2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								// Copyright 2019 The Gitea Authors. All rights reserved.  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// Use of this source code is governed by a MIT-style  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								// license that can be found in the LICENSE file.  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								package  setting  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								import  (  
						 
					
						
							
								
									
										
										
										
											2021-03-07 08:12:43 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									"net/http" 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
									"path" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									"path/filepath" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									"strings" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									"code.gitea.io/gitea/modules/log" 
							 
						 
					
						
							
								
									
										
										
										
											2021-03-01 21:08:10 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									jsoniter  "github.com/json-iterator/go" 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								)  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								var  (  
						 
					
						
							
								
									
										
										
										
											2021-07-08 07:38:13 -04:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									// SessionConfig defines Session settings 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									SessionConfig  =  struct  { 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Provider  string 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Provider configuration, it's corresponding to provider. 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										ProviderConfig  string 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Cookie name to save session ID. Default is "MacaronSession". 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										CookieName  string 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Cookie path to store. Default is "/". 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										CookiePath  string 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// GC interval time in seconds. Default is 3600. 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Gclifetime  int64 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Max life time in seconds. Default is whatever GC interval time is. 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Maxlifetime  int64 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Use HTTPS only. Default is false. 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Secure  bool 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										// Cookie domain name. Default is empty. 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Domain  string 
							 
						 
					
						
							
								
									
										
										
										
											2021-03-07 08:12:43 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
										// SameSite declares if your cookie should be restricted to a first-party or same-site context. Valid strings are "none", "lax", "strict". Default is "lax" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										SameSite  http . SameSite 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									} { 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										CookieName :   "i_like_gitea" , 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Gclifetime :   86400 , 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										Maxlifetime :  86400 , 
							 
						 
					
						
							
								
									
										
										
										
											2021-03-07 08:12:43 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
										SameSite :     http . SameSiteLaxMode , 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									} 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								)  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								func  newSessionService ( )  {  
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									sec  :=  Cfg . Section ( "session" ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . Provider  =  sec . Key ( "PROVIDER" ) . In ( "memory" , 
							 
						 
					
						
							
								
									
										
										
										
											2021-02-15 05:33:31 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
										[ ] string { "memory" ,  "file" ,  "redis" ,  "mysql" ,  "postgres" ,  "couchbase" ,  "memcache" ,  "db" } ) 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									SessionConfig . ProviderConfig  =  strings . Trim ( sec . Key ( "PROVIDER_CONFIG" ) . MustString ( path . Join ( AppDataPath ,  "sessions" ) ) ,  "\" " ) 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
									if  SessionConfig . Provider  ==  "file"  &&  ! filepath . IsAbs ( SessionConfig . ProviderConfig )  { 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										SessionConfig . ProviderConfig  =  path . Join ( AppWorkPath ,  SessionConfig . ProviderConfig ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									} 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									SessionConfig . CookieName  =  sec . Key ( "COOKIE_NAME" ) . MustString ( "i_like_gitea" ) 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
									SessionConfig . CookiePath  =  AppSubURL 
							 
						 
					
						
							
								
									
										
										
										
											2020-01-29 15:47:46 +08:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									SessionConfig . Secure  =  sec . Key ( "COOKIE_SECURE" ) . MustBool ( false ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . Gclifetime  =  sec . Key ( "GC_INTERVAL_TIME" ) . MustInt64 ( 86400 ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . Maxlifetime  =  sec . Key ( "SESSION_LIFE_TIME" ) . MustInt64 ( 86400 ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . Domain  =  sec . Key ( "DOMAIN" ) . String ( ) 
							 
						 
					
						
							
								
									
										
										
										
											2021-03-07 08:12:43 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									samesiteString  :=  sec . Key ( "SAME_SITE" ) . In ( "lax" ,  [ ] string { "none" ,  "lax" ,  "strict" } ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									switch  strings . ToLower ( samesiteString )  { 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									case  "none" : 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										SessionConfig . SameSite  =  http . SameSiteNoneMode 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									case  "strict" : 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										SessionConfig . SameSite  =  http . SameSiteStrictMode 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									default : 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										SessionConfig . SameSite  =  http . SameSiteLaxMode 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									} 
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2021-03-01 21:08:10 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									json  :=  jsoniter . ConfigCompatibleWithStandardLibrary 
							 
						 
					
						
							
								
									
										
										
										
											2019-04-20 07:44:50 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
									shadowConfig ,  err  :=  json . Marshal ( SessionConfig ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									if  err  !=  nil  { 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
										log . Fatal ( "Can't shadow session config: %v" ,  err ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									} 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . ProviderConfig  =  string ( shadowConfig ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
									SessionConfig . Provider  =  "VirtualSession" 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2019-02-10 09:37:37 +08:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
									log . Info ( "Session Service Enabled" ) 
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}