Remove dependent on session auth for api/v1 routers (#19321)
* Remove dependent on session auth for api/v1 routers * Remove unnecessary session on API context * remove missed header * fix test * fix missed api/v1
This commit is contained in:
Lunny Xiao
GitHub
parent
75f8534c3a
commit
3c3d49899f
22 changed files with 219 additions and 161 deletions
|
|
@ -8,7 +8,6 @@ package context
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"html"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
|
@ -20,8 +19,6 @@ import (
|
|||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
auth_service "code.gitea.io/gitea/services/auth"
|
||||
|
||||
"gitea.com/go-chi/session"
|
||||
)
|
||||
|
||||
// APIContext is a specific context for API service
|
||||
|
|
@ -191,17 +188,6 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
|||
}
|
||||
}
|
||||
|
||||
// RequireCSRF requires a validated a CSRF token
|
||||
func (ctx *APIContext) RequireCSRF() {
|
||||
headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())
|
||||
formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())
|
||||
if len(headerToken) > 0 || len(formValueToken) > 0 {
|
||||
Validate(ctx.Context, ctx.csrf)
|
||||
} else {
|
||||
ctx.Context.Error(http.StatusUnauthorized, "Missing CSRF token.")
|
||||
}
|
||||
}
|
||||
|
||||
// CheckForOTP validates OTP
|
||||
func (ctx *APIContext) CheckForOTP() {
|
||||
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
|
||||
|
|
@ -253,17 +239,14 @@ func APIAuth(authMethod auth_service.Method) func(*APIContext) {
|
|||
|
||||
// APIContexter returns apicontext as middleware
|
||||
func APIContexter() func(http.Handler) http.Handler {
|
||||
csrfOpts := getCsrfOpts()
|
||||
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
locale := middleware.Locale(w, req)
|
||||
ctx := APIContext{
|
||||
Context: &Context{
|
||||
Resp: NewResponse(w),
|
||||
Data: map[string]interface{}{},
|
||||
Locale: locale,
|
||||
Session: session.GetSession(req),
|
||||
Resp: NewResponse(w),
|
||||
Data: map[string]interface{}{},
|
||||
Locale: locale,
|
||||
Repo: &Repository{
|
||||
PullRequest: &PullRequest{},
|
||||
},
|
||||
|
|
@ -273,7 +256,6 @@ func APIContexter() func(http.Handler) http.Handler {
|
|||
}
|
||||
|
||||
ctx.Req = WithAPIContext(WithContext(req, ctx.Context), &ctx)
|
||||
ctx.csrf = Csrfer(csrfOpts, ctx.Context)
|
||||
|
||||
// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
|
||||
if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
|
||||
|
|
@ -285,7 +267,6 @@ func APIContexter() func(http.Handler) http.Handler {
|
|||
|
||||
ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
|
||||
|
||||
ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
|
||||
ctx.Data["Context"] = &ctx
|
||||
|
||||
next.ServeHTTP(ctx.Resp, ctx.Req)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue