Backport #30584 by @wolfogre Related to #30375. It doesn't make sense to import `modules/web/middleware` and `modules/setting` in `modules/web/session` since the last one is more low-level. And it looks like a workaround to call `DeleteLegacySiteCookie` in `RegenerateSession`, so maybe we could reverse the importing by registering hook functions. Co-authored-by: Jason Song <i@wolfogre.com> (cherry picked from commit 199397a852ec2d45524cefcc3c119fce4710560e)
This commit is contained in:
parent
f31879069f
commit
0412657132
|
@ -6,9 +6,6 @@ package session
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/setting"
|
|
||||||
"code.gitea.io/gitea/modules/web/middleware"
|
|
||||||
|
|
||||||
"gitea.com/go-chi/session"
|
"gitea.com/go-chi/session"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -21,10 +18,12 @@ type Store interface {
|
||||||
|
|
||||||
// RegenerateSession regenerates the underlying session and returns the new store
|
// RegenerateSession regenerates the underlying session and returns the new store
|
||||||
func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
|
func RegenerateSession(resp http.ResponseWriter, req *http.Request) (Store, error) {
|
||||||
// Ensure that a cookie with a trailing slash does not take precedence over
|
for _, f := range BeforeRegenerateSession {
|
||||||
// the cookie written by the middleware.
|
f(resp, req)
|
||||||
middleware.DeleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
|
}
|
||||||
|
|
||||||
s, err := session.RegenerateSession(resp, req)
|
s, err := session.RegenerateSession(resp, req)
|
||||||
return s, err
|
return s, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BeforeRegenerateSession is a list of functions that are called before a session is regenerated.
|
||||||
|
var BeforeRegenerateSession []func(http.ResponseWriter, *http.Request)
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/session"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -48,12 +49,12 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
|
||||||
// Previous versions would use a cookie path with a trailing /.
|
// Previous versions would use a cookie path with a trailing /.
|
||||||
// These are more specific than cookies without a trailing /, so
|
// These are more specific than cookies without a trailing /, so
|
||||||
// we need to delete these if they exist.
|
// we need to delete these if they exist.
|
||||||
DeleteLegacySiteCookie(resp, name)
|
deleteLegacySiteCookie(resp, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeleteLegacySiteCookie deletes the cookie with the given name at the cookie
|
// deleteLegacySiteCookie deletes the cookie with the given name at the cookie
|
||||||
// path with a trailing /, which would unintentionally override the cookie.
|
// path with a trailing /, which would unintentionally override the cookie.
|
||||||
func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {
|
func deleteLegacySiteCookie(resp http.ResponseWriter, name string) {
|
||||||
if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") {
|
if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") {
|
||||||
// If the cookie path ends with /, no legacy cookies will take
|
// If the cookie path ends with /, no legacy cookies will take
|
||||||
// precedence, so do nothing. The exception is that cookies with no
|
// precedence, so do nothing. The exception is that cookies with no
|
||||||
|
@ -74,3 +75,11 @@ func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {
|
||||||
}
|
}
|
||||||
resp.Header().Add("Set-Cookie", cookie.String())
|
resp.Header().Add("Set-Cookie", cookie.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
session.BeforeRegenerateSession = append(session.BeforeRegenerateSession, func(resp http.ResponseWriter, _ *http.Request) {
|
||||||
|
// Ensure that a cookie with a trailing slash does not take precedence over
|
||||||
|
// the cookie written by the middleware.
|
||||||
|
deleteLegacySiteCookie(resp, setting.SessionConfig.CookieName)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue