gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee h1:9U6HuKUBt/cGK6T/64dEuz0r7Yp97WAAEJvXHDlY3ws= +gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0= gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I= gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU= gitea.com/lunny/log v0.0.0-20190322053110-01b5df579c4e h1:r1en/D7xJmcY24VkHkjkcJFa+7ZWubVWPBrvsHkmHxk= diff --git a/routers/routes/chi.go b/routers/routes/chi.go index c0ac88957ee..6e609fc2f8b 100644 --- a/routers/routes/chi.go +++ b/routers/routes/chi.go @@ -176,6 +176,10 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor } } +var ( + sessionManager *session.Manager +) + // NewChi creates a chi Router func NewChi() chi.Router { c := chi.NewRouter() @@ -185,7 +189,8 @@ func NewChi() chi.Router { c.Use(LoggerHandler(setting.RouterLogLevel)) } } - c.Use(session.Sessioner(session.Options{ + + var opt = session.Options{ Provider: setting.SessionConfig.Provider, ProviderConfig: setting.SessionConfig.ProviderConfig, CookieName: setting.SessionConfig.CookieName, @@ -194,7 +199,14 @@ func NewChi() chi.Router { Maxlifetime: setting.SessionConfig.Maxlifetime, Secure: setting.SessionConfig.Secure, Domain: setting.SessionConfig.Domain, - })) + } + opt = session.PrepareOptions([]session.Options{opt}) + + var err error + sessionManager, err = session.NewManager(opt.Provider, opt) + if err != nil { + panic(err) + } c.Use(Recovery()) if setting.EnableAccessLog { diff --git a/routers/routes/recovery.go b/routers/routes/recovery.go index cf4b1a8d840..f392d1d5534 100644 --- a/routers/routes/recovery.go +++ b/routers/routes/recovery.go @@ -14,7 +14,6 @@ import ( "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/templates" - "gitea.com/go-chi/session" "github.com/unrolled/render" ) @@ -64,7 +63,13 @@ func Recovery() func(next http.Handler) http.Handler { log.Error("%v", combinedErr) lc := middlewares.Locale(w, req) - sess := session.GetSession(req) + + // TODO: this should be replaced by real session after macaron removed totally + sessionStore, err := sessionManager.Start(w, req) + if err != nil { + // Just invoke the above recover catch + panic("session(start): " + err.Error()) + } var store = dataStore{ Data: templates.Vars{ @@ -75,7 +80,7 @@ func Recovery() func(next http.Handler) http.Handler { } // Get user from session if logged in. - user, _ := sso.SignedInUser(req, w, &store, sess) + user, _ := sso.SignedInUser(req, w, &store, sessionStore) if user != nil { store.Data["IsSigned"] = true store.Data["SignedUser"] = user @@ -92,7 +97,7 @@ func Recovery() func(next http.Handler) http.Handler { if setting.RunMode != "prod" { store.Data["ErrMsg"] = combinedErr } - err := rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data)) + err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data)) if err != nil { log.Error("%v", err) } diff --git a/vendor/gitea.com/go-chi/session/session.go b/vendor/gitea.com/go-chi/session/session.go index 97eb5ad3651..475612ffb10 100644 --- a/vendor/gitea.com/go-chi/session/session.go +++ b/vendor/gitea.com/go-chi/session/session.go @@ -101,7 +101,8 @@ type Options struct { FlashEncryptionKey string } -func prepareOptions(options []Options) Options { +// PrepareOptions gives some default values for options +func PrepareOptions(options []Options) Options { var opt Options if len(options) > 0 { opt = options[0] @@ -231,7 +232,7 @@ func NewCookie(name string, value string, others ...interface{}) *http.Cookie { // Sessioner is a middleware that maps a session.SessionStore service into the Macaron handler chain. // An single variadic session.Options struct can be optionally provided to configure. func Sessioner(options ...Options) func(next http.Handler) http.Handler { - opt := prepareOptions(options) + opt := PrepareOptions(options) manager, err := NewManager(opt.Provider, opt) if err != nil { panic(err) diff --git a/vendor/modules.txt b/vendor/modules.txt index 426b0dc9473..5dffe2e52ee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -7,7 +7,7 @@ code.gitea.io/gitea-vet/checks # code.gitea.io/sdk/gitea v0.13.1 ## explicit code.gitea.io/sdk/gitea -# gitea.com/go-chi/session v0.0.0-20201218134809-7209fa084f27 +# gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee ## explicit gitea.com/go-chi/session gitea.com/go-chi/session/couchbase