Merge pull request #492 from chadoe/suburlcookie

Set cookiepath to AppSubUrl
pull/197/head
无闻 10 years ago
commit d325b23dbb
  1. 7
      cmd/web.go
  2. 2
      modules/middleware/auth.go
  3. 2
      modules/middleware/repo.go
  4. 1
      modules/setting/setting.go
  5. 2
      routers/repo/issue.go
  6. 16
      routers/user/auth.go

@ -97,9 +97,10 @@ func newMacaron() *macaron.Macaron {
Config: *setting.SessionConfig, Config: *setting.SessionConfig,
})) }))
m.Use(csrf.Generate(csrf.Options{ m.Use(csrf.Generate(csrf.Options{
Secret: setting.SecretKey, Secret: setting.SecretKey,
SetCookie: true, SetCookie: true,
Header: "X-Csrf-Token", Header: "X-Csrf-Token",
CookiePath: setting.AppSubUrl,
})) }))
m.Use(toolbox.Toolboxer(m, toolbox.Options{ m.Use(toolbox.Toolboxer(m, toolbox.Options{
HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{ HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{

@ -48,7 +48,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
if strings.HasSuffix(ctx.Req.RequestURI, "watch") { if strings.HasSuffix(ctx.Req.RequestURI, "watch") {
return return
} }
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI)) ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login") ctx.Redirect(setting.AppSubUrl + "/user/login")
return return
} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm { } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {

@ -298,7 +298,7 @@ func RequireTrueOwner() macaron.Handler {
return func(ctx *Context) { return func(ctx *Context) {
if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin { if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin {
if !ctx.IsSigned { if !ctx.IsSigned {
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI)) ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login") ctx.Redirect(setting.AppSubUrl + "/user/login")
return return
} }

@ -380,6 +380,7 @@ func newSessionService() {
SessionConfig = new(session.Config) SessionConfig = new(session.Config)
SessionConfig.ProviderConfig = strings.Trim(Cfg.MustValue("session", "PROVIDER_CONFIG"), "\" ") SessionConfig.ProviderConfig = strings.Trim(Cfg.MustValue("session", "PROVIDER_CONFIG"), "\" ")
SessionConfig.CookieName = Cfg.MustValue("session", "COOKIE_NAME", "i_like_gogits") SessionConfig.CookieName = Cfg.MustValue("session", "COOKIE_NAME", "i_like_gogits")
SessionConfig.CookiePath = AppSubUrl
SessionConfig.Secure = Cfg.MustBool("session", "COOKIE_SECURE") SessionConfig.Secure = Cfg.MustBool("session", "COOKIE_SECURE")
SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true) SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true)
SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400) SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400)

@ -54,7 +54,7 @@ func Issues(ctx *middleware.Context) {
isShowClosed := ctx.Query("state") == "closed" isShowClosed := ctx.Query("state") == "closed"
if viewType != "all" && !ctx.IsSigned { if viewType != "all" && !ctx.IsSigned {
ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI)) ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login") ctx.Redirect(setting.AppSubUrl + "/user/login")
return return
} }

@ -52,8 +52,8 @@ func SignIn(ctx *middleware.Context) {
defer func() { defer func() {
if !isSucceed { if !isSucceed {
log.Trace("auto-login cookie cleared: %s", uname) log.Trace("auto-login cookie cleared: %s", uname)
ctx.SetCookie(setting.CookieUserName, "", -1) ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1) ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
return return
} }
}() }()
@ -77,7 +77,7 @@ func SignIn(ctx *middleware.Context) {
ctx.Session.Set("uid", u.Id) ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name) ctx.Session.Set("uname", u.Name)
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 { if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", "", -1) ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
ctx.Redirect(redirectTo) ctx.Redirect(redirectTo)
return return
} }
@ -113,9 +113,9 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
if form.Remember { if form.Remember {
days := 86400 * setting.LogInRememberDays days := 86400 * setting.LogInRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days) ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
ctx.SetSuperSecureCookie(base.EncodeMd5(u.Rands+u.Passwd), ctx.SetSuperSecureCookie(base.EncodeMd5(u.Rands+u.Passwd),
setting.CookieRememberName, u.Name, days) setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
} }
// Bind with social account. // Bind with social account.
@ -135,7 +135,7 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
ctx.Session.Set("uid", u.Id) ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name) ctx.Session.Set("uname", u.Name)
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 { if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", "", -1) ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
ctx.Redirect(redirectTo) ctx.Redirect(redirectTo)
return return
} }
@ -149,8 +149,8 @@ func SignOut(ctx *middleware.Context) {
ctx.Session.Delete("socialId") ctx.Session.Delete("socialId")
ctx.Session.Delete("socialName") ctx.Session.Delete("socialName")
ctx.Session.Delete("socialEmail") ctx.Session.Delete("socialEmail")
ctx.SetCookie(setting.CookieUserName, "", -1) ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1) ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/") ctx.Redirect(setting.AppSubUrl + "/")
} }

Loading…
Cancel
Save