Fix session bug when introduce chi

go-gitea · Jan 8, 2021 · 6f25aac · 6f25aac
1 parent 4614060
commit 6f25aac
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 6 deletions.
diff --git a/routers/routes/chi.go b/routers/routes/chi.go
@@ -176,6 +176,50 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
 	}
 }
 
+var (
+	sessionManager *session.Manager
+)
+
+func prepareOptions(options []session.Options) session.Options {
+	var opt session.Options
+	if len(options) > 0 {
+		opt = options[0]
+	}
+
+	if len(opt.Provider) == 0 {
+		opt.Provider = "memory"
+	}
+	if len(opt.ProviderConfig) == 0 {
+		opt.ProviderConfig = "data/sessions"
+	}
+	if len(opt.CookieName) == 0 {
+		opt.CookieName = "MacaronSession"
+	}
+	if len(opt.CookiePath) == 0 {
+		opt.CookiePath = "/"
+	}
+	if opt.Gclifetime == 0 {
+		opt.Gclifetime = 3600
+	}
+	if opt.Maxlifetime == 0 {
+		opt.Maxlifetime = opt.Gclifetime
+	}
+	if !opt.Secure {
+		opt.Secure = false
+	}
+	if opt.IDLength == 0 {
+		opt.IDLength = 16
+	}
+	if len(opt.FlashEncryptionKey) == 0 {
+		opt.FlashEncryptionKey = ""
+	}
+	if len(opt.FlashEncryptionKey) == 0 {
+		opt.FlashEncryptionKey, _ = session.NewSecret()
+	}
+
+	return opt
+}
+
 // NewChi creates a chi Router
 func NewChi() chi.Router {
 	c := chi.NewRouter()
@@ -185,7 +229,8 @@ func NewChi() chi.Router {
 			c.Use(LoggerHandler(setting.RouterLogLevel))
 		}
 	}
-	c.Use(session.Sessioner(session.Options{
+
+	var opt = session.Options{
 		Provider:       setting.SessionConfig.Provider,
 		ProviderConfig: setting.SessionConfig.ProviderConfig,
 		CookieName:     setting.SessionConfig.CookieName,
@@ -194,7 +239,14 @@ func NewChi() chi.Router {
 		Maxlifetime:    setting.SessionConfig.Maxlifetime,
 		Secure:         setting.SessionConfig.Secure,
 		Domain:         setting.SessionConfig.Domain,
-	}))
+	}
+	opt = prepareOptions([]session.Options{opt})
+
+	var err error
+	sessionManager, err = session.NewManager(opt.Provider, opt)
+	if err != nil {
+		panic(err)
+	}
 
 	c.Use(Recovery())
 	if setting.EnableAccessLog {

diff --git a/routers/routes/recovery.go b/routers/routes/recovery.go
@@ -14,7 +14,6 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 
-	"gitea.com/go-chi/session"
 	"github.com/unrolled/render"
 )
 
@@ -64,7 +63,12 @@ func Recovery() func(next http.Handler) http.Handler {
 					log.Error("%v", combinedErr)
 
 					lc := middlewares.Locale(w, req)
-					sess := session.GetSession(req)
+
+					sessionStore, err := sessionManager.Start(w, req)
+					if err != nil {
+						// Just invoke the above recover catch
+						panic("session(start): " + err.Error())
+					}
 
 					var store = dataStore{
 						Data: templates.Vars{
@@ -75,7 +79,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					}
 
 					// Get user from session if logged in.
-					user, _ := sso.SignedInUser(req, w, &store, sess)
+					user, _ := sso.SignedInUser(req, w, &store, sessionStore)
 					if user != nil {
 						store.Data["IsSigned"] = true
 						store.Data["SignedUser"] = user
@@ -92,7 +96,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					if setting.RunMode != "prod" {
 						store.Data["ErrMsg"] = combinedErr
 					}
-					err := rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
+					err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store.Data))
 					if err != nil {
 						log.Error("%v", err)
 					}