davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-05-28 12:00:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor cookie (#24107)

Browse source 
Close #24062

At the beginning, I just wanted to fix the warning mentioned by #24062

But, the cookie code really doesn't look good to me, so clean up them.

Complete the TODO on `SetCookie`: 

> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
This commit is contained in:
wxiaoguang 2023-04-14 03:45:33 +08:00 committed by GitHub
parent b7221bec34
commit 5b9557aef5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 141 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

23
routers/web/auth/auth.go
View file

@ -49,7 +49,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
return false, nil
}
uname := ctx.GetCookie(setting.CookieUserName)
uname := ctx.GetSiteCookie(setting.CookieUserName)
if len(uname) == 0 {
return false, nil
}
@ -58,8 +58,8 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
defer func() {
if !isSucceed {
log.Trace("auto-login cookie cleared: %s", uname)
ctx.DeleteCookie(setting.CookieUserName)
ctx.DeleteCookie(setting.CookieRememberName)
ctx.DeleteSiteCookie(setting.CookieUserName)
ctx.DeleteSiteCookie(setting.CookieRememberName)
}
}()
@ -90,7 +90,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
return false, err
}
middleware.DeleteCSRFCookie(ctx.Resp)
ctx.Csrf.DeleteCookie(ctx)
return true, nil
}
@ -125,7 +125,7 @@ func checkAutoLogin(ctx *context.Context) bool {
if len(redirectTo) > 0 {
middleware.SetRedirectToCookie(ctx.Resp, redirectTo)
} else {
redirectTo = ctx.GetCookie("redirect_to")
redirectTo = ctx.GetSiteCookie("redirect_to")
}
if isSucceed {
@ -291,7 +291,7 @@ func handleSignIn(ctx *context.Context, u *user_model.User, remember bool) {
func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRedirect bool) string {
if remember {
days := 86400 * setting.LogInRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days)
ctx.SetSiteCookie(setting.CookieUserName, u.Name, days)
ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),
setting.CookieRememberName, u.Name, days)
}
@ -330,7 +330,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
}
// Clear whatever CSRF cookie has right now, force to generate a new one
middleware.DeleteCSRFCookie(ctx.Resp)
ctx.Csrf.DeleteCookie(ctx)
// Register last login
u.SetLastLogin()
@ -339,7 +339,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
return setting.AppSubURL + "/"
}
if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) {
middleware.DeleteRedirectToCookie(ctx.Resp)
if obeyRedirect {
ctx.RedirectToFirst(redirectTo)
@ -368,10 +368,9 @@ func getUserName(gothUser *goth.User) string {
func HandleSignOut(ctx *context.Context) {
_ = ctx.Session.Flush()
_ = ctx.Session.Destroy(ctx.Resp, ctx.Req)
ctx.DeleteCookie(setting.CookieUserName)
ctx.DeleteCookie(setting.CookieRememberName)
middleware.DeleteCSRFCookie(ctx.Resp)
middleware.DeleteLocaleCookie(ctx.Resp)
ctx.DeleteSiteCookie(setting.CookieUserName)
ctx.DeleteSiteCookie(setting.CookieRememberName)
ctx.Csrf.DeleteCookie(ctx)
middleware.DeleteRedirectToCookie(ctx.Resp)
}